Symbolic pointer analysis for detecting memory leaks

It is well accepted that pointers are a common source of memory anomalies such as loosing references to dynamic records without deallocating them (also known as memory leaks). This paper presents a novel pointer analysis framework that detects memory leaks by statically analyzing the behavior of programs. Our approach is based on symbolic evaluation of programs. Symbolic evaluation is an advanced static symbolic analysis that is centered around symbolic variable values, assumptions about and constraints between variable values, and control flow information (path conditions). As part of symbolic evaluation we introduce a new symbolic heap algebra for modeling heap operations. Predicates — defined over the program's input — are derived which allow to detect memory leaks. Our approach goes beyond previous work in the field of statically detecting memory leaks by considering also path conditions which increases the accuracy of our results, symbolically modeling heap data structures and heap operations. Examples are used to illustrate the effectiveness of our approach.

[1]  Neil D. Jones,et al.  Flow analysis and optimization of LISP-like structures , 1979, POPL.

[2]  Thomas Fahringer Symbolic analysis techniques for program parallelization , 1998, Future Gener. Comput. Syst..

[3]  Alexandru Nicolau,et al.  Parallelizing Programs with Recursive Data Structures , 1989, IEEE Trans. Parallel Distributed Syst..

[4]  Laurie J. Hendren,et al.  Putting pointer analysis to work , 1998, POPL '98.

[5]  GhiyaRakesh,et al.  Context-sensitive interprocedural points-to analysis in the presence of function pointers , 1994 .

[6]  Nils Klarlund,et al.  Automatic verification of pointer programs using monadic second-order logic , 1997, PLDI '97.

[7]  Monica S. Lam,et al.  Efficient context-sensitive pointer analysis for C programs , 1995, PLDI '95.

[8]  Laurie J. Hendren,et al.  Is it a tree, a DAG, or a cyclic graph? A shape analysis for heap-directed pointers in C , 1996, POPL '96.

[9]  Jong-Deok Choi,et al.  Flow-Insensitive Interprocedural Alias Analysis in the Presence of Pointers , 1994, LCPC.

[10]  Thomas Fahringer,et al.  A Uniied Symbolic Evaluation Framework for Parallelizing Compilers , 1999 .

[11]  Johann Blieberger,et al.  Interprocedural Symbolic Evaluation of Ada Programs with Aliases , 1999, Ada-Europe.

[12]  Barbara G. Ryder,et al.  A safe approximate algorithm for interprocedural aliasing , 1992, PLDI '92.

[13]  Reinhard Wilhelm,et al.  Solving shape-analysis problems in languages with destructive updating , 1998, TOPL.

[14]  David E. Evans,et al.  Static detection of dynamic memory errors , 1996, PLDI '96.

[15]  Michael Rodeh,et al.  Detecting memory errors via static pointer analysis , 1998 .

[16]  Pascal Fradet,et al.  Static Detection of Pointer Errors: An Axiomatisation and a Checking Algorithm , 1996, ESOP.

[17]  Robert D. Tennent,et al.  The denotational semantics of programming languages , 1976, CACM.

[18]  Alain Deutsch,et al.  Semantic models and abstract interpretation techniques for inductive data structures and pointers , 1995, PEPM '95.

[19]  Thomas Fahringer,et al.  Symbolic evaluation for parallelizing compilers , 1997, ICS '97.

[20]  Todd M. Austin,et al.  Efficient detection of all pointer and array access errors , 1994, PLDI '94.

[21]  Edsger W. Dijkstra,et al.  A Discipline of Programming , 1976 .