Precise Detection of Memory Leaks Jonas Maebe, Michiel Ronsse, Koen De Bosschere WODA2004 25 May 2004 Dammit, Jim. I’m an Eiffel Tower, not a Star Trek.

Slides:

Advertisements

Similar presentations

Stacks, Queues, and Linked Lists

Advertisements

Dynamic memory allocation

Dynamic Memory Management

Dynamic Memory Allocation (also see pointers lectures) -L. Grewe.

David Notkin Autumn 2009 CSE303 Lecture 13 This space for rent.

Dynamic allocation and deallocation of memory: Chapter 4, Slide 1.

Lecture 10: Heap Management CS 540 GMU Spring 2009.

CS-1030 Dr. Mark L. Hornick 1 Pointers And Dynamic Memory.

Prof. Necula CS 164 Lecture 141 Run-time Environments Lecture 8.

Compiler construction in4020 – lecture 12 Koen Langendoen Delft University of Technology The Netherlands.

Managing Memory Static and Dynamic Memory Type Casts Allocating Arrays of Dynamic Size Resizing Block of Memory Returning Memory from a Function Avoiding.

Managing Memory DCT 1063 PROGRAMMING 2 Mohd Nazri Bin Ibrahim Faculty of Computer, Media & Technology TATi University College

Agenda  Review: pointer & array  Relationship between pointer & array  Dynamic memory allocation.

Pointer applications. Arrays and pointers Name of an array is a pointer constant to the first element whose value cannot be changed Address and name refer.

Hastings Purify: Fast Detection of Memory Leaks and Access Errors.

An efficient data race detector for DIOTA Michiel Ronsse, Bastiaan Stougie, Jonas Maebe, Frank Cornelis, Koen De Bosschere Department of Electronics and.

CS 326 Programming Languages, Concepts and Implementation Instructor: Mircea Nicolescu Lecture 18.

CPSC 388 – Compiler Design and Construction

Chapter 8 Runtime Support. How program structures are implemented in a computer memory? The evolution of programming language design has led to the creation.

1 Day 03 Introduction to C. 2 Memory layout and addresses r s int x = 5, y = 10; float f = 12.5, g = 9.8; char c = ‘r’, d = ‘s’;

CS 536 Spring Run-time organization Lecture 19.

CS510 Advanced OS Seminar Class 10 A Methodology for Implementing Highly Concurrent Data Objects by Maurice Herlihy.

1 CSE 303 Lecture 11 Heap memory allocation ( malloc, free ) reading: Programming in C Ch. 11, 17 slides created by Marty Stepp

1 Pointers, Dynamic Data, and Reference Types Review on Pointers Reference Variables Dynamic Memory Allocation –The new operator –The delete operator –Dynamic.

Pointers Applications

U NIVERSITY OF M ASSACHUSETTS A MHERST Department of Computer Science 2006 Exterminator: Automatically Correcting Memory Errors Gene Novark, Emery Berger.

File Implementation. File System Abstraction How to Organize Files on Disk Goals: –Maximize sequential performance –Easy random access to file –Easy.

Dynamic Memory Allocation Questions answered in this lecture: When is a stack appropriate? When is a heap? What are best-fit, first-fit, worst-fit, and.

CS 11 C track: lecture 5 Last week: pointers This week: Pointer arithmetic Arrays and pointers Dynamic memory allocation The stack and the heap.

EE4E. C++ Programming Lecture 1 From C to C++. Contents Introduction Introduction Variables Variables Pointers and references Pointers and references.

1 MT258 Computer Programming and Problem Solving Unit 7.

Chapter 3.5 Memory and I/O Systems. 2 Memory Management Memory problems are one of the leading causes of bugs in programs (60-80%) MUCH worse in languages.

Storage Management. The stack and the heap Dynamic storage allocation refers to allocating space for variables at run time Most modern languages support.

1 Data Structures - CSCI 102 CS102 C++ Pointers & Dynamic Objects Prof Tejada.

Pointers OVERVIEW.

1 C++ Classes and Data Structures Jeffrey S. Childs Chapter 4 Pointers and Dynamic Arrays Jeffrey S. Childs Clarion University of PA © 2008, Prentice Hall.

C Programming Day 4. 2 Copyright © 2005, Infosys Technologies Ltd ER/CORP/CRS/LA07/003 Version No. 1.0 More on Pointers Constant Pointers Two ways to.

CSCI Rational Purify 1 Rational Purify Overview Michel Izygon - Jim Helm.

+ Dynamic memory allocation. + Introduction We often face situations in programming where the data is dynamics in nature. Consider a list of customers.

1 Lecture07: Memory Model 5/2/2012 Slides modified from Yin Lou, Cornell CS2022: Introduction to C.

CMSC 202 Advanced Section Classes and Objects: Object Creation and Constructors.

CSE 351 Dynamic Memory Allocation 1. Dynamic Memory Dynamic memory is memory that is “requested” at runtime Solves two fundamental dilemmas: How can.

