PCA: memory leak detection using partial call-path analysis

Data dependence analysis underlies various applications in software quality assurance, yet existing frameworks/tools for this analysis commonly suffer scalability challenges. We present PCA, a static interprocedural data dependence analyzer for real-world C programs. PCA performs interprocedural points-to and data-flow analyses with a lightweight design. Most of all, it features a partial call-path (PCA) analysis that consists of optimization options to further speed up data dependence computation. As an example application of it, PCA readily supports memory leak detection, for which it helps achieve close or better performance and precision relative to the same application based on a state-of-the-art value flow analysis. In particular, it found four more memory leaks in an industry-scale system which have been fixed by the developers. Through the data dependence it computes, PCA can enable other applications (e.g., impact analysis and taint analysis).

[1]  Thomas W. Reps,et al.  Precise Interprocedural Dataflow Analysis with Applications to Constant Propagation , 1995, TAPSOFT.

[2]  Raúl A. Santelices,et al.  Abstracting Program Dependencies Using the Method Dependence Graph , 2015, 2015 IEEE International Conference on Software Quality, Reliability and Security.

[3]  Vikram S. Adve,et al.  LLVM: a compilation framework for lifelong program analysis & transformation , 2004, International Symposium on Code Generation and Optimization, 2004. CGO 2004..

[4]  Haipeng Cai Hybrid Program Dependence Approximation for Effective Dynamic Impact Prediction , 2018, IEEE Transactions on Software Engineering.

[5]  Douglas Thain,et al.  DiaPro: Unifying Dynamic Impact Analyses for Improved and Variable Cost-Effectiveness , 2016, TSEM.

[6]  David W. Binkley,et al.  Interprocedural slicing using dependence graphs , 1990, TOPL.

[7]  Jingling Xue,et al.  SVF: interprocedural static value-flow analysis in LLVM , 2016, CC.

[8]  Raúl A. Santelices,et al.  Prioritizing Change-Impact Analysis via Semantic Program-Dependence Quantification , 2016, IEEE Transactions on Reliability.

[9]  Rongxin Wu,et al.  Pinpoint: fast and precise sparse value flow analysis for million lines of code , 2018, PLDI.

[10]  Rongxin Wu,et al.  SMOKE: Scalable Path-Sensitive Memory Leak Detection for Millions of Lines of Code , 2019, 2019 IEEE/ACM 41st International Conference on Software Engineering (ICSE).

[11]  Jingling Xue,et al.  Detecting Memory Leaks Statically with Full-Sparse Value-Flow Analysis , 2014, IEEE Transactions on Software Engineering.

[12]  Ben Hermann,et al.  PhASAR: An Inter-procedural Static Analysis Framework for C/C++ , 2019, TACAS.

[13]  Ben Hardekopf,et al.  The ant and the grasshopper: fast and accurate pointer analysis for millions of lines of code , 2007, PLDI '07.

[14]  Alexander Aiken,et al.  Saturn: A SAT-Based Tool for Bug Detection , 2005, CAV.

[15]  Lars Ole Andersen,et al.  Program Analysis and Specialization for the C Programming Language , 2005 .

[16]  Andy B. Yoo,et al.  Approved for Public Release; Further Dissemination Unlimited X-ray Pulse Compression Using Strained Crystals X-ray Pulse Compression Using Strained Crystals , 2002 .

[17]  Ben Hardekopf,et al.  Flow-sensitive pointer analysis for millions of lines of code , 2011, International Symposium on Code Generation and Optimization (CGO 2011).