1 SWAT Memory Leak Detection Matthias Hauswirth. 2 Agenda Approaches to memory leak detection SWAT infrastructure Heap model Staleness predicates Leak.

Slides:



Advertisements
Similar presentations
Background Virtual memory – separation of user logical memory from physical memory. Only part of the program needs to be in memory for execution. Logical.
Advertisements

Paging: Design Issues. Readings r Silbershatz et al: ,
Chapter 4 Memory Management Page Replacement 补充:什么叫页面抖动?
CS4432: Database Systems II Buffer Manager 1. 2 Covered in week 1.
Lecture 10: Heap Management CS 540 GMU Spring 2009.
Module 10: Virtual Memory Background Demand Paging Performance of Demand Paging Page Replacement Page-Replacement Algorithms Allocation of Frames Thrashing.
Virtual Memory Introduction to Operating Systems: Module 9.
Lecture 5: Floodfill. Floodfill Overview First assume that there are no walls Give each cell a distance from the goal. The goal has distance 0. Repeat.
Hastings Purify: Fast Detection of Memory Leaks and Access Errors.
LOW-OVERHEAD MEMORY LEAK DETECTION USING ADAPTIVE STATISTICAL PROFILING WHAT’S THE PROBLEM? CONTRIBUTIONS EVALUATION WEAKNESS AND FUTURE WORKS.
Low-Overhead Memory Leak Detection Using Adaptive Statistical Profiling ZHANG Hansheng 1 Nov 2013.
CPSC 388 – Compiler Design and Construction
Memory Management. History Run-time management of dynamic memory is a necessary activity for modern programming languages Lisp of the 1960’s was one of.
Instructor: Umar KalimNUST Institute of Information Technology Operating Systems Virtual Memory.
Memory Allocation. Three kinds of memory Fixed memory Stack memory Heap memory.
Database Implementation Issues CPSC 315 – Programming Studio Spring 2008 Project 1, Lecture 5 Slides adapted from those used by Jennifer Welch.
File System Implementation CSCI 444/544 Operating Systems Fall 2008.
Multiprocessing Memory Management
Virtual Memory Management B.Ramamurthy. Paging (2) The relation between virtual addresses and physical memory addres- ses given by page table.
Operating Systems (CSCI2413) Lecture 3 Processes phones off (please)
Memory Management Last Update: July 31, 2014 Memory Management1.
Memory Allocation CS Introduction to Operating Systems.
Memory Management ◦ Operating Systems ◦ CS550. Paging and Segmentation  Non-contiguous memory allocation  Fragmentation is a serious problem with contiguous.
Virtual Memory Chantha Thoeun. Overview  Purpose:  Use the hard disk as an extension of RAM.  Increase the available address space of a process. 
Real-Time Concepts for Embedded Systems Author: Qing Li with Caroline Yao ISBN: CMPBooks.
1 File Systems Chapter Files 6.2 Directories 6.3 File system implementation 6.4 Example file systems.
Modularizing B+-trees: Three-Level B+-trees Work Fine Shigero Sasaki* and Takuya Araki NEC Corporation * currently with 1st Nexpire Inc.
Experiments & Statistics. Experiment Design Playtesting Experiments don’t have to be “big”--many game design experiments take only 30 minutes to design.
Lecture 2 Process Concepts, Performance Measures and Evaluation Techniques.
File System Implementation Chapter 12. File system Organization Application programs Application programs Logical file system Logical file system manages.
Eraser: A Dynamic Data Race Detector for Multithreaded Programs STEFAN SAVAGE, MICHAEL BURROWS, GREG NELSON, PATRICK SOBALVARRO, and THOMAS ANDERSON Ethan.
Problem of the Day  Why are manhole covers round?
Pointers OVERVIEW.
Current Assignments Homework 2 is available and is due in three days (June 19th). Project 1 due in 6 days (June 23 rd ) Write a binomial root solver using.
Dynamic Memory Allocation. Domain A subset of the total domain name space. A domain represents a level of the hierarchy in the Domain Name Space, and.
Memory Management during Run Generation in External Sorting – Larson & Graefe.
Cooperative Concurrency Bug Isolation Guoliang Jin, Aditya Thakur, Ben Liblit, Shan Lu University of Wisconsin–Madison Instrumentation and Sampling Strategies.
CSCI Rational Purify 1 Rational Purify Overview Michel Izygon - Jim Helm.
Lecture by: Prof. Pooja Vaishnav.  Language Processor implementations are highly influenced by the kind of storage structure used for program variables.
CPS110: Page replacement Landon Cox. Replacement  Think of physical memory as a cache  What happens on a cache miss?  Page fault  Must decide what.
CS307 Operating Systems Virtual Memory Fan Wu Department of Computer Science and Engineering Shanghai Jiao Tong University Spring 2012.
Copyright ©: Nahrstedt, Angrave, Abdelzaher, Caccamo 1 Memory management & paging.
Memory Management OS Fazal Rehman Shamil. swapping Swapping concept comes in terms of process scheduling. Swapping is basically implemented by Medium.
CSCI 156: Lab 11 Paging. Our Simple Architecture Logical memory space for a process consists of 16 pages of 4k bytes each. Your program thinks it has.
Slides created by: Professor Ian G. Harris Operating Systems  Allow the processor to perform several tasks at virtually the same time Ex. Web Controlled.
COMP091 – Operating Systems 1 Memory Management. Memory Management Terms Physical address –Actual address as seen by memory unit Logical address –Address.
GC Assertions: Using the Garbage Collector To Check Heap Properties Samuel Z. Guyer Tufts University Edward Aftandilian Tufts University.
Beyond Application Profiling to System Aware Analysis Elena Laskavaia, QNX Bill Graham, QNX.
Page Replacement FIFO, LIFO, LRU, NUR, Second chance
Eliminating External Fragmentation in a Non-Moving Garbage Collector for Java Author: Fridtjof Siebert, CASES 2000 Michael Sallas Object-Oriented Languages.
Storage Management Different-sized Items. Light blue indicates allocated items Heap Memory with Different-sized Items.
Memory Management 5/11/2018 9:49 PM
Dynamic Memory Allocation
Concepts of programming languages
Cse 373 April 24th – Hashing.
Module 9: Virtual Memory
Data Structures and Analysis (COMP 410)
CS Introduction to Operating Systems
Chapter 9: Virtual-Memory Management
Database Implementation Issues
Page Replacement.
5: Virtual Memory Background Demand Paging
Introduction to Database Systems
DATABASE IMPLEMENTATION ISSUES
Database Implementation Issues
Module 9: Virtual Memory
COMP755 Advanced Operating Systems
Dynamic Binary Translators and Instrumenters
Database Implementation Issues
Run-time environments
Presentation transcript:

