SMOKE: Scalable Path-Sensitive Memory Leak Detection for Millions of Lines of CodeTechnical Track
Detecting memory leak at industrial scale is still not well addressed, in spite of tremendous efforts from both the industrial and academia in the past decades. Existing work suffers from an unresolved paradox – a highly precise analysis limits its scalability and an imprecise one seriously hurts its precision or recall. In this work, we present SMOKE, a staged approach to resolve this paradox. Instead of using a uniform precise analysis for all paths, in the first stage, we use a scalable but imprecise analysis to compute a succinct set of candidate memory leak paths. In the second stage, we leverage a more precise analysis to verify the feasibility of the candidates. Our first stage analysis is scalable, due to the design of a new sparse program representation, namely use-flow graph (UFG), which enables us to model the problem as a polynomial-time state analysis. Our second stage analysis is precise and still efficient, due to the smaller number of candidates and the design of a dedicated constraint solver. Experimental results demonstrated that SMOKE can finish checking industrial-sized projects, up to 8MLoC, in forty minutes with an average false positive rate of 24.4%. Besides, SMOKE is significantly faster than the state-of-the-art research techniques as well as the industrial tools, with the speedup ranging from 27.9X to 105.9X. In the twenty-nine mature and extensively checked benchmark projects, SMOKE has discovered thirty previously-unknown memory leaks which were confirmed by developers, and one even got a CVE ID.
Wed 29 MayDisplayed time zone: Eastern Time (US & Canada) change
11:00 - 12:30 | Static AnalysisTechnical Track / Papers / Demonstrations at Viger Chair(s): Mauro Pezze Università della Svizzera italiana (USI) (Switzerland) and Università degli Studi di Milano Bicocca (Italy) | ||
11:00 20mTalk | SMOKE: Scalable Path-Sensitive Memory Leak Detