C程序内存泄漏智能化检测方法

内存泄漏在采用显式内存管理机制的C语言中是一种常见的代码缺陷,内存泄漏的检测方法目前主要是静态分析与动态检测.动态检测开销大,且高度依赖测试用例;静态分析目前被学术界和工业界广泛应用,但是存在大量误报,需要人工对检测结果进行确认.内存泄漏静态分析的误报通常是由于对指针、分支语句和全局变量分析的不准确性导致的.提出了一种内存泄漏的智能化检测方法,通过使用机器学习算法学习程序特征与内存泄漏之间的相关性,构建机器学习分类器,并应用机器学习分类器进一步提高内存泄漏静态分析的准确性.首先构建机器学习分类器,然后通过静态分析方法构建从内存分配点开始的Sparse Value Flow Graph（SVFG）,并从中提取内存泄漏相关特征,再使用规则和机器学习分类器进行内存泄漏的检测.实验结果显示,该方法在分析指针、分支语句和全局变量时是有效的,能够提高内存泄漏检测的准确性,降低内存泄漏检测结果的误报.最后,对未来研究的可行性以及面临的挑战进行了展望.     

LeakSpot: detection and diagnosis of memory leaks in JavaScript applications

The migration of application logic to the client side of modern web applications and the use of JavaScript as the main language for client‐side development have made memory leaks in JavaScript an issue for web applications. Client‐side web applications communicate with the server asynchronously, remaining on the same web page during their lifetime. Thus, even minor memory leaks can eventually lead to excessive memory usage, negatively affecting user‐perceived response time and possibly causing page crashes. To detect memory leaks and guide developers in fixing the leaks quickly and easily, this paper introduces LeakSpot, a tool that creates a run‐time heap model by modifying the application code in a browser‐agnostic way to record object allocations, accesses, and references created to objects. LeakSpot reports those allocation sites causing the leaks instead of all the leaky allocation sites. It also identifies the locations in the code where leaked objects are accumulated, for example, the locations where a reference from a data structure is created but forgotten to be removed by the developer. To facilitate debugging and fixing the leaks, for every leaked object, LeakSpot reports all the locations in the code that create a reference to the object. To confirm usefulness and efficacy of LeakSpot experimentally, we have used LeakSpot to find and fix four memory leaks in a JavaScript benchmark suite and in open‐source web applications. LeakSpot is also shown to be effective in pointing out the potential causes of three leaks in large and popular web applications. Copyright © 2016 John Wiley & Sons, Ltd.     

移动应用程序内存泄露机制分析与检测方案设计

Android开发已经成为移动开发热门领域,Android应用程序中内存使用的问题却经常容易被忽视,部分开发者对Java垃圾回收机制认识模糊,使得内存泄漏成为Android应用开发中十分隐秘但又确实存在的应用安全问题,对内存泄漏的危害进行了阐述,并根据与Activity、Service、ContentProvider、Broadcast Receiver等Android组件的相关性归类介绍了一些常见的典型内存泄漏情景,最后分析总结内存泄漏代码特征,并设计一种基于符号执行的内存泄漏静态代码检测方案。     

关于JAVA语言内存泄漏问题的探讨

随着越来越多的服务器程序采用Java技术,例如电信网管系统,服务器程序往往长期运行,因此Java的内存泄漏问题不容忽视。否则即使有少量泄漏,长期运行之后,系统将会面临崩溃的危险。文章通过分析Java内存回收机制的原理和内存泄漏的原因,提出了预防和检测内存泄漏的办法。     

关于JAVA语言内存泄漏问题的探讨

随着越来越多的服务器程序采用Java技术，例如电信网管系统，服务器程序往往长期运行，因此Iava的内存泄漏问题不客忽视。否则即使有少量泄漏，长期运行之后，系统将会面临崩溃的危险。文章通过分析Java内存回收机制的原理和内存泄漏的原因．提出了预防和检测内存泄漏的办法。     