1 SWAT Memory Leak Detection Matthias Hauswirth

2 Agenda Approaches to memory leak detection SWAT infrastructure Heap model Staleness predicates Leak analysis tool

3 Memory Leaks time object1 allocfreeaccess

4 Memory Leaks time object1 allocaccess allocfreeaccess shutdown object2

5 Memory Leaks time object1 allocaccess allocaccess reachableunreachable allocfreeaccess shutdown object2 object3

6 Approaches to Leak Detection Survivors Objects surviving until program termination Unreachables Objects unreachable at snapshot (GC) Stales Objects not recently accessed at snapshot (SWAT)

7 Survivors: Guess time o1 o2 startupshutdown o3 o4 o5 leak -

8 Survivors: Reality time o1 o2 startupshutdown o3 o4 o5 leak ? leak leak ? leak -

9 Unreachables: Guess time o1 o2 startupshutdown o3 o4 o5 leak snapshot - alive -

10 Unreachables: Reality time o1 o2 startupshutdown o3 o4 o5 alive ? snapshot leak - alive -

11 Stales (SWAT): Guess time o1 o2 startupshutdown o3 o4 o5 leak snapshot leak - - alive

12 Stales (SWAT): Reality time o1 o2 startupshutdown o3 o4 o5 snapshot - - alive leak

13 SWAT Infrastructure instrument winword.exe winword.swat.exe runswatruntime.dll source info postprocess snapshots statistics view settings

14 Instrument proc1 comp1

15 Bursty Tracing: Duplicate Basic Blocks proc1prof$proc1 comp1

16 Bursty Tracing: Insert Dispatch Checks proc1prof$proc1 comp1

17 Instrumentation: Patch Allocations & Frees xallocXallocWrapper comp1swatruntime.dll

18 Instrumentation: Instrument Loads & Stores proc1prof$proc1 comp1 RecordReference swatruntime.dll

19 Bursty Tracing Dispatch Check DecOrig StayOrig OrigTgt OrigZero DecProf StayProfStartOrigStartProf ProfTgt OrigSrcProfSrc Global Counters: cOrig# of StayOrig cProf# of StayProf cOrig==1 cOrig>1cProf==0cProf==1cProf>1

