Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 SWAT Memory Leak Detection Matthias Hauswirth. 2 Agenda Approaches to memory leak detection SWAT infrastructure Heap model Staleness predicates Leak.

Published byMaude Nicholson Modified over 9 years ago

Similar presentations

Presentation on theme: "1 SWAT Memory Leak Detection Matthias Hauswirth. 2 Agenda Approaches to memory leak detection SWAT infrastructure Heap model Staleness predicates Leak."— Presentation transcript:

1 1 SWAT Memory Leak Detection Matthias Hauswirth

2 2 Agenda Approaches to memory leak detection SWAT infrastructure Heap model Staleness predicates Leak analysis tool

3 3 Memory Leaks time object1 allocfreeaccess

4 4 Memory Leaks time object1 allocaccess allocfreeaccess shutdown object2

5 5 Memory Leaks time object1 allocaccess allocaccess reachableunreachable allocfreeaccess shutdown object2 object3

6 6 Approaches to Leak Detection Survivors Objects surviving until program termination Unreachables Objects unreachable at snapshot (GC) Stales Objects not recently accessed at snapshot (SWAT)

7 7 Survivors: Guess time o1 o2 startupshutdown o3 o4 o5 leak -

8 8 Survivors: Reality time o1 o2 startupshutdown o3 o4 o5 leak ? leak leak ? leak -

9 9 Unreachables: Guess time o1 o2 startupshutdown o3 o4 o5 leak snapshot - alive -

10 10 Unreachables: Reality time o1 o2 startupshutdown o3 o4 o5 alive ? snapshot leak - alive -

11 11 Stales (SWAT): Guess time o1 o2 startupshutdown o3 o4 o5 leak snapshot leak - - alive

12 12 Stales (SWAT): Reality time o1 o2 startupshutdown o3 o4 o5 snapshot - - alive leak

13 13 SWAT Infrastructure instrument winword.exe winword.swat.exe runswatruntime.dll source info postprocess snapshots statistics view settings

14 14 Instrument proc1 comp1

15 15 Bursty Tracing: Duplicate Basic Blocks proc1prof$proc1 comp1

16 16 Bursty Tracing: Insert Dispatch Checks proc1prof$proc1 comp1

17 17 Instrumentation: Patch Allocations & Frees xallocXallocWrapper comp1swatruntime.dll

18 18 Instrumentation: Instrument Loads & Stores proc1prof$proc1 comp1 RecordReference swatruntime.dll

19 19 Bursty Tracing Dispatch Check DecOrig StayOrig OrigTgt OrigZero DecProf StayProfStartOrigStartProf ProfTgt OrigSrcProfSrc Global Counters: cOrig# of StayOrig cProf# of StayProf cOrig==1 cOrig>1cProf==0cProf==1cProf>1

20 20 Adaptive Bursty Tracing Bursty tracing Sampling rate influences results Rate chosen at runtime Adaptive bursty tracing Different sampling rate by dispatch check point Start at high rate Wait until average gets down to requested rate Start rate, delta & target rate chosen at runtime

21 21 Why Adaptive Bursty Tracing?

22 22 Adaptive Bursty Tracing Dispatch Check DecOrig StayOrig OrigTgt OrigZero DecProf StayProfStartOrigStartProf ProfTgt OrigSrcProfSrc Per-Dispatch Check Counter: cOrig[dcid]# of StayOrig Global Counter: cProf# of StayProf cOrig[dcid]==1 cOrig[dcid]>1cProf==0cProf==1cProf>1 dcid

23 23 Effect of Adaptive Bursty Tracing on Coverage

24 24 SWAT Heap Model Requirements AllocateObject(eip, startAddress, size) FreeObject(eip, startAddress) FindObject(eip, address) GetObjectIterator() Implementations Hash table (address→objectInfo) Hash table (startAddress→objectInfo) Hash table (address→offsetToStartAddress) Address tree

25 25 SWAT Heap Model 0 0 0 0 0 000 0000000 0000100001001100 1 1 1 1 1 111 1111111 Address: 0101 0101

