CN102662825A - Method for detecting memory leakage of heap operational program - Google Patents
Method for detecting memory leakage of heap operational program Download PDFInfo
- Publication number
- CN102662825A CN102662825A CN2012100410257A CN201210041025A CN102662825A CN 102662825 A CN102662825 A CN 102662825A CN 2012100410257 A CN2012100410257 A CN 2012100410257A CN 201210041025 A CN201210041025 A CN 201210041025A CN 102662825 A CN102662825 A CN 102662825A
- Authority
- CN
- China
- Prior art keywords
- pointer
- state
- statement
- memory
- heap
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The present invention discloses a method for detecting the memory leakage of a heap operational program, is directed to solving a technical problem of the memory error detection of the heap operational program in terms of precision and efficiency, and provides a novel memory leakage detection method with improved precision and efficiency of the detection. The technical scheme comprises analyzing a source code of the program in terms of statement and morphology at first and generating an intermediate file; carrying out a pretreatment which includes slicing and transformation; obtaining an abstract state of a heap memory based on the definition of an extension type of a pointer variable in the program; employing a forward data flow iteration method to implement an in-process detection and an inter-process detection; and finally inspecting and counting results of the memory leakage detection. The method finds a good equilibrium point between precision and efficiency of a static analysis, accelerates the termination of an iterative algorithm, improves the precision and the efficiency of the detection, and has a strong scalability and a low storage overhead.
Description
Technical field
The present invention relates to one type of static detection method in the computer program with heap operation program internal memory leakage of dynamic, variable shared drive operating characteristic.
Background technology
The heap operation program comprises the program of using dynamic data structure (as: chained list, tree etc.) storage and deal with data; Very common at system software and application software, such as: operating system (as: Linux, FreeRTOS) is usually used the task of priority query or Hash table management system; The device drives supervisory routine is used and is shared unidirectional or doubly linked list management various device; Server software (as: Apache) uses container (Collection) to accept and store various user's requests; Information system management software uses all kinds of containers to represent view and the storage data that inquiry obtains from database.This class method all has dynamic assignment in the operational process, polymerization, separation or discharges the characteristics of internal storage location in the heap; On the other hand; Can know when analyzing this class method source code; The programmer uses pointer variable (or pointer field) direct (or indirectly) to handle these internal storage locations; Make to exist complicated points relationship between these Dram unit, such as: certain internal storage location maybe be pointed by a plurality of pointer variables or other internal storage location.Therefore, it is more difficult and much complicated than the program of other types to judge whether the internal storage location of having applied in the heap operation program finally is released.Memory overflow is meant that the internal memory of dynamic assignment is not released immediately, and it is one type of important software mistake, and it can cause the system of continuous service to collapse perhaps important leakage of information owing to memory source exhausts.
Current, memory overflow detects has several different methods and instrument thereof, mainly is divided into dynamic and static method.The instrument of exemplary dynamic method has Purify, JPF etc., though these class methods can be located mistake exactly, automaticity is high, is subject to the input use-case, can not check all memory overflow mistakes; Static method is not check whether there is memory overflow under the operating software prerequisite, and exemplary operation has: LCLint, SATURN etc., can find all possible memory overflow mistake, but have higher rate of false alarm.Therefore, how under the prerequisite that guarantees precision, to make the Static Detection instrument can detect focus and the difficult point that extensive program is current Static Detection research.The method that detects to memory overflow in the heap operation program of dynamic, variable storage allocation mainly can be divided into:
(1) the insensitive detection method in territory
Whether the internal memory node that the insensitive detection method in territory is based on each distribution in the pointer alias analysis trace routine finally is released, can be divided into again stream responsive insensitive with stream, the path is responsive and the path is insensitive, context-sensitive and the insensitive 6 kinds of detection methods of context.For example: people such as Zongxing Xu have proposed in software quality international conference in 2008 (QSIC ' 08) based on the responsive interprocedual memory overflow algorithm in constraint solver CVC3 path; Yungbum Jung and Kwangkeun Yi have proposed a kind of static analysis tools SPARROW of robotization in international memory management forum meeting (ISMM ' 08), designed the parameterized procedure function method of abstracting based on the escape model; In addition; Xie Yichen and Alex Aiken have proposed memory overflow testing tool Saturn in the 10th European soft project meeting; With the memory leak issue stipulations is the satisfiability problem of boolean's formula, uses the SAT solver to judge whether to exist memory overflow then; People such as David L.Heine have proposed memory overflow testing tool Clouseau on the 28th International Conference on Software Engineering; It is based on pointer entitlement and describes the pointer variable that discharges the heap memory node, constructs the entitlement constrained system then and detects the memory overflow mistake.All these instruments can not directly apply to and detect memory overflow mistake in the heap operation program.
(2) the responsive detection method in territory
The responsive detection method in territory relates to the accessibility relation between the heap memory unit.People such as Mooly Sagiv have proposed three-valued logic TVLA (Three-Value Logic) on ACM program language in 2002 and system's transactions (TOPLAS ' 02); Program to having the chained list type is divided into limited equivalence class through definition core (core) and auxiliary (instrumental) predicate collection with the internal memory node; Form through routine analyzer proves that various chained list running programs do not have the memory overflow mistake, yet TVLA exists when being applied to the heap operation program internal memory Leak Detection of other types than higher wrong report; People such as Hackett have proposed a kind of regional morphology analytical algorithm based on reference count of novelty in ACM program language principle in 2005 international conference (POPL ' 05); And can in 2 minutes, detect and find 97 mistakes to 3 popular large-scale c programs of several ten thousand row; Wherein have only 37 to be true mistake; Though efficiency ratio is higher,, exist higher rate of false alarm; People such as Ji Wang have designed the memory overflow detection algorithm that drives based on the abstract sensing figure of internal memory demand on Chinese journal of computers English edition (JCST ' 09) in 2009; And on precision and efficient, obtain the better balance that compares; But storage overhead and computation complexity are still than higher.Recently, occurred in succession using the morphological analysis method of reasoning from logic to detect EMS memory error to the heap operation program, exemplary operation has: SpaceInvader and Xisa.SpaceInvader verifies upward use separation logic (Separation Logic) formula recursive definition linked list data structure invariant of international conference (CAV ' 08) area of computer aided in 2008; Designed various inference rules based on recursive definition then the heap operation program has been carried out reasoning, successful analysis and the internal memory correctness of having verified some device drives supervisory routines under Windows and the Linux; Xisa goes up the internal memory security property that the heap operation program was analyzed and verified to the User Defined data structure invariant of using abstract interpretation framework support parameterization in ACM program language principle in 2008 international conference (POPL ' 08).But these methods receive the constraint of User Defined data structure invariant, and automaticity is not high, and the EMS memory error that is difficult to be useful for extensive practical programs detects automatically.
