skip to main content
10.1145/1375581.1375588acmconferencesArticle/Chapter ViewAbstractPublication PagespldiConference Proceedingsconference-collections
research-article

Conditional correlation analysis for safe region-based memory management

Published: 07 June 2008 Publication History

Abstract

Region-based memory management is a popular scheme in systems software for better organization and performance. In the scheme, a developer constructs a hierarchy of regions of different lifetimes and allocates objects in regions. When the developer deletes a region, the runtime will recursively delete all its subregions and simultaneously reclaim objects in the regions. The developer must construct a consistent placement of objects in regions; otherwise, if a region that contains pointers to other regions is not always deleted before pointees, an inconsistency will surface and cause dangling pointers, which may lead to either crashes or leaks.
This paper presents a static analysis tool RegionWiz that can find such lifetime inconsistencies in large C programs using regions. The tool is based on an analysis framework that generalizes the relations and constraints over regions and objects as conditional correlations. This framework allows a succinct formalization of consistency rules for region lifetimes, preserving memory safety and avoiding dangling pointers. RegionWiz uses these consistency rules to implement an efficient static analysis to compute the conditional correlation and reason about region lifetime consistency; the analysis is based on a context-sensitive, field-sensitive pointer analysis with heap cloning.
Experiments with applying RegionWiz to six real-world software packages (including the RC compiler, Apache web server, and Subversion version control system) with two different region-based memory management interfaces show that RegionWiz can reason about region lifetime consistency in large C programs. The experiments also show that RegionWiz can find several previously unknown inconsistency bugs in these packages.