大规模源代码增量式资源泄漏检测方法

资源泄漏是影响软件质量和可靠性的一种重要软件缺陷,存在资源泄漏的程序长时间运行会由于资源耗尽而发生异常甚至崩溃.静态代码分析是进行资源泄漏检测的一种有效的技术手段,能够基于源代码或者二进制代码有效地发现程序中潜在的资源泄漏问题.然而,精确的资源泄漏检测算法的复杂性会随着程序规模的增加呈指数级增长,无法满足生产中即时对缺陷进行分析检测的实际应用需求.面向大规模源代码提出了一种增量式的静态资源泄漏检测方法,该方法支持过程间流敏感的资源泄漏检测,在用户编辑代码的过程中,从变更的函数入手,通过资源闭包、指向分析过滤等多种技术手段缩小资源泄漏检测范围,进而实现了大规模代码的即时缺陷分析与报告.实验结果表明：该方法在保证准确率的前提下,90%的增量检测实验可以在10s内完成,能够满足在用户编辑程序过程中对缺陷进行即时检测和报告的实际应用需求.     

利用虚拟化平台进行内存泄露探测

文中利用虚拟机管理器,透明地记录应用程序对资源的申请、释放以及使用情况,提供了探测内存泄露的辅助信息.此机制首先不需要修改或重新编译源程序;其次,带来的性能损失很小.两者结合可以构建在线内存泄露探测和汇报机制.不仅如此,基于虚拟机环境的内存泄露探测还具备通用性,且不需要特殊的硬件支持.所有这些特性,是已有的解决方案所不能兼有的.实验结果表明:基于虚拟机环境的内存泄露探测机制具有实用性,性能损失也被控制在10%以内,能够运用在实际的生产环境中.     

Memory leak detection in Plumbr

Platforms with automatic memory management, such as the JVM, are usually considered free of memory leaks. However, memory leaks can happen in such environments, as the garbage collector cannot free objects, which are not used by the application anymore, but are still referenced. Such unused objects can eventually fill up the heap and crash the application. Although this problem has been studied extensively, nevertheless, there are still many rooms for improvement in this area. This paper describes the statistical approach for memory leak detection, as an alternative, along with a commercial tool, Plumbr, which is based on the method. The tool is later analyzed with three case studies of real applications and in the process also analyzes strengths and weaknesses of the statistical approach for memory leak detection. Copyright © 2014 John Wiley & Sons, Ltd.     

采用C＋＋代码插装的实时软件内存错误分析

在航天领域中,安全关键的大型实时软件系统往往直接影响到任务成败,一般难以全面检测、分析或避免内存泄漏等常见内存错误。定义了实时软件的12种典型内存故障模式,提出了一种基于C＋＋代码插装的实时软件内存错误快速分析方法。该方法通过对C＋＋源代码进行静态分析,获取指针变量相关信息;通过C＋＋代码插装和运行不同测试用例,实时收集统计C＋＋指针对象的分配、释放、赋值、c-use和p-use使用情况,结合实时软件的典型内存故障模式进行分析,并自动生成详情报告。应用案例表明,该方法能够高效快捷地发现实时软件潜在的典型内存错误,从而有效提高软件质量。     

Memory leak detection in Java: Taxonomy and classification of approaches

Memory leaks are usually not associated with runtime environments with automatic garbage collection; however, memory leaks do happen in such environments and present a challenge to detect and find a root cause. Currently in the industry manual heap dump analysis is the most popular way of finding memory leaks, regardless of the number of automated methods proposed by scientists over the years. However, heap dump analysis alone cannot answer all questions needed to fix the leak effectively. The current paper reviews memory leak detection approaches proposed over the years and classifies them from the point of view of assessed metrics, performance overhead and intrusiveness. In addition, we classify the methods into online, offline and hybrid groups based on their features.     