In sum, though there is multiple different memory leakage detecting method in academia with industry member at present, every kind of method all has separately the characteristics and the scope of application, and they all have weak point on detection heap operation program.Though the insensitive detection method in territory can detect extensive program; But accuracy of detection is lower; Especially face when having the heap operation program of heap memory polymerization, stalling characteristic, whether all internal memory nodes that can not detect in the same pointer variable sensing region of memory all are released; Though the territory sensitive detecting method can detect all memory overflow mistakes in the heap operation program, but because automated procedures are not high or system resource (mainly comprising internal memory, time) consumption cost is too big, so efficient is not high, the program scale that can analyze is smaller.
Summary of the invention
The technical matters that the present invention will solve is: be directed against current memory leakage detecting method in the problem that has precision and efficient aspect the heap operation program internal memory error-detecting with operating characteristics such as dynamic shared drive application, merging, separation, deletions; A kind of memory leakage detecting method based on the abstract forward data flow iteration in heap memory part is provided, improves the precision and the efficient that detect.
Concrete technical scheme is:
The 1st step; Utilize the compiler platform that program to be detected is carried out lexical analysis, grammatical analysis, generate abstract syntax tree, control flow graph (describing the front and back relation of continuing between the program basic statement), the such intermediate information of invocation of procedure figure (call graph in the program between function) of program to be detected.
The 2nd step, pre-service.Before real heap operation program internal memory detects to one, need carry out two step pre-service.
2.1 section is about to those and does not use the assignment statement of any pointer type variable from program, to delete, the program after obtaining cutting into slices.
Convert canonical form 2.2 will pass through the pointer assignment statement that does not meet canonical form in the program after the section to according to transformation rule.The pointer assignment statement of canonical form comprises 7 kinds: 1, and p is changed to sky with pointer variable, and shape is like p=null; 2, with pointer field p->f of pointer variable p
mBe changed to sky, shape is like p->f
m=null; 3, copy statement between pointer variable, shape is like p=q; 4, copy statement between the pointer field of pointer p and pointer q, shape is like p=q->f
m5, copy statement between the pointer field of pointer p and pointer q, shape is like p->f
m=q; 6, internal memory application statement, shape is like p=malloc; 7, the internal memory free statement, shape is like free (p).Transformation rule has 5 kinds, is respectively: 1, introduce auxiliary pointer variable pt
0With shape such as p->f
m=q->f
nPointer assignment statement convert into: pt
0=q->f
nP->f
m=pt
02, introduce auxiliary pointer variable pt
1With shape such as p=p->f
mPointer assignment statement convert into: pt
1=p->f
mP=pt
13, introduce auxiliary pointer variable pt
2With shape such as p->f
mThe pointer assignment statement of=malloc converts into: pt
2=malloc; P->f
m=pt
24, introduce auxiliary pointer variable pt
3With shape such as p=q->f
m->f
nPointer assignment statement convert into: pt
3=q->f
mP=pt
3->f
n5, introduce auxiliary pointer variable pt
4With shape such as free (p->f
m) the internal memory free statement convert into: pt
4=p->f
mFree (pt
4).
In the 3rd step,, obtain the abstract state of heap memory of program according to the expansion type of the another name information definition pointer of each pointer variable in the function.In the heap operation program, the expansion type of pointer variable p<img file="BDA0000137616750000041.GIF" he="62" img-content="drawing" img-format="GIF" inline="no" orientation="portrait" wi="39" />Be defined as:<f<sub >1</sub>:<dist; 2<sup >PVar</sup>>f<sub >2</sub>:<dist, 2<sup >PVar</sup>>... f<sub >i</sub>:<dist; 2<sup >PVar</sup>>...; f<sub >n</sub>:<dist; 2<sup >PVar</sup>>>, wherein: f<sub >1</sub>, f<sub >2</sub>... f<sub >i</sub>..., f<sub >n</sub>Represent that respectively p points to the name of pointer field in the internal storage location, 1≤i≤n, that is: p points to the internal storage location of being assembled by n pointer field, and internal storage location is called the internal memory node again; The internal memory node was apart from the value of pointer p during variable dist represented to pile; 2<sup >PVar</sup>Represent the pointer variable collection that all internal memory nodes that to point to apart from p internal memory nodal value pointed be dist constitute, be called pointer another name collection, comprising: the formal parameter that has pointer type in global pointer variable, local pointers variable, the function.Analyzing 7 kinds of basic pointer assignment statements of standard of heap operation program can know: the internal memory node that p directly or indirectly quotes in pointer assignment statement is 1 apart from the maximal value of p, for example: statement p->f<sub >i</sub>=q, pointer field f in the internal memory node that pointer p is pointed<sub >i</sub>The value address of being revised as pointer q internal memory node pointed, in this statement, p is through pointer field f<sub >i</sub>The internal memory node that route can reach is 1 apart from the value of p.Therefore, the scope of variable dist value is: 0,1 and 2, wherein: element 0 and 1 expression heap memory middle distance p internal memory node exact value pointed, value 2 is arbitrary values, expression is through certain pointer field f<sub >i</sub>The above routing times of twice or twice (claim the operation of pointer dereference again, dereferencing), the internal memory node that in heap memory, obtains the like this node (summary node) of claiming again to make a summary.Two special elements are arranged: empty set among the pointer set 2PVar<img file="BDA0000137616750000042.GIF" he="41" img-content="drawing" img-format="GIF" inline="no" orientation="portrait" wi="21" />Have no pointer variable to point to this internal storage location in the expression heap memory, and this internal storage location has been assigned with in heap memory; ⊥ representes certain pointer variable p or pointer field f<sub >i</sub>Value be null (the special marking value representes that this pointer variable value is invalid memory address), p or pointer field f<sub >i</sub>Internal storage location pointed also is not assigned with in heap.The active pointer variable of heap operation program HP is one type of pointer variable that is used or revises in the usability of program fragments, and LivePVar representes by predicate.So, the local abstract state of heap memory<img file="BDA0000137616750000043.GIF" he="43" img-content="drawing" img-format="GIF" inline="no" orientation="portrait" wi="38" />Be set, that is: with expansion type formation of active pointer variable<img file="BDA0000137616750000044.GIF" he="44" img-content="drawing" img-format="GIF" inline="no" orientation="portrait" wi="54" />In the formula, p<sub >i</sub>Represent that any one has active pointer variable,<img file="BDA0000137616750000045.GIF" he="62" img-content="drawing" img-format="GIF" inline="no" orientation="portrait" wi="48" />Expression p<sub >i</sub>Expansion type.Hence one can see that: in the heap operation program, the number of the local abstract state of heap memory is limited.Suppose that the pointer variable number is pn in the heap operation program, the number of pointer field is fn in the aggregate type, so the local abstract state of heap memory<img file="BDA0000137616750000046.GIF" he="42" img-content="drawing" img-format="GIF" inline="no" orientation="portrait" wi="38" />Maximum number be: [fn * 3 * (2<sup >Pn</sup>+ 1)]<sup >Pn</sup>, in the formula, the kind of 3 expression distance values, 2<sup >Pn</sup>Number of subsets in the power set of expression pointer another name collection, 1 expression add that the pointer another name concentrates special elements value ⊥.