20 Adaptive Bursty Tracing Bursty tracing Sampling rate influences results Rate chosen at runtime Adaptive bursty tracing Different sampling rate by dispatch check point Start at high rate Wait until average gets down to requested rate Start rate, delta & target rate chosen at runtime

21 Why Adaptive Bursty Tracing?

22 Adaptive Bursty Tracing Dispatch Check DecOrig StayOrig OrigTgt OrigZero DecProf StayProfStartOrigStartProf ProfTgt OrigSrcProfSrc Per-Dispatch Check Counter: cOrig[dcid]# of StayOrig Global Counter: cProf# of StayProf cOrig[dcid]==1 cOrig[dcid]>1cProf==0cProf==1cProf>1 dcid

23 Effect of Adaptive Bursty Tracing on Coverage

24 SWAT Heap Model Requirements AllocateObject(eip, startAddress, size) FreeObject(eip, startAddress) FindObject(eip, address) GetObjectIterator() Implementations Hash table (address→objectInfo) Hash table (startAddress→objectInfo) Hash table (address→offsetToStartAddress) Address tree

25 SWAT Heap Model Address:

26 SWAT Heap Model byte0101

27 SWAT Heap Model

28 SWAT Heap Model

29 SWAT Heap Model

30 SWAT Heap Model

31 SWAT Heap Model Start address:0101 Size:8 Access count:19 Last access time:19’000’000 Alloc site:EIP 0x Last access site:EIP 0x400190

32 SWAT Heap Model Space Overhead Address Tree Nodes 0.03 … 0.35 allocated node bytes / allocated byte Overall 0.12 … 3.4 times the allocated memory Time FindObject(eip, address) Log(addressSpaceSize) --- (32 bits = 32 nodes)

33 Evaluation: Time Overhead

34 active Staleness Predicates Stale = object not needed anymore Stale, if… Never accessed Idle time > t Idle time > n * active time idle n*active t idle

35 Evaluation Inject leaks Randomly, at runtime, decide not to execute a free Variables Sampling rate Adaptive or bursty Predicate Measurement results per snapshot List of objects assumed leaked Some true, some false List of objects assumed alive Some true, some false

36 Comparing Predicates

37 Comparing Sampling Rates

38 Lucky Omission Effect maxIdleTime time [# actual references] Injected Leak Question At time of snapshot, is object a leak? snapshot

39 Lucky Omission Effect maxIdleTime Low sampling rate time [# actual references] snapshot

40 Lucky Omission Effect maxIdleTime Low sampling rateassumed leaked: true time [# actual references] snapshot

41 Lucky Omission Effect maxIdleTime Low sampling rate High sampling rate assumed leaked: true time [# actual references] snapshot

42 Lucky Omission Effect maxIdleTime Low sampling rate High sampling rate assumed leaked: true assumed alive: false time [# actual references] snapshot

43 Lucky Omission Effect lucky omission window maxIdleTime Low sampling rate High sampling rate assumed leaked: true assumed alive: false time [# actual references] snapshot

44 Mitigation of Lucky Omission Effect Reduce chance of leak happening during maxIdleTime snapshotInterval >> maxIdleTime maxIdleTime time [# actual references] maxIdleTime snapshotInterval snapshot

45 Practical Sampling Rates & Useful Predicates

46 Leak Analysis Tool

47 Ranking Sort pairs Old rankings: # of stale objects [currently used] # of stale bytes Drag caused by stale objects (bytes*idle time) New ranking: # of predicates declaring an object stale

48 Conclusions Many ways to leak detection Predicting leaks by looking at past events: Important objects might never be used (boxsim) Lots of stale objects might indicate a space- inefficient algorithm Leak Analysis Tool Made it easy to find several statically injected leaks

49 Future Work Currently: Store source info compactly (at instrumentation time) Snapshots at runtime don’t use source info Post process snapshots to add source info This week: Rank leaks Update Leak Analysis Tool to use ranking Run new version on winword.exe and mshtml.dll Later: Combine “Unreachables” with “Stales” approach

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.