C/C++程序静态内存泄漏警报自动确认方法

内存泄漏是C/C++程序的一种常见的、难以发现的缺陷,一直困扰着软件开发者,尤其是针对长时间运行的程序或者系统软件,内存泄漏的后果十分严重.针对内存泄漏的检测,目前主要有静态分析和动态测试两种方法.动态测试实际运行程序,具有较大开销,同时依赖测试用例的质量;静态分析技术及自动化工具已经被学术界和工业界广泛运用于内存泄漏缺陷检测中,然而由于静态分析采取了保守的策略,其结果往往包含数量巨大的误报,需要通过进一步人工确认来甄别误报,但人工确认静态分析的结果耗时且容易出错,严重限制了静态分析技术的实用性.本文提出了一种基于混合执行测试的静态内存泄漏警报的自动化确认方法.首先,针对静态分析报告的目标程序中内存泄漏的静态警报,对目标程序进行控制流分析,并计算警报的可达性,形成制导信息;其次,基于警报制导信息对目标程序进行混合执行测试;最后,在混合执行测试过程中,监控追踪内存对象的状态,判定内存泄漏是否发生,对静态警报进行动态确认并分类.实验结果表明该方法可以对静态内存泄漏警报进行有效的分类,显著降低了人工确认的工作量.实验详情参见：http://ssthappy.github.io/memleak/.     

清剿Java程序中的内存泄漏

Java语言的一个显著特点是它通过虚拟机和垃圾回收机制管理着大部分的内存事务,但是在Java程序中还是可能存在内存泄漏问题。文中首先对Java内存泄漏做一个简要的定义,接着围绕一个实例详细地介绍如何用工具检测Java内存泄漏,最后列举了一些典型的泄漏,以便读者在Java程序开发中尽量避免类似的内存泄漏。     

KAL: kernel‐assisted non‐invasive memory leak tolerance with a general‐purpose memory allocator

Memory leaks are a continuing problem in the software developed with programming languages, such as C and C++. A recent approach adopted by some researchers is to tolerate leaks in the software application and to reclaim the leaked memory by use of specially constructed memory allocation routines. However, such routines replace the usual general‐purpose memory allocator and tend to be less efficient in speed and in memory utilization. We propose a new scheme which coexists with the existing memory allocation routines and which reclaims memory leaks. Our scheme identifies and reclaims leaked memory at the kernel level. There are some major advantages to our approach: (1) the application software does not need to be modified; (2) the application does not need to be suspended while leaked memory is reclaimed; (3) a remote host can be used to identify the leaked memory, thus minimizing impact on the application program's performance; and (4) our scheme does not degrade the service availability of the application while detecting and reclaiming memory leaks. We have implemented a prototype that works with the GNU C library and with the Linux kernel. Our prototype has been tested and evaluated with various real‐world applications. Our results show that the computational overhead of our approach is around 2% of that incurred by the conventional memory allocator in terms of throughput and average response time. We also verified that the prototype successfully suppressed address space expansion caused by memory leaks when the applications are run on synthetic workloads. Copyright © 2010 John Wiley & Sons, Ltd.     

一个Windows应用程序的垃圾回收器

为减少长期运行的Windows应用程序持续堆内存泄漏而造成的系统性能损失,设计并实现了一个运行时自动垃圾回收器RT-AGC。RT-AGC采用传统Mark—Sweep算法的一个变种,对回收触发条件进行改进,使其具有更大的灵活性。利用Windows下应用程序的存储结构和系统API函数,通过扫描可能存储指针变量的区域,RT—AGC可以在应用程序运行时检测并处理内存泄漏,而不需要对目标应用程序重新编译或链接。文中描述了所采用的关键算法流程和主要实现技术,并编写了测试程序对RT—AGC的回收效果进行验证。实验证明可以有效地抑制应用程序的内存泄漏。     