In the 4th step, memory overflow detects in the process.Definition according to above-mentioned pointer expansion type; Obtain in the heap operation program basic statement about the transition relationship of the abstract state of heap memory; Particularly; Certain function f of top-down selection from the invocation of procedure figure of program to be detected; And the abstract state
of function f porch is set to sky, and carrying out according to the forward data flow alternative manner that memory overflow detects in the process, the forward data flow alternative manner is:
4.1 the abstract state of the heap memory of each program point i in the initialization function f
is changed to sky; And formation W is changed to sky; W is the formation of a fifo fifo; Fundamental element is that
is right, and s is a statement.
4.3 whether be empty, if for sky then changeed for the 6th step, if for sky then carry out 4.4 if judging formation W.
4.4 W popped from the queue items?
type conversion according to statement s abstract states?
get new abstract states?
specific methods are as follows:
4.4.1 if statement s is basic pointer assignment statement; Then the type conversion state
by 7 kinds of pointer assignment statements obtains new abstract state
and from Succ (s), selects certain element s ', the follow-up statement collection of statement s in Succ (s) the expression control flow graph.Carry out 4.5 then.Method by the type conversion
of 7 kinds of pointer assignment statements is:
(1) pointer assignment statement p=null.Transformation rule is: at state
In, at first from passing through certain pointer field f
iRoute can reach the concentrated deletion of the pointer another name p that p points to the internal memory node, then will
Be changed to null, that is: will
In all pass through f
iThe route distance value is that 0,1 and 2 pointer another name collection is changed to ⊥, obtains new abstract state
If state
Middle pointer p internal memory node pointed exists and can not reached through certain pointer field route by other internal memory nodes in other pointer variables or the heap memory, memory overflow then takes place, with this statement s and abstract state
Join among the memory overflow formation heapleakListF, heapleakListF preserves all statements that memory overflow takes place and the formation of state, and fundamental element is: statement and abstract state are right
(2) statement p->f
m=null.Transformation rule is: at state
In, pointer variable x representative can be passed through certain pointer field f
iRoute can reach the pointer variable that p points to the internal memory node.At first, revise the expansion type of x: if x calls with p, that is: x is 0 to the distance of p, then from
In will pass through f
iThe route distance value is that 1 and 2 pointer another name collection is changed to sky; If x is 1 or 2 to the distance value of p, then from
In pass through f
iRoute distance is concentrated deletion from the pointer another name that is 2
In pass through f
iThe route distance value is 1 and 2 pointer another name collection.Then, will
In pass through f
mThe route distance value is that 1 and 2 pointer another name collection is changed to sky, obtains new abstract state
If state
Middle p points to the f in the internal memory node
mThe internal memory node that points to exists and is not passed through f by other pointer variables or other internal memory nodes
iRoute can reach, and memory overflow then takes place, with statement s and state
Join among the memory overflow formation heapleakListF.
(3) pointer copy statement p=q.Transformation rule is: at first; Obtaining middle abstract state
then under the abstract state in centre
according to rule (1) perform statement p=null under the state
; The sensing of p soon is revised as the node that q points to
assignment is given
; Obtain new abstract state
if the internal memory node that p points in the state
exists and can not reached through certain pointer field route by other internal memory nodes in other pointer variables or the heap memory; Memory overflow then takes place, and statement s and state
are joined among the memory overflow formation heapleakListF.
(4) statement p=q->f
mTransformation rule is: at first, and at state
Abstract state in the middle of obtaining according to rule (1) perform statement p=null down
The abstract state in the centre then
To down,
In pass through f
mThe route distance value be 1 pointer another name collection assignment give with
In through certain pointer field f
iThe route distance value is 0 pointer another name collection, and p is joined
In pass through f
iThe route distance value is that 1 pointer another name is concentrated, and obtains new abstract state
If state
The internal memory node that middle p points to exists and can not reached through certain pointer field route by other internal memory nodes in other pointer variables or the heap memory, memory overflow then takes place, with statement s and state
Join among the memory overflow formation heapleakListF.
(5) statement p->f
m=q.Transformation rule is: at first, and at state
Down according to rule (1) perform statement p->f
mAbstract state in the middle of=null obtains
The abstract state in the centre then
Down, set Q representes
In through certain pointer field f
iRoute distance is from the pointer another name collection that is 0, and pointer variable t representes abstract state
In can pass through f
iThe one or many route arrives the pointer of the internal memory node of p sensing.According to abstract state in the middle of the following rules modification
At first, revise the expansion type of each pointer variable y among the set Q
Will
In pass through f
iRoute distance joins from the pointer another name collection that is 0
In pass through f
iRoute distance is concentrated from the pointer another name that is 1, will
In pass through f
iRoute distance adds to from the pointer another name collection that is 1 and 2
In pass through f
iRoute distance is concentrated from the pointer another name that is 2; Then, will pass through f
iRoute distance is that 0,1 and 2 pointer another name collects and adds to together with q from q value
In pass through f
iRoute distance is concentrated from the pointer another name that is 2, obtains new abstract state
If state
F in the internal memory node that middle p points to
mThe internal memory node that points to exists and can not reached through certain pointer field route by other internal memory nodes in other pointer variables or the heap memory, memory overflow then takes place, with statement s and state
Join among the memory overflow formation heapleakListF.
(6) Memory Allocation statement p=malloc ().Transformation rule is: at first, and at state
Abstract state in the middle of obtaining according to rule (1) perform statement p=null down
The abstract state in the centre then
Down, newly apply for an internal memory node and give pointer p, that is: will the address assignment of this internal memory node
In through certain pointer field f
iRoute distance is changed to empty set from the pointer another name collection that is 0
Pass through f
iRoute distance is changed to ⊥ from the pointer another name collection that is 1 and 2, obtains new abstract state
If state
The internal memory node that middle p points to exists and is not passed through certain pointer field f by other internal memory nodes in other pointer variables or the heap memory
iRoute can reach, and memory overflow then takes place, with statement s and state
Join among the memory overflow formation heapleakListF.
(7) internal memory free statement free (p).Transformation rule is: at state
In, pointer variable w representes to remove among the pointer variable collection LivePVar alive (HP) the every other pointer variable of p, at first, from
In through certain pointer field f
iThe route distance value is 0,1 and 2 the concentrated deletion of pointer another name
In pass through f
iRoute distance then will from the pointer another name collection that is 0
In pass through f
iThe route distance value is that 0,1 and 2 pointer another name collection is changed to ⊥, obtains new abstract state
If state
The internal memory node existence pointed of certain pointer field can not reached through certain pointer field route by other internal memory nodes in other pointer variables or the heap memory in the middle p sensing internal memory node, memory overflow then takes place, with statement s and state
Join among the memory overflow formation heapleakListF.
4.4.2 if statement s is a switch condition case statement; Then: the true value of at first under the abstract state of current heap memory
, finding the solution switch statement condition; From Succ (s), select next bar perform statement s ' according to the condition true value then; And with the follow-up statement of s ' as statement s, state
carries out 4.5 as new abstract state
.
4.4.3 if statement s is the unconditional jump statement; Then: and with the follow-up statement of object statement s ' as statement s, state
carries out 4.5 as new abstract state
.