26 26 SWAT Heap Model 0 0 0 0 0 000 0000000 0000100001001100 1 1 1 1 1 111 1111111 8 byte0101

27 27 SWAT Heap Model 0 0 0 0 0 000 0000000 0000100001001100 1 1 1 1 1 111 1111111

28 28 SWAT Heap Model 0 00 000 00000 0000100001001100 1 11 111 11111

29 29 SWAT Heap Model 0 00 000 00000 0000100001001100 1 11 111 11111

30 30 SWAT Heap Model 0 00 00 00 0000100001001100 1 11 11 11

31 31 SWAT Heap Model 0 00 00 00 1 11 11 11 Start address:0101 Size:8 Access count:19 Last access time:19’000’000 Alloc site:EIP 0x400019 Last access site:EIP 0x400190

32 32 SWAT Heap Model Space Overhead Address Tree Nodes 0.03 … 0.35 allocated node bytes / allocated byte Overall 0.12 … 3.4 times the allocated memory Time FindObject(eip, address) Log(addressSpaceSize) --- (32 bits = 32 nodes)

33 33 Evaluation: Time Overhead

34 34 active Staleness Predicates Stale = object not needed anymore Stale, if… Never accessed Idle time > t Idle time > n * active time idle n*active t idle

35 35 Evaluation Inject leaks Randomly, at runtime, decide not to execute a free Variables Sampling rate Adaptive or bursty Predicate Measurement results per snapshot List of objects assumed leaked Some true, some false List of objects assumed alive Some true, some false

36 36 Comparing Predicates

37 37 Comparing Sampling Rates

38 38 Lucky Omission Effect maxIdleTime time [# actual references] Injected Leak Question At time of snapshot, is object a leak? snapshot

39 39 Lucky Omission Effect maxIdleTime Low sampling rate time [# actual references] snapshot

40 40 Lucky Omission Effect maxIdleTime Low sampling rateassumed leaked: true time [# actual references] snapshot

41 41 Lucky Omission Effect maxIdleTime Low sampling rate High sampling rate assumed leaked: true time [# actual references] snapshot

42 42 Lucky Omission Effect maxIdleTime Low sampling rate High sampling rate assumed leaked: true assumed alive: false time [# actual references] snapshot

43 43 Lucky Omission Effect lucky omission window maxIdleTime Low sampling rate High sampling rate assumed leaked: true assumed alive: false time [# actual references] snapshot

44 44 Mitigation of Lucky Omission Effect Reduce chance of leak happening during maxIdleTime snapshotInterval >> maxIdleTime maxIdleTime time [# actual references] maxIdleTime snapshotInterval snapshot

45 45 Practical Sampling Rates & Useful Predicates

46 46 Leak Analysis Tool

47 47 Ranking Sort pairs Old rankings: # of stale objects [currently used] # of stale bytes Drag caused by stale objects (bytes*idle time) New ranking: # of predicates declaring an object stale

48 48 Conclusions Many ways to leak detection Predicting leaks by looking at past events: Important objects might never be used (boxsim) Lots of stale objects might indicate a space- inefficient algorithm Leak Analysis Tool Made it easy to find several statically injected leaks

49 49 Future Work Currently: Store source info compactly (at instrumentation time) Snapshots at runtime don’t use source info Post process snapshots to add source info This week: Rank leaks Update Leak Analysis Tool to use ranking Run new version on winword.exe and mshtml.dll Later: Combine “Unreachables” with “Stales” approach

Download ppt "1 SWAT Memory Leak Detection Matthias Hauswirth. 2 Agenda Approaches to memory leak detection SWAT infrastructure Heap model Staleness predicates Leak."

Similar presentations

Background Virtual memory – separation of user logical memory from physical memory. Only part of the program needs to be in memory for execution. Logical.

Background Virtual memory – separation of user logical memory from physical memory. Only part of the program needs to be in memory for execution. Logical.
Paging: Design Issues. Readings r Silbershatz et al: 8.4-8.5, 9.5-9.10.