CS 241 Discussion Section (02/02/2012). MP2 Overview  Task is simple  Reimplement malloc(), calloc(), realloc() and free()  A contest will be running.

GC Assertions: Using the Garbage Collector To Check Heap Properties Samuel Z. Guyer Tufts University Edward Aftandilian Tufts University.

CSE 333 – SECTION 2 Memory Management. Questions, Comments, Concerns Do you have any? Exercises going ok? Lectures make sense? Homework 1 – START EARLY!

CSE 220 – C Programming malloc, calloc, realloc.

Dynamic Allocation in C

YAHMD - Yet Another Heap Memory Debugger

Day 03 Introduction to C.

Data Structure Interview Question and Answers

Valgrind Overview What is Valgrind?

Pointers and dynamic memory

Storage Management.

Data Structures Interview / VIVA Questions and Answers

Day 03 Introduction to C.

Dynamic Memory Allocation

Circular Buffers, Linked Lists

Smart Pointers.

Review & Lab assignments

Pointers and dynamic memory

Pointers The C programming language gives us the ability to directly manipulate the contents of memory addresses via pointers. Unfortunately, this power.

Dynamic Memory A whole heap of fun….

C Programming Lecture-8 Pointers and Memory Management

Chapter 10-1: Dynamic Memory Allocation

COP 3330 Object-oriented Programming in C++

Valgrind Overview What is Valgrind?

Dynamic Memory – A Review

Automating Memory Management

Presentation transcript:

Precise Detection of Memory Leaks Jonas Maebe, Michiel Ronsse, Koen De Bosschere WODA May 2004 Dammit, Jim. I’m an Eiffel Tower, not a Star Trek logo

Memory leaks What –Allocating memory without releasing later Why bad –Reduce performance –May cause crashes How to solve –Find out where exactly memory is leaked

Overview Kinds of memory leaks Existing tools Our solution False positives Evaluation Future Work

Physical Leaks What –Last pointer to a block of memory is destroyed Causes –Pointer overwrite –Free block containing pointer –Stack shrinks

Physical Leaks (2) Important information: –Allocation site of block –Location where last pointer is lost –Assignment location of last pointer

Logical Leaks What –Reachable pointer available, but block never freed Important information –Allocation site of block –Where are these pointers?

Existing Tools Most: where was leaked block allocated –Pro: simple, very fast –Con: may not be enough information Insure++: also where last pointer lost –Pro: more information for physical leaks –Con: not more info for logical leaks, source code instrumentation, no description of technique, expensive

Our solution Keep track of allocated blocks 1 Principle of “dynamic instrumentation” covered by EU software patent AT&T Use dynamic instrumentation 1 to detect all references to memory blocks (DIOTA) Physical leak: reference count of block becomes zero Logical leak: unfreed blocks which are not physical leaks

DIOTA Generated code (clone) Original program Stack (shared) Push target Jmp DIOTA heap DIOTA principle To configure: Use “backends” Here: Memory instrumentation Replace calls to memory management functions

Overview Leak Detection Memory Blocks BlockInfo1 BlockInfo4 References Tree: Random and sequential access First element (stack) LeakInfo1 Leaks Hashtable: Only random access necessary

void *a = malloc(32); Allocations Memory Blocks BlockInfo1 References Leaks Reserved blocks: Intercept memory management functions Have reference count

References Memory Blocks BlockInfo1 References Leaks void *a = malloc(32); Reference Detection: Results of stores Begin addresses of blocks

Leaks Memory Blocks Blockinfo1 References LeakInfo1 Leaks void *a = malloc(32); a = NULL;

Stale References Memory Blocks BlockInfo1 References Leaks void *a = malloc(32); free(a); a = NULL; !!! Two possibilities: Search all references and destroy them Make sure we can detect that block has been freed

Stale References (2) All BlockInfo’s get a unique ID References get copy of ID When freeing a block, give it a new ID BlockInfo’s come from dedicated pool  Can be reused as soon as block is freed  Direct pointer to BlockInfo from Reference

False Positives Memory Blocks Blockinfo1 References L1 Leaks void *a = malloc(32); a += 2*sizeof(void*);... void *b = a-2*sizeof(void*);... Need way to detect that leak info is out of date

False Positives (2) Every memory block gets a usecount usecount is increased at stores current usecount is copied to leakinfo Delay reporting of leaks: –BlockID’s don’t match: block freed –usecounts don’t match: block still addressed later

Other issues C++: pointers to BlockStart+sizeof(void*) False negatives (random value == ptr) Circular structures

Evaluation Slowdown: times in real world programs Example bug found using implementation: 1 for(int i=0;i<exp+1;i++) { set > new_terms = find_terms(...); // fix memory leak found by DIOTA value_clear(result->arr[i].d); 5 value_clear(result->arr[i].x.n); result->arr[i] = translate_one_term(...); }

Future work Report information about logical memory leaks Detect usage of stale pointers Speed up implementation: –“Post-write” memory instrumentation –Stack change interception

Questions?