Embed Size (px)
Citation preview
Effective Interprocedural Resource Leak Detection
ICSE 10
Emina Torlak Satish ChandraIBM T.J. Watson Research Center, USA
AuthorEmina Torlak
Publications2010
MemSAT: checking axiomatic specifications of memory models Proceedings of the 2010 ACM SIGPLAN
Correct Refactoring of Concurrent Java Code 24th European Conference on Object-Oriented Programming (ECOOP)
2008
Controlled physical random functions and applications ACM Transactions on Information and System Security (TISSEC)
AuthorSatish Chandra
Publications2010
Making defect-finding tools work for you ICSE
Programming with Angelic Non-determinism POPL
2009
Snugglebug: a powerful approach to weakest preconditions PLDI
2008
Verifying dereference safety via expanding-scope analysis ISSTA
Generating precise and concise procedure summaries POPL
Related Publications in ICSE ’10
• LEAKPOINT: Pinpointing the Causes of Memory Leaks, James A. Clause and Alessandro Orso (Georgia Institute of Technology, Atlanta, USA)
• Efficient and precise Typestate Analysis by determining Continuation-equivalent States, Eric Bodden (Technische Universitaet Darmstadt, Germany)
• Precise Calling Context Encoding, William N. Sumner, Yunhui Zheng, Dasarath Weeratunge and Xiangyu Zhang (Purdue University, Lafayette, USA)
• Khasiana: Making Defect-Finding Tools Work for You, Mangala Gowri Nanda, Monika Gupta, Saurabh Sinha (IBM Research, India, India), Satish Chandra (IBM T.J. Watson Research Center, USA), David Schmidt (IBM Tivoli, USA), and Pradeep Balachandran (IBM Rational, India)
Example
Exception might occur here
Exception expected here
Exception cause FileOutputStream instance never released!
Contributions of “Tracker”
• Useful– the reports produced by the tool is actionable by a
user• Scalable
– the tool is able to handle real-world Java applications consisting of tens of thousands of classes
Call edge
p = new FileOutputStream(file)
P.close()
Interprocedural Optimization
A method is RELEVANT to a fact <p,R,a> if it (or any of its transitive callees) contains a statement that may alter the fact's State. (much like slicing in some sense)
This optimization is fruitful, because in practice a lot of methods are auxiliary in nature
COMPUTING ACTIONABLE REPORTS
• Prioritization
• Exception Flow– processes exceptional edges selectively– Customizable relevant exception types
• Nested Resources– Cluster reports around nested resources like:
FileOutputStream fos = new FileOutputStream(file);OutputStreamWriter osw = new OutputStreamWriter(fos, enc);...fos.close();
Evaluation of Efficiency
Time used
Results are the number of true positives and false positives generated by full exception edge flow. Base TP and FP are the results obtained by selective exception flow.
Evaluation of Exception Flow Filtering
The lower the better
The higher the better
Comparison with Related Techniques
The higher the better
The higher the better
The lower the better
The lower the better
CONCLUSION
Their contribution is in overcoming engineering challenges, using a blend of existing and new techniques.
An empirical evaluation of the tool showed its overall effectiveness.
FUTURE WORK
• Discovering specifications automatically, especially with regards to identifying which pairs of types are related by a wrapper-wrappee relationship.
• Another promising direction is to extend the leak detection algorithm to automatically suggest code refactorings.
REFERENCES
• M. Arnold, M. Vechev, and E. Yahav. QVM: an efficient runtime for detecting defects in deployed systems OOPSLA `07
• N. Ayewah, D. Hovemeyer, J. D. Morgenthaler, J. Penix, and W. Pugh. Using static analysis to find bugs IEEE Software `08
• R. Cytron, J. Ferrante, B. K. Rosen, M. N. Wegman, and F. K. Zadeck. Efficiently computing static single assignment form and the control dependence graph ACM TRANS PROG LANG
• M. Das, S. Lerner, and M. Seigle. Esp: Path-sensitive program verification in polynomial time PLDI `02
• N. Dor, S. Adams, M. Das, and Z. Yang. Software validation via scalable path-sensitive value flow analysis ISSTA `04
• T. Reps, S. Horwitz, and M. Sagiv. Precise interprocedural data flow analysis via graph reachability POPL `95
THANK YOU