Paging: Design Issues. Readings r Silbershatz et al: ,
Chapter 4 Memory Management Page Replacement 补充:什么叫页面抖动?

Chapter 4 Memory Management Page Replacement 补充:什么叫页面抖动?
CS4432: Database Systems II Buffer Manager 1. 2 Covered in week 1.

CS4432: Database Systems II Buffer Manager 1. 2 Covered in week 1.
Lecture 10: Heap Management CS 540 GMU Spring 2009.

Lecture 10: Heap Management CS 540 GMU Spring 2009.
Module 10: Virtual Memory Background Demand Paging Performance of Demand Paging Page Replacement Page-Replacement Algorithms Allocation of Frames Thrashing.

Module 10: Virtual Memory Background Demand Paging Performance of Demand Paging Page Replacement Page-Replacement Algorithms Allocation of Frames Thrashing.
Virtual Memory Introduction to Operating Systems: Module 9.

Virtual Memory Introduction to Operating Systems: Module 9.
Lecture 5: Floodfill. Floodfill Overview First assume that there are no walls Give each cell a distance from the goal. The goal has distance 0. Repeat.

Lecture 5: Floodfill. Floodfill Overview First assume that there are no walls Give each cell a distance from the goal. The goal has distance 0. Repeat.
Hastings Purify: Fast Detection of Memory Leaks and Access Errors.

Hastings Purify: Fast Detection of Memory Leaks and Access Errors.
LOW-OVERHEAD MEMORY LEAK DETECTION USING ADAPTIVE STATISTICAL PROFILING WHAT’S THE PROBLEM? CONTRIBUTIONS EVALUATION WEAKNESS AND FUTURE WORKS.

LOW-OVERHEAD MEMORY LEAK DETECTION USING ADAPTIVE STATISTICAL PROFILING WHAT’S THE PROBLEM? CONTRIBUTIONS EVALUATION WEAKNESS AND FUTURE WORKS.
Low-Overhead Memory Leak Detection Using Adaptive Statistical Profiling ZHANG Hansheng 1 Nov 2013.

Low-Overhead Memory Leak Detection Using Adaptive Statistical Profiling ZHANG Hansheng 1 Nov 2013.
CPSC 388 – Compiler Design and Construction

CPSC 388 – Compiler Design and Construction
Memory Management. History Run-time management of dynamic memory is a necessary activity for modern programming languages Lisp of the 1960’s was one of.

Memory Management. History Run-time management of dynamic memory is a necessary activity for modern programming languages Lisp of the 1960’s was one of.
Instructor: Umar KalimNUST Institute of Information Technology Operating Systems Virtual Memory.

Instructor: Umar KalimNUST Institute of Information Technology Operating Systems Virtual Memory.
Memory Allocation. Three kinds of memory Fixed memory Stack memory Heap memory.

Memory Allocation. Three kinds of memory Fixed memory Stack memory Heap memory.
Database Implementation Issues CPSC 315 – Programming Studio Spring 2008 Project 1, Lecture 5 Slides adapted from those used by Jennifer Welch.

Database Implementation Issues CPSC 315 – Programming Studio Spring 2008 Project 1, Lecture 5 Slides adapted from those used by Jennifer Welch.
File System Implementation CSCI 444/544 Operating Systems Fall 2008.

File System Implementation CSCI 444/544 Operating Systems Fall 2008.
Multiprocessing Memory Management

Multiprocessing Memory Management
Virtual Memory Management B.Ramamurthy. Paging (2) The relation between virtual addresses and physical memory addres- ses given by page table.

Virtual Memory Management B.Ramamurthy. Paging (2) The relation between virtual addresses and physical memory addres- ses given by page table.
Operating Systems (CSCI2413) Lecture 3 Processes phones off (please)

Operating Systems (CSCI2413) Lecture 3 Processes phones off (please)

Similar presentations

Ads by Google