4.4.4 if statement s is the function call statement; Then carried out for the 5th step; Obtain new abstract state
and from Succ (s), select certain element s ', as the follow-up statement of s.
4.4.5 if statement s is function return statement return e; Then under abstract state
; With the expansion type of pointer variable e expansion type as function return value; The expansion type of global pointer variable is constant; The expansion type assignment of other local pointers variablees is put sky; Obtain new abstract state
and, carry out 4.5 then as discharge state
the exit statement s ' of function f follow-up statement as return statement s.
4.5 The new abstract states?
and the subsequent statement s' initial state?
Join obtained by combining operations of the program point of the new abstract state?
execute step 4.6.In order to detect the mistake that the heap operation program internal memory leaks as much as possible; Union operation is: and if only if any two abstract states
and
exists and comprises when concerning and could merge, otherwise two abstract states are respectively as the element of union operation.Two abstract heap memory status?
and?
there is a containment relationship?
if and only if: Status?
any element in the state?
in.Union operation can be expressed as by formula:
4.6 The combined heap abstract states?
using saturation operation reached saturation?
saturation operation steps are as follows:
4.6.1 modified is initialized as vacation with token variable.
4.6.2 irreflexive operation.Travel through abstract state
In each pointer variable x
1, from
In through certain pointer field f
iRoute distance is concentrated deletion pointer x from the pointer another name that is 0
1If certain pointer another name collection has been modified, modified is changed to very.
4.6.3 symmetry operation.Travel through abstract state
In each pointer variable x
2, from
In through certain pointer field f
iRoute distance is concentrated from the pointer another name that is 0 and is taken out certain pointer variable y arbitrarily
2If,
In all pass through f
iRoute distance does not comprise x from the pointer another name collection that is 0
2, then with x
2Add
In to passing through f
iRoute distance is from the pointer another name collection that is 0.If certain pointer another name collection has been modified, modified is changed to very.
4.6.4 transmit operation.Travel through abstract state
In each pointer variable x
3, from
In through certain pointer field f
iRoute distance is from being certain value d
1Pointer another name concentrate and take out certain pointer variable y arbitrarily,
In through certain pointer field route distance from be worth d for certain
2Obtain pointer another name collection Q
2If, pointer another name collection Q
2In certain pointer variable z do not exist
In pass through f
iRoute distance is from being d
1+ d
2Pointer another name concentrate, then z is joined
In pass through f
iRoute distance is from being d
1+ d
2Pointer another name concentrate.If certain pointer another name collection has been modified, modified is changed to very.
4.6.5 judge the value of modified; If be false, state
state that reaches capacity
changeed for 4.7 steps; Otherwise change the 4.6.1 step.
4.7 if state of saturation
is different with virgin state
; Then state of saturation
is joined among the W as new virgin state
and with state of saturation
and follow-up statement s ', change 4.3.
In the 5th step, the memory overflow that the heap operation program is carried out interprocedual detects, and method is:
5.1 acquisition process call statement e=f (e
1, e
2..., e
k) initialization information.Invoked procedure is by name: f, formal parameter is: p
1, p
2..., p
k, actual parameter is: e
1, e
2..., e
k, wherein: p
hRepresent formal parameter, e
hBe p
hCorresponding actual parameter, the scope of subscript h are 1≤h≤k, and rreturn value is: ret
f, the local pointers variables set is: LVar
f, the global pointer variables set is: GVar
f, the abstract state of heap memory before the execution function call statement does
5.2 carry out down the state transition of call statement at the abstract state of heap memory
, heap memory original state
process of the function that obtains being called is following:
5.2.1 with state
Middle global pointer variables set GVar
fIn arbitrarily the expansion type of global pointer variable g pass to invoked procedure, that is: state
Middle g's
Equal state
Middle g's
5.2.2 with state
Middle actual parameter e
h Pass to formal parameter p
h, as the porch p that is called
h That is: state
In
Value be state
In
Value.
5.2.3 state
Middle local pointers variables set LVar
fIn the expansion type of any local pointers variable l
Be initialized as sky.
5.3 with function f and original state
as parameter; Adopt the 4th step forward data flow alternative manner that function f is carried out memory overflow detection in the process, obtain the new abstract state of function exit heap memory
5.4
passes to invoked procedure with the heap memory state, obtains new abstract state
according to following steps:
5.4.1 with state
Middle pointer type rreturn value ret
fExpansion type pass to invoked procedure, as state
The expansion type of following pointer e.
5.4.2 the expansion type
of global pointer variable g is constant when passing to invoked procedure in the state
, as
of g under the state
5.4.3 the expansion type of other local pointers variablees is constant before and after the invocation of procedure, that is: the value of the expansion type of other local pointers variablees is the value of the corresponding topical pointer variable expansion type in the state
in the state
.
The 6th step, statistics heap operation program internal memory Leak Detection result data.
6.1 according on the control flow graph in each program point about the information of the abstract state of heap memory, export the abstract state of heap memory and the abstract state of heap memory in exit of the entry statement of each program point.
6.2 according to the content of memory overflow formation heapleakListF, output the program statement s and the state
of memory overflow might take place and add up the number of memory overflow.
6.3 screen possible memory overflow mistake, count the wrong report number of detection, and obtain rate of false alarm.Because the pointer assignment of a memory overflow mistake representative under the current pointer expansion type reported these mistakes with abstract state and the right form of pointer assignment statement in forward direction iterative detection process, can assist and confirm true mistake.
6.4 information when moving according to compiling platform and system obtains the situation of memory leakage detecting method consume system resources, such as: elapsed time of memory consumption, each detection-phase or the like.
Compared with prior art, adopt the present invention can reach following technique effect:
(1) on the basis of the present invention's pointer expansion type definition in the 2nd step; A kind of memory leakage detecting method towards heap operation has been proposed; Use internal memory Rankine-Hugoniot relations local between expansion pointer type record pointer variable to support the local reasoning of heap memory then; Detect the memory overflow mistake in the heap operation program, taken into account efficient and precision, between the precision of static analysis and efficient, found an equilibrium point preferably.
(2) the present invention proposes to describe based on the pointer expansion type another name relation of pointer; Compare with traditional memory leakage detecting method based on unified (unification-based) sensing alias analysis; Not only having represented the another name information of pointer, and represented the another name information of all pointer fields in the pointer node pointed, is the responsive memory overflow static detection method in a kind of territory; Compare with other memory leakage detecting methods, improved accuracy of detection.
(3) the present invention provided based on the local abstract representation of the heap memory of pointer expansion type in the 3rd step; Compare with the sensing figure of classics; Simple, efficient based on the local abstract STA representation of the heap memory of pointer expansion type, directly towards the operational semantics of pointer assignment statement, need not to calculate the lvalue and the r value of pointer expression formula; Just can obtain the another name information and the occurrence of pointer, improve the efficient that detects.
(4) the present invention's the 4th step memory overflow detects and adopts the forward data flow iterative algorithm; Try to achieve of the set of each program point through the fixed point iterative process, can consider various possible pointer another name situation, on the other hand about the local abstract state of heap memory; The number of the local abstract state of heap memory is limited in the program; Can guarantee the termination property of iterative algorithm, union operation can reduce the storage overhead of state, quickens the termination of iterative algorithm.