References

[1]
A. Aiken, M. Fahndrich, and R. Levien. Better static memory management: Improving region-based analysis of higher-order languages. In ACMSIGPLAN Conference on Programming Language Design and Implementation (PLDI), 1995.
[2]
R. Z. Altucher andW. Landi. An extended form of must alias analysis for dynamic allocation. In ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL), 1995.
[3]
L. O. Andersen. Program Analysis and Specialization for the C Programming Language. PhD thesis, DIKU, University of Copenhagen, 1994.
[4]
D. Avots, M. Dalton, V. B. Livshits, and M. S. Lam. Improving software security with a C pointer analysis. In International Conference on Software Engineering (ICSE), 2005.
[5]
E. D. Berger, B. G. Zorn, and K. S. McKinley. Reconsidering custom memory allocation. In ACM SIGPLAN Conference on Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA), 2002.
[6]
L. Birkedal, M. Toft, and M. Vejlstrup. From region inference to von Neumann machines via region representation inference. In ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL), 1996.
[7]
H.-J. Boehm and M. Weiser. Garbage collection in an uncooperative environment. Software - Practice and Experience, 18(9):807--820, 1988.
[8]
C. Boyapati, A. Salcianu, W. Beebee, and M. Rinard. Ownership types for safe region-based memory management in real-time Java. In ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), 2003.
[9]
S. Cherem, L. Princehouse, and R. Rugina. Practical memory leak detection using guarded value-flow analysis. In ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), 2007.
[10]
S. Cherem and R. Rugina. Region analysis and transformation for Java programs. In International Symposium on Memory Management (ISMM), 2004.
[11]
W.-N. Chin, F. Craciun, S. Qin, and M. Rinard. Region inference for an object-oriented language. In ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), 2004.
[12]
M. Das, S. Lerner, and M. Seigle. ESP: Path-sensitive program verification in polynomial time. In ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), 2002.
[13]
D. Dhurjati, S. Kowshik, and V. Adve. SAFECode: Enforcing alias analysis for weakly typed languages. In ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), 2006.
[14]
M. Emami, R. Ghiya, and L. J. Hendren. Context-sensitive interprocedural points-to analysis in the presence of function pointers. In ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), 1994.
[15]
D. Engler and K. Ashcraft. RacerX: Effective, static detection of race conditions and deadlocks. In ACM Symposium on Operating Systems Principles (SOSP), 2003.
[16]
D. Gay and A. Aiken. Memory management with explicit regions. In ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), 1998.
[17]
D. Gay and A. Aiken. Language support for regions. In ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), 2001.
[18]
R. Ghiya and L. J. Hendren. Is it a tree, a DAG, or a cyclic graph? a shape analysis for heap-directed pointers in C. In ACM SIGPLANSIGACT Symposium on Principles of Programming Languages (POPL), 1996.
[19]
D. Grossman, G.Morrisett, T. Jim,M. Hicks, Y.Wang, and J. Cheney. Region-based memory management in Cyclone. In ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), 2002.
[20]
B. Hackett and R. Rugina. Region based shape analysis with tracked locations. In ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL), 2005.
[21]
D. R. Hanson. Fast allocation and deallocation of memory based on object lifetimes. Software - Practice and Experience, 20(1):5--12, 1990.
[22]
M. Hind. Pointer analysis: Haven't we solved this problem yet? In ACM SIGPLAN-SIGSOFT Workshop on Program Analysis for Software Tools and Engineering (PASTE), 2001.
[23]
N. Kew. The Apache Modules Book: Application Development with Apache. Prentice Hall PTR, 2007.
[24]
M. S. Lam, J. Whaley, V. B. Livshits, M. C. Martin, D. Avots, M. Carbin, and C. Unkel. Context-sensitive program analysis as database queries. In SIGMOD-SIGACT-SIGART Symposium on Principles of Database Systems (PODS), 2005.
[25]
C. Lattner and V. Adve. Automatic pool allocation: Improving performance by controlling data structure layout in the heap. In ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), 2005.
[26]
C. Lattner, A. Lenharth, and V. Adve. Making context-sensitive points-to analysis with heap cloning practical for the real world. In ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), 2007.
[27]
O. Lhot´ak and L. Hendren. Jedd: A BDD-based relational extension of Java. In ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), 2004.
[28]
J. Lind-Nielsen. BuDDy: A binary decision diagram package. http://buddy.sourceforge.net/.
[29]
V. B. Livshits and M. S. Lam. Tracking pointers with path and context sensitivity for bug detection in C programs. In European Software Engineering Conference and ACM SIGSOFT Symposium on the Foundations of Software Engineering (ESEC/FSE), 2003.
[30]
S. Lu, S. Park, C. Hu, X.Ma,W. Jiang, Z. Li, R. A. Popa, and Y. Zhou. MUVI: Automatically inferring multi-variable access correlations and detecting related semantic and concurrency bugs. In ACM Symposium on Operating Systems Principles (SOSP), 2007.
[31]
Microsoft. Phoenix compiler framework. http://research.microsoft.com/phoenix/.
[32]
A. Milanova, A. Rountev, and B. G. Ryder. Parameterized object sensitivity for points-to and side-effect analyses for Java. In ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA), 2002.
[33]
M. Naik and A. Aiken. Effective static race detection for Java. In ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), 2006.
[34]
M. Naik and A. Aiken. Conditional must not aliasing for static race detection. In ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL), 2007.
[35]
E. M. Nystrom, H.-S. Kim, and W. mei W. Hwu. Bottom-up and top-down context-sensitive summary-based pointer analysis. In Static Analysis Symposium (SAS), 2004.
[36]
E. M. Nystrom, H.-S. Kim, and W. mei W. Hwu. Importance of heap specialization in pointer analysis. In ACM SIGPLAN-SIGSOFT Workshop on Program Analysis for Software Tools and Engineering (PASTE), 2004.
[37]
P. Pratikakis, J. S. Foster, and M. Hicks. LOCKSMITH: Context-sensitive correlation analysis for race detection. In ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), 2006.
[38]
M. Tofte and J.-P. Talpin. Implementation of the typed call-by-value lambda-calculus using a stack of regions. In ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL), 1994.
[39]
X. Wang, Z. Guo, X. Liu, Z. Xu, H. Lin, X. Wang, and Z. Zhang. Hang analysis: Fighting responsiveness bugs. In ACM SIGOPS European Conference on Computer Systems (EuroSys), 2008.
[40]
J. Whaley and M. S. Lam. Cloning-based context-sensitive pointer alias analysis using binary decision diagrams. In ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), 2004.
[41]
P. R. Wilson. Uniprocessor garbage collection techniques. In International Workshop on Memory Management (IWMM), 1992.
[42]
Y. Xie and A. Aiken. Context- and path-sensitive memory leak detection. In European Software Engineering Conference and ACM SIGSOFT Symposium on the Foundations of Software Engineering (ESEC/FSE), 2005.
[43]
Y. Xie and A. Aiken. Scalable error detection using Boolean satisfiability. In ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL), 2005.
[44]
J. Zhu and S. Calman. Symbolic pointer analysis revisited. In ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), 2004.

Cited By

View all

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
PLDI '08: Proceedings of the 29th ACM SIGPLAN Conference on Programming Language Design and Implementation
June 2008
396 pages
ISBN:9781595938602
DOI:10.1145/1375581
  • General Chair:
  • Rajiv Gupta,
  • Program Chair:
  • Saman Amarasinghe
  • cover image ACM SIGPLAN Notices
    ACM SIGPLAN Notices  Volume 43, Issue 6
    PLDI '08
    June 2008
    382 pages
    ISSN:0362-1340
    EISSN:1558-1160
    DOI:10.1145/1379022
    Issue’s Table of Contents
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 07 June 2008

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. conditional correlation
  2. error detection
  3. memory management
  4. program analysis
  5. region

Qualifiers

  • Research-article

Conference

PLDI '08
Sponsor:

Acceptance Rates

Overall Acceptance Rate 406 of 2,067 submissions, 20%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)6
  • Downloads (Last 6 weeks)0
Reflects downloads up to 16 Feb 2025

Other Metrics

Citations

Cited By

View all

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media