| C/C++程序静态内存泄漏警报自动确认方法 |
| |
| 引用本文: | 李筱,周严,李孟宸,陈园军,XU Guo-Qing,王林章,李宣东.C/C++程序静态内存泄漏警报自动确认方法[J].软件学报,2017,28(4):827-844. |
| |
| 作者姓名: | 李筱 周严 李孟宸 陈园军 XU Guo-Qing 王林章 李宣东 |
| |
| 作者单位: | 计算机软件新技术国家重点实验室(南京大学), 江苏 南京 210023;南京大学 计算机科学与技术系, 南京 210023,计算机软件新技术国家重点实验室(南京大学), 江苏 南京 210023;南京大学 计算机科学与技术系, 南京 210023,计算机软件新技术国家重点实验室(南京大学), 江苏 南京 210023;南京大学 计算机科学与技术系, 南京 210023,计算机软件新技术国家重点实验室(南京大学), 江苏 南京 210023;南京大学 计算机科学与技术系, 南京 210023,Department of Computer Science, University of California, Irvine, US,计算机软件新技术国家重点实验室(南京大学), 江苏 南京 210023;南京大学 计算机科学与技术系, 南京 210023,计算机软件新技术国家重点实验室(南京大学), 江苏 南京 210023;南京大学 计算机科学与技术系, 南京 210023 |
| |
| 基金项目: | 国家自然科学基金(61472179,61572249,61632015,61561146394);国家重点研发计划项目课题(2016YFB1000802) |
| |
| 摘 要: | 内存泄漏是C/C++程序的一种常见的、难以发现的缺陷,一直困扰着软件开发者,尤其是针对长时间运行的程序或者系统软件,内存泄漏的后果十分严重.针对内存泄漏的检测,目前主要有静态分析和动态测试两种方法.动态测试实际运行程序,具有较大开销,同时依赖测试用例的质量;静态分析技术及自动化工具已经被学术界和工业界广泛运用于内存泄漏缺陷检测中,然而由于静态分析采取了保守的策略,其结果往往包含数量巨大的误报,需要通过进一步人工确认来甄别误报,但人工确认静态分析的结果耗时且容易出错,严重限制了静态分析技术的实用性.本文提出了一种基于混合执行测试的静态内存泄漏警报的自动化确认方法.首先,针对静态分析报告的目标程序中内存泄漏的静态警报,对目标程序进行控制流分析,并计算警报的可达性,形成制导信息;其次,基于警报制导信息对目标程序进行混合执行测试;最后,在混合执行测试过程中,监控追踪内存对象的状态,判定内存泄漏是否发生,对静态警报进行动态确认并分类.实验结果表明该方法可以对静态内存泄漏警报进行有效的分类,显著降低了人工确认的工作量.实验详情参见:http://ssthappy.github.io/memleak/.
|
| 关 键 词: | 内存泄漏 静态分析 警报 混合执行测试 确认 分类 |
| 收稿时间: | 2016/1/15 0:00:00 |
| 修稿时间: | 2016/5/6 0:00:00 |
Automatically Validating Static Memory Leak Warnings for C/C++ Programs |
| |
| LI Xiao,ZHOU Yan,LI Meng-Chen,CHEN Yuan-Jun,XU Guo-Qing,WANG Lin-Zhang and LI Xuan-Dong.Automatically Validating Static Memory Leak Warnings for C/C++ Programs[J].Journal of Software,2017,28(4):827-844. |
| |
| Authors: | LI Xiao ZHOU Yan LI Meng-Chen CHEN Yuan-Jun XU Guo-Qing WANG Lin-Zhang and LI Xuan-Dong |
| |
| Affiliation: | State Key Laboratory for Novel Software Technology(Nanjing University), Nanjing 210023, China;Department of Computer Science and Technology, Nanjing University, Nanjing 210023, China,State Key Laboratory for Novel Software Technology(Nanjing University), Nanjing 210023, China;Department of Computer Science and Technology, Nanjing University, Nanjing 210023, China,State Key Laboratory for Novel Software Technology(Nanjing University), Nanjing 210023, China;Department of Computer Science and Technology, Nanjing University, Nanjing 210023, China,State Key Laboratory for Novel Software Technology(Nanjing University), Nanjing 210023, China;Department of Computer Science and Technology, Nanjing University, Nanjing 210023, China,Department of Computer Science, University of California, Irvine, US,State Key Laboratory for Novel Software Technology(Nanjing University), Nanjing 210023, China;Department of Computer Science and Technology, Nanjing University, Nanjing 210023, China and State Key Laboratory for Novel Software Technology(Nanjing University), Nanjing 210023, China;Department of Computer Science and Technology, Nanjing University, Nanjing 210023, China |
| |
| Abstract: | Memory leak is a very common bug for C/C++ programs, which has perplexed software developers for a long time because of imperceptibility, and memory leak can do serious harm especially for long-run program or system software. Aiming at this problem, both static and dynamic program analysis techniques have been attempted to find the bug. Dynamic program analysis technique detects memory leak by running the program, which has huge overhead and depends on the quality of test cases. Static analysis technology and automatic tools are widely used in the work of detecting memory leaks among academic community and industrial community. Since it uses conservative algorithm, it is able to detect a lot of defects as well as increase the false positives, which needs manual confirmation. However, manual confirmation is time-consuming and error prone, which limits the practicability of the technology. In this paper, we propose a novel method to automatically validate static memory leak warnings based on concolic testing. First depending on the memory leak warnings given by static analysis report, we analyze the control flow of the target program and calculate the reachability of the target path, then we use the path information to guide the concolic testing and execute program in the particular path, finally we validate the static warnings by tracking memory object during execution. Experimental results show that this method can effectively classify static warnings, significantly reduce the workload of manual validation. |
| |
| Keywords: | memory leak static analysis warning concolic testing validation classification |
|
| 点击此处可从《软件学报》浏览原始摘要信息 |
|
点击此处可从《软件学报》下载全文 |
|