(5) has favorable expansibility.Because program termination property is undecidable in theory, the number of the interprocedual transfer environment of context-sensitive is infinite, therefore, accomplish that context-sensitive is impossible completely.The 5th step of the present invention is when the interprocedual of handling context-sensitive detects; Use a kind of detection method of log history information increment type: if when the original state of invoked procedure does not comprise current abstract state; Then testing process is called, and the result that will detect joins in the invoked procedure; Otherwise do not get into the detection invoked procedure.This method can improve the efficient of detection, and when especially repeatedly being called repeatedly with some identical process along with the increase of detection of code scale, this advantage embodies extremely obviously.
Description of drawings
Fig. 1 is an overview flow chart of the present invention.
Fig. 2 is the process flow diagram that detects in the present invention's the 4th step process.
Fig. 3 is the process flow diagram that the present invention's the 5th step interprocedual detects.
Specific embodiments
Fig. 1 overview flow chart of the present invention.Input is the source code of program, possibly cause statement and abstract state, the various statistic of memory overflow during output in the program source code.
The present invention includes following step:
1. at first utilize the compiler platform that program source code is carried out statement analysis and lexical analysis, generate intermediate file, comprising: abstract syntax tree, control flow graph and invocation of procedure figure.
2. pre-service comprises: section and conversion.
3. the definition according to the expansion type of pointer variable in the program obtains the abstract state of heap memory.
4. detect in the process.
5. interprocedual detects.
6. inspection and statistics memory overflow are checked the result who detects.
Fig. 2 is the process flow diagram that detects in the present invention's the 4th step process, may further comprise the steps:
4.1 abstract state of the heap memory of each program point i and formation W in the initialization function.
4.2 the population statement and the abstract state of function are joined in the formation.
4.3 whether be empty, if for sky then changeed for the 6th step, if for sky then carry out 4.4 if judging formation W.
4.4 from formation, eject a certainly, obtain new abstract state according to the abstract state of type conversion of statement.
4.5 the original state of new abstract state and follow-up statement is merged into new abstract state through union operation.
The state 4.6 the abstract state employing of the heap after will merging operated in saturation reaches capacity.
4.7 if state of saturation is different with virgin state, then with state of saturation as new virgin state, and state of saturation and follow-up statement joined among the W, jumped to for the 4.3rd step then.
Fig. 3 is the process flow diagram that the present invention's the 5th step interprocedual detects, and may further comprise the steps:
5.1 the initialization information of acquisition process call statement.
5.2 under the abstract state of heap memory, carry out the state transition of call statement, the heap memory original state of the function that obtains being called.
5.3 adopt the 4th step forward data flow iterative algorithm that function is carried out memory overflow detection in the process, obtain the new abstract state of function exit heap memory.
5.4 give invoked procedure with the heap memory state transfer, obtain new abstract state.
Claims (4)
1. memory leakage detecting method towards the heap operation program is characterized in that may further comprise the steps:
The 1st step, utilize the compiler platform that program to be detected is carried out lexical analysis, grammatical analysis, generate abstract syntax tree, control flow graph, the invocation of procedure figure of program to be detected;
The 2nd step, pre-service:
2.1 section is about to those and does not use the assignment statement of any pointer type variable from program, to delete, the program after obtaining cutting into slices;
Convert canonical form 2.2 will pass through the pointer assignment statement that does not meet canonical form in the program after the section to according to transformation rule;
In the 3rd step,, obtain the abstract state of heap memory of program according to the expansion type of the another name information definition pointer of each pointer variable in the function; In the heap operation program, the definition of the expansion type of pointer variable p<img file="FDA0000137616740000011.GIF" he="63" id="ifm0001" img-content="drawing" img-format="GIF" inline="no" orientation="portrait" wi="39" />For:<f<sub >1</sub>:<dist; 2<sup >PVar</sup>>f<sub >2</sub>:<dist, 2<sup >PVar</sup>>... f<sub >i</sub>:<dist; 2<sup >PVar</sup>>...; f<sub >n</sub>:<dist; 2<sup >PVar</sup>>>, wherein: f<sub >1</sub>, f<sub >2</sub>... f<sub >i</sub>..., f<sub >n</sub>Represent that respectively p points to the name of pointer field in the internal storage location, 1≤i≤n, that is: p points to the internal storage location of being assembled by n pointer field, and internal storage location is called the internal memory node again; The internal memory node was apart from the value of pointer p during variable dist represented to pile; 2<sup >PVar</sup>Represent the pointer variable collection that all internal memory nodes that to point to apart from p internal memory nodal value pointed be dist constitute, be called pointer another name collection; The scope of variable dist value is: 0,1 and 2, wherein: element 0 and 1 expression heap memory middle distance p internal memory node exact value pointed, value 2 is arbitrary values, expression is through certain pointer field f<sub >i</sub>Twice or twice above routing times, the internal memory node that in heap memory, obtains is like this claimed the node of making a summary again; Pointer set 2<sup >PVar</sup>In two special elements are arranged: empty set<img file="FDA0000137616740000012.GIF" he="42" id="ifm0002" img-content="drawing" img-format="GIF" inline="no" orientation="portrait" wi="21" />Have no pointer variable to point to this internal storage location in the expression heap memory, and this internal storage location has been assigned with in heap memory; ⊥ representes certain pointer variable p or pointer field f<sub >i</sub>Value be null, represent that this pointer variable value is invalid memory address, p or pointer field f<sub >i</sub>Internal storage location pointed also is not assigned with in heap; The active pointer variable of heap operation program HP is one type of pointer variable that is used or revises in the usability of program fragments, and LivePVar representes by predicate; The local abstract state of heap memory<img file="FDA0000137616740000013.GIF" he="43" id="ifm0003" img-content="drawing" img-format="GIF" inline="no" orientation="portrait" wi="38" />Be set, that is: with expansion type formation of active pointer variable<img file="FDA0000137616740000014.GIF" he="44" id="ifm0004" img-content="drawing" img-format="GIF" inline="no" orientation="portrait" wi="54" />p<sub >i</sub>Represent that any one has active pointer variable,<img file="FDA0000137616740000015.GIF" he="62" id="ifm0005" img-content="drawing" img-format="GIF" inline="no" orientation="portrait" wi="49" />Expression p<sub >i</sub>Expansion type;
The 4th step; Certain function f of top-down selection from the invocation of procedure figure of program to be detected; And the abstract state
of function f porch is set to sky; Carry out memory overflow detection in the process according to the forward data flow alternative manner; Obtain that basic statement is about the transition relationship of the abstract state of heap memory in the heap operation program, the forward data flow alternative manner is:
4.1 the abstract state of the heap memory of each program point i in the initialization function f
is changed to sky; And formation W is changed to sky; W is the formation of a fifo fifo; Fundamental element is that
is right; S is a statement,
be the local abstract state of heap memory;
4.3 whether be empty, if for sky then changeed for the 6th step, if for sky then carry out 4.4 if judging formation W;
4.4 W popped from the queue items?
type conversion according to statement s abstract states?