Refcount Field Identification for Linux Kernel Based on Deep Learning

Reference counting (refcount) is a common memory management technique in modern software. Refcount errors can often lead to severe memory errors such as memory leak and use-after-free. Many efforts to harden refcount security rely on known refcount fields as their input. However, due to the complexity of software code, identifying refcount fields in source code is very challenging. Traditional methods of identifying refcount fields are mainly based on code pattern matching and have great limitations such as requiring expert experience to summarize code patterns, which is a laborious job. Besides, the manually summarized patterns do not cover all cases, resulting in low recall rate. To address these problems, this paper proposes to characterize a field based on the field name and the code behavior associated with the field and designs a multimodal deep learning based approach. The paper implements a prototype of the new approach for Linux kernel code. In the evaluation, the precision and recall rate achieved by the prototype system are 96.98% and 93.54%, respectively. In contrast, the traditional identification method based on code pattern matching did not report any refcount fields on the testing set. In addition, we identify 61 refcount fields which are implemented with insecure data types in the latest Linux kernel. Until now, we have reported 21 of them to the Linux community, of which six have been confirmed.     

基于开放编译器的内存泄漏检测机制

内存泄漏是程序设计中经常出现的问题，会降低系统性能，甚至耗尽内存空间导致系统崩溃。文章采用反射和开放编译技术，对开放编译器OpenC 进行了扩展与改进，设计并实现了一个CC 动态内存泄漏检测工具，以帮助开发和测试人员查找内存泄漏。     

基于有界模型检测的C/C 程序内存泄漏检测

C/C 语言中的动态内存管理机制自由且灵活,但动态内存的使用容易引入内存泄漏,导致系统性能降低甚至系统崩溃。为了更加有效的检测内存泄漏,提出了一个基于有界模型检测技术的C/C 程序内存泄漏检测方案MLD-CBMC。该方案以C/C 程序文件为输入,利用有界模型检测技术,对程序进行展开处理,加入内存泄漏性质,并利用可满足性模理论(SMT)对程序约束和性质组成的验证条件编码,使用SMT求解器对验证条件求解,将检测内存泄漏问题转换为求解可满足性问题,实现C/C 程序内存泄漏的检测。通过实验验证了方案的有效性,并与其他有界模型检测工具进行对比实验,实验证明方案对内存泄漏的检测能力更强。     

ASN_EZE: An Analgesic for Writers of ASN.1 Applications

Many programmers find that the logical structure of data defined in ASA.1 is simple enough, but the physical representation requires painfully careful attention to lots of detail. ASN.1 'compilers' which we had used required a programmer ot know the intricacies of both ASN.1 and the generated code. Furthermore those which generated 'C' code were prone to 'memory leaks' and produced bulky code. Two features of object orientiation led us to develop a code generator that procues 'C++'. First Class inheritance permits a small number of functions to operate on objects of any derived class. Second, the destructors of such objects can be designed to prevent memory leaks automatically. Our own use of the system shows that within a few days programmers withh no pair exposure to ASN.1 can start writing applications using only the ASN.1 specification for reference. The generated code is compact and well protected anainst memory leaks. This paper describes the capabilies of the code generator, the library of functions for handling all ASN.1 objects so generated, and the interior structure of these objects which allows the library functions to navigate any hierarchy. The las section discusses our experience in using the system.     

基于摘要的内存泄露分析方法改进*

为了更加精确高效地分析源代码中的内存泄露,针对内存泄露属性分析建模,通过多种途径对现有的方法进行改进。使用函数摘要的方法提高分析效率,并使用对库函数建模、检测虚假路径的方法降低误报,同时尝试检测动态内存通过参数逃逸的情况。在crystal基础上实现了静态分析内存泄露的工具SMD,取得了良好的实验结果。     

基于进程切换的任务性能测试内核插桩研究

嵌入式软件测试中,代码覆盖率测试和内存检测通过给程序源代码插桩,在程序动态运行的过程中搜集测试数据;但是这种插桩无法获取进程每次运行的时间。基于进程切换的内核taskhook插桩,是通过对Linux2．6操作系统内核进行分析,建立了进程监控的插桩点选取,获取进程生命周期中的时间相关的指标,最终实现程序的任务性能测试。