get new abstract states?
specific methods are as follows:
4.4.1 if statement s is basic pointer assignment statement; Then obtain new abstract state
and from the control flow graph, select certain element s ' among the follow-up statement collection Succ (s) of statement s, carry out 4.5 then by the type conversion state
of 7 kinds of pointer assignment statements; Method by the type conversion
of 7 kinds of pointer assignment statements is:
(1) pointer assignment statement p=null, transformation rule is: at state
In, at first from passing through certain pointer field f
iRoute can reach the concentrated deletion of the pointer another name p that p points to the internal memory node, then will
Be changed to null, that is: will
In all pass through f
iThe route distance value is that 0,1 and 2 pointer another name collection is changed to ⊥, obtains new abstract state
If state
Middle pointer p internal memory node pointed exists and can not reached through certain pointer field route by other internal memory nodes in other pointer variables or the heap memory, memory overflow then takes place, with this statement s and abstract state
Join among the memory overflow formation heapleakListF, heapleakListF preserves all statements that memory overflow takes place and the formation of state, and fundamental element is: statement and abstract state are right
(2) statement p->f
m=null, transformation rule is: at state
In, pointer variable x representative can be passed through certain pointer field f
iRoute can reach the pointer variable that p points to the internal memory node; At first, revise the expansion type of x: if x calls with p, that is: x is 0 to the distance of p, then from
In will pass through f
iThe route distance value is that 1 and 2 pointer another name collection is changed to sky; If x is 1 or 2 to the distance value of p, then from
In pass through f
iRoute distance is concentrated deletion from the pointer another name that is 2
In pass through f
iThe route distance value is 1 and 2 pointer another name collection; Then, will
In pass through f
mThe route distance value is that 1 and 2 pointer another name collection is changed to sky, obtains new abstract state
If state
Middle p points to the f in the internal memory node
mThe internal memory node that points to exists and is not passed through f by other pointer variables or other internal memory nodes
iRoute can reach, and memory overflow then takes place, with statement s and state
Join among the memory overflow formation heapleakListF;
(3) pointer copy statement p=q; Transformation rule is: at first; Obtaining middle abstract state
then under the abstract state in centre
according to rule (1) perform statement p=null under the state
; The sensing of p soon is revised as the node that q points to
assignment is given
; Obtain new abstract state
if the internal memory node that p points in the state
exists and can not reached through certain pointer field route by other internal memory nodes in other pointer variables or the heap memory; Memory overflow then takes place, and statement s and state
are joined among the memory overflow formation heapleakListF;
(4) statement p=q->f
m, transformation rule is: at first, and at state
Abstract state in the middle of obtaining according to rule (1) perform statement p=null down
The abstract state in the centre then
To down,
In pass through f
mThe route distance value be 1 pointer another name collection assignment give with
In through certain pointer field f
iThe route distance value is 0 pointer another name collection, and p is joined
In pass through f
iThe route distance value is that 1 pointer another name is concentrated, and obtains new abstract state
If state
The internal memory node that middle p points to exists and can not reached through certain pointer field route by other internal memory nodes in other pointer variables or the heap memory, memory overflow then takes place, with statement s and state
Join among the memory overflow formation heapleakListF;
(5) statement p->f
m=q, transformation rule is: at first, at state
Down according to rule (1) perform statement p->f
mAbstract state in the middle of=null obtains
The abstract state in the centre then
Down, set Q representes
In through certain pointer field f
iRoute distance is from the pointer another name collection that is 0, and pointer variable x representes abstract state
In can pass through f
iThe one or many route arrives the pointer of the internal memory node of p sensing; According to abstract state in the middle of the following rules modification
At first, revise the expansion type of pointer variable y among the set Q
Will
In pass through f
iRoute distance joins from the pointer another name collection that is 0
In pass through f
iRoute distance is concentrated from the pointer another name that is 1, will
In pass through f
iRoute distance adds to from the pointer another name collection that is 1 and 2
In pass through f
iRoute distance is concentrated from the pointer another name that is 2; Then, will pass through f
iRoute distance is that 0,1 and 2 pointer another name collects and adds to together with q from q value
In pass through f
iRoute distance is concentrated from the pointer another name that is 2, obtains new abstract state
If state
F in the internal memory node that middle p points to
mThe internal memory node that points to exists and can not reached through certain pointer field route by other internal memory nodes in other pointer variables or the heap memory, memory overflow then takes place, with statement s and state
Join among the memory overflow formation heapleakListF;
(6) Memory Allocation statement p=malloc (), transformation rule is: at first, at state
Abstract state in the middle of obtaining according to rule (1) perform statement p=null down
The abstract state in the centre then
Down, newly apply for an internal memory node and give pointer p, that is: will the address assignment of this internal memory node
In through certain pointer field f
iRoute distance is changed to empty set from the pointer another name collection that is 0
Pass through f
iRoute distance is changed to ⊥ from the pointer another name collection that is 1 and 2, obtains new abstract state
If state
The internal memory node that middle p points to exists and is not passed through certain pointer field f by other internal memory nodes in other pointer variables or the heap memory
iRoute can reach, and memory overflow then takes place, with statement s and state
Join among the memory overflow formation heapleakListF;
(7) internal memory free statement free (p), transformation rule is: at state
In, pointer variable w representes to remove among the pointer variable collection LivePVar alive (HP) the every other pointer variable of p, at first, from
In through certain pointer field f
iThe route distance value is 0,1 and 2 the concentrated deletion of pointer another name
In pass through f
iRoute distance then will from the pointer another name collection that is 0
In pass through f
iThe route distance value is that 0,1 and 2 pointer another name collection is changed to ⊥, obtains new abstract state
If state
The internal memory node existence pointed of certain pointer field can not reached through certain pointer field route by other internal memory nodes in other pointer variables or the heap memory in the middle p sensing internal memory node, memory overflow then takes place, with statement s and state
Join among the memory overflow formation heapleakListF;
4.4.2 if statement s is a switch condition case statement; Then: the true value of at first under the abstract state of current heap memory
, finding the solution switch statement condition; From Succ (s), select next bar perform statement s ' according to the condition true value then; And with the follow-up statement of s ' as statement s, state
carries out 4.5 as new abstract state
;
4.4.3 if statement s is the unconditional jump statement; Then: with the follow-up statement of object statement s ' as statement s, state
carries out 4.5 as new abstract state
;
4.4.4 if statement s is the function call statement; Then carried out for the 5th step; Obtain new abstract state
and from Succ (s), select certain element s ', as the follow-up statement of s;
4.4.5 if statement s is function return statement return e; Then under abstract state
; With the expansion type of pointer variable e expansion type as function return value; The expansion type of global pointer variable is constant; The expansion type assignment of other local pointers variablees is put sky; Obtain new abstract state
and, carry out 4.5 then as discharge state
the exit statement s ' of function f follow-up statement as return statement s;
4.5 The new abstract states?
and the subsequent statement s' initial state?
Join obtained by combining operations of the program point of the new abstract state?
Executive 4.6 step; merge operations is: if and only if any two abstract states?
and?
relationship can exist, including merger or two abstract states, respectively, as the merge operation elements; two abstract state of heap memory?
and?
there is a containment relationship?
if and only if: Status?
any element in the state?
in;? merge operation by the expressed by the formula:
4.6 The combined heap abstract states?
using saturation operation reached saturation?
saturation operation steps are as follows:
4.6.1 modified is initialized as vacation with token variable;
4.6.2 irreflexive operation: travel through abstract state
In each pointer variable x
1, from
In through certain pointer field f
iRoute distance is concentrated deletion pointer x from the pointer another name that is 0
1If certain pointer another name collection has been modified, and modified is changed to very;
4.6.3 symmetry operation: travel through abstract state
In each pointer variable x
2, from
In through certain pointer field f
iRoute distance is concentrated from the pointer another name that is 0 and is taken out certain pointer variable y arbitrarily
2If,
In all pass through f
iRoute distance does not comprise x from the pointer another name collection that is 0
2, then with x
2Add
In to passing through f
iRoute distance, is changed to modified very if certain pointer another name collection has been modified from the pointer another name collection that is 0;
4.6.4 transmit operation: travel through abstract state
In each pointer variable x
3, from
In through certain pointer field f
iRoute distance is from being certain value d
1Pointer another name concentrate and take out certain pointer variable y arbitrarily,
In through certain pointer field route distance from be worth d for certain
2Obtain pointer another name collection Q
2If, pointer another name collection Q
2In certain pointer variable z do not exist
In pass through f
iRoute distance is from being d
1+ d
2Pointer another name concentrate, then z is joined
In pass through f
iRoute distance is from being d
1+ d
2Pointer another name concentrate, if certain pointer another name collection has been modified, modified is changed to very;
4.6.5 judge the value of modified; If be false, state
state that reaches capacity
changeed for 4.7 steps; Otherwise change the 4.6.1 step;
4.7 if state of saturation
is different with virgin state
; Then state of saturation
is joined among the W as new virgin state
and with state of saturation
and follow-up statement s ', change 4.3;
In the 5th step, the memory overflow that the heap operation program is carried out interprocedual detects, and method is:
5.1 acquisition process call statement e=f (e
1, e
2..., e
k) initialization information, invoked procedure is by name: f, formal parameter is: p
1, p
2..., p
k, actual parameter is: e
1, e
2..., e
k, wherein: p
hRepresent formal parameter, e
hBe p
hCorresponding actual parameter, 1≤h≤k, rreturn value is: ret
f, the local pointers variables set is: LVar
f, the global pointer variables set is: GVar
f, the abstract state of heap memory before the execution function call statement does
5.2 carry out down the state transition of call statement at the abstract state of heap memory
, heap memory original state
process of the function that obtains being called is following:
5.2.1 with state
Middle global pointer variables set GVar
fIn arbitrarily the expansion type of global pointer variable g pass to invoked procedure, that is: state
Middle g's
Equal state
Middle g's
5.2.2 with state
Middle actual parameter eh's
Pass to formal parameter p
h, as the porch p that is called
h That is: state
In
Value be state
In
Value;
5.2.3 state
Middle local pointers variables set LVar
fIn the expansion type of any local pointers variable l
Be initialized as sky;
5.3 with function f and original state
as parameter; Adopt the 4th step forward data flow alternative manner that function f is carried out memory overflow detection in the process, obtain the new abstract state of function exit heap memory
5.4
passes to invoked procedure with the heap memory state, obtains new abstract state
according to following steps:
5.4.1 with state
Middle pointer type rreturn value ret
fExpansion type pass to invoked procedure, as state
The expansion type of following pointer e;
5.4.2 the expansion type
of global pointer variable g is constant when passing to invoked procedure in the state
, as
of g under the state
5.4.3 the expansion type of other local pointers variablees is constant before and after the invocation of procedure, that is: the value of the expansion type of other local pointers variablees is the value of the corresponding topical pointer variable expansion type in the state
in the state
;
The 6th step, statistics heap operation program internal memory Leak Detection result data:
6.1 according on the control flow graph in each program point about the information of the abstract state of heap memory, export the abstract state of heap memory and the abstract state of heap memory in exit of the entry statement of each program point;
6.2 according to the content of memory overflow formation heapleakListF, output the program statement s and the state
of memory overflow might take place and add up the number of memory overflow;
6.3 screen possible memory overflow mistake, count the wrong report number of detection, and obtain rate of false alarm;
6.4 information when moving according to compiling platform and system obtains the situation of memory leakage detecting method consume system resources.
2. a kind of memory leakage detecting method towards the heap operation program as claimed in claim 1 is characterized in that the pointer assignment statement of canonical form comprises 7 kinds in the pre-service: 1), pointer variable p is changed to empty statement p=null; 2), with pointer field p->f of pointer variable p
mBe changed to empty statement p->f
m=null; 3), copy statement p=q between pointer variable; 4), the copy statement p=q->f between the pointer field of pointer p and pointer q
m5), the copy statement p->f between the pointer field of pointer p and pointer q
m=q; 6), internal memory application statement p=malloc; 7), internal memory free statement free (p).
3. a kind of memory leakage detecting method towards the heap operation program as claimed in claim 1 is characterized in that the transformation rule in the said pre-service has 5 kinds, is respectively: 1), introduce auxiliary pointer variable pt
0With shape such as p->f
m=q->f
nPointer assignment statement convert into: pt
0=q->f
nP->f
m=pt
02), introduce auxiliary pointer variable pt
1With shape such as p=p->f
mPointer assignment statement convert into: pt
1=p->f
mP=pt
13), introduce auxiliary pointer variable pt
2With shape such as p->f
mThe pointer assignment statement of=malloc converts into: pt
2=malloc; P->f
m=pt
24), introduce auxiliary pointer variable pt
3With shape such as p=q->f
m->f
nPointer assignment statement convert into: pt
3=q->f
mP=pt
3->f
n5), introduce auxiliary pointer variable pt
4With shape such as free (p->f
m) the internal memory free statement convert into: pt4=p->f
mFree (pt
4).
4. a kind of memory leakage detecting method towards the heap operation program as claimed in claim 1 is characterized in that said pointer another name collection comprises: the formal parameter that has pointer type in global pointer variable, local pointers variable, the function.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201210041025.7A CN102662825B (en) | 2012-02-22 | 2012-02-22 | Method for detecting memory leakage of heap operational program |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201210041025.7A CN102662825B (en) | 2012-02-22 | 2012-02-22 | Method for detecting memory leakage of heap operational program |
Publications (2)
Publication Number | Publication Date |
---|---|
CN102662825A true CN102662825A (en) | 2012-09-12 |
CN102662825B CN102662825B (en) | 2014-07-16 |
Family
ID=46772322
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201210041025.7A Active CN102662825B (en) | 2012-02-22 | 2012-02-22 | Method for detecting memory leakage of heap operational program |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN102662825B (en) |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103942077A (en) * | 2014-04-15 | 2014-07-23 | 清华大学 | Drive resource recycle analyzing method |
CN104636256A (en) * | 2015-02-17 | 2015-05-20 | 中国农业银行股份有限公司 | Memory access abnormity detecting method and memory access abnormity detecting device |
CN104750563A (en) * | 2013-12-26 | 2015-07-01 | 北京大学 | A memory leak auto repair method based on control flow diagram |
CN105302712A (en) * | 2014-07-17 | 2016-02-03 | 南京普爱射线影像设备有限公司 | Method for detecting C++ memory leakage |
CN105765896A (en) * | 2013-12-05 | 2016-07-13 | 皇家飞利浦有限公司 | A computing device for iterative application of table networks |
CN107992307A (en) * | 2017-12-11 | 2018-05-04 | 北京奇虎科技有限公司 | A kind of function Compilation Method and device |
CN109711167A (en) * | 2018-12-21 | 2019-05-03 | 华中科技大学 | A kind of UAF loophole defence method based on multilevel-pointer |
CN111694747A (en) * | 2020-06-17 | 2020-09-22 | 北京字节跳动网络技术有限公司 | Thread detection method, device, equipment and computer readable medium |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6658652B1 (en) * | 2000-06-08 | 2003-12-02 | International Business Machines Corporation | Method and system for shadow heap memory leak detection and other heap analysis in an object-oriented environment during real-time trace processing |
CN101339533A (en) * | 2007-07-04 | 2009-01-07 | 国际商业机器公司 | Method and device for diagnosing Java system EMS memory leakage based on partition |
US20090172476A1 (en) * | 2004-12-21 | 2009-07-02 | Grey James A | Test Executive System with Memory Leak Detection for User Code Modules |
CN101763305A (en) * | 2009-12-29 | 2010-06-30 | 青岛海信宽带多媒体技术有限公司 | Method for detecting memory leak of embedded system |
-
2012
- 2012-02-22 CN CN201210041025.7A patent/CN102662825B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6658652B1 (en) * | 2000-06-08 | 2003-12-02 | International Business Machines Corporation | Method and system for shadow heap memory leak detection and other heap analysis in an object-oriented environment during real-time trace processing |
US20090172476A1 (en) * | 2004-12-21 | 2009-07-02 | Grey James A | Test Executive System with Memory Leak Detection for User Code Modules |
CN101339533A (en) * | 2007-07-04 | 2009-01-07 | 国际商业机器公司 | Method and device for diagnosing Java system EMS memory leakage based on partition |
CN101763305A (en) * | 2009-12-29 | 2010-06-30 | 青岛海信宽带多媒体技术有限公司 | Method for detecting memory leak of embedded system |
Non-Patent Citations (2)
Title |
---|
JI WANG ET AL.: "Demand-Driven Memory Leak Detection Based on Flow- and Context-Sensitive Pointer Analysis", 《JOURNAL OF COMPUTER SCIENCE AND TECHNOLOGY》 * |
张威等: "基于指针映射集的动态内存故障测试方法研究", 《计算机学报》 * |
Cited By (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105765896B (en) * | 2013-12-05 | 2020-02-07 | 皇家飞利浦有限公司 | Computing device for iterative application of a table network |
CN105765896A (en) * | 2013-12-05 | 2016-07-13 | 皇家飞利浦有限公司 | A computing device for iterative application of table networks |
CN104750563B (en) * | 2013-12-26 | 2017-11-07 | 北京大学 | A kind of memory overflow self-repairing method based on controlling stream graph |
CN104750563A (en) * | 2013-12-26 | 2015-07-01 | 北京大学 | A memory leak auto repair method based on control flow diagram |
CN103942077A (en) * | 2014-04-15 | 2014-07-23 | 清华大学 | Drive resource recycle analyzing method |
CN103942077B (en) * | 2014-04-15 | 2018-06-15 | 清华大学 | A kind of driving resource reclaim analysis method |
CN105302712A (en) * | 2014-07-17 | 2016-02-03 | 南京普爱射线影像设备有限公司 | Method for detecting C++ memory leakage |
CN104636256B (en) * | 2015-02-17 | 2017-10-24 | 中国农业银行股份有限公司 | A kind of abnormal detection method and device of internal storage access |
CN104636256A (en) * | 2015-02-17 | 2015-05-20 | 中国农业银行股份有限公司 | Memory access abnormity detecting method and memory access abnormity detecting device |
CN107992307A (en) * | 2017-12-11 | 2018-05-04 | 北京奇虎科技有限公司 | A kind of function Compilation Method and device |
CN107992307B (en) * | 2017-12-11 | 2021-04-13 | 北京奇虎科技有限公司 | Function compiling method and device |
CN109711167A (en) * | 2018-12-21 | 2019-05-03 | 华中科技大学 | A kind of UAF loophole defence method based on multilevel-pointer |
CN111694747A (en) * | 2020-06-17 | 2020-09-22 | 北京字节跳动网络技术有限公司 | Thread detection method, device, equipment and computer readable medium |
CN111694747B (en) * | 2020-06-17 | 2023-03-28 | 抖音视界有限公司 | Thread detection method, device, equipment and computer readable medium |
Also Published As
Publication number | Publication date |
---|---|
CN102662825B (en) | 2014-07-16 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN102662825B (en) | Method for detecting memory leakage of heap operational program | |
Salloum et al. | Big data analytics on Apache Spark | |
US10162612B2 (en) | Method and apparatus for inventory analysis | |
US11036614B1 (en) | Data control-oriented smart contract static analysis method and system | |
Mei et al. | Data flow testing of service-oriented workflow applications | |
US8166464B2 (en) | Analysis and detection of soft hang responsiveness program errors | |
JP2020522790A (en) | Automatic dependency analyzer for heterogeneously programmed data processing systems | |
CN102567200A (en) | Parallelization security hole detecting method based on function call graph | |
CN103577168A (en) | Test case creation system and method | |
Heo et al. | Continuously reasoning about programs using differential bayesian inference | |
CN110059006A (en) | Code audit method and device | |
Rabl et al. | Apache Flink in current research | |
Nicoletti et al. | BFL: a logic to reason about fault trees | |
CN102521126A (en) | Complexity analysis method of software defect testing system based on modular decomposition technology | |
Giachino et al. | Deadlock detection in linear recursive programs | |
US20230236830A1 (en) | Detecting duplicated code patterns in visual programming language code instances | |
AL-AHMAD et al. | Jacoco-Coverage Based Statistical Approach for Ranking and Selecting Key Classes in Object-Oriented Software | |
Romanov et al. | Representing programs with dependency and function call graphs for learning hierarchical embeddings | |
CN114691197A (en) | Code analysis method and device, electronic equipment and storage medium | |
CN114912110A (en) | Js code security detection method and system | |
Simon et al. | ’SQL Code Complexity Analysis’ | |
Liu | Software vulnerability mining techniques based on data fusion and reverse engineering | |
Zhang et al. | Propositional projection temporal logic specification mining | |
Legay et al. | Statistical model checking of llvm code | |
Kusu et al. | A Node Access Frequency based Graph Partitioning Technique for Efficient Dynamic Dependency Analysis |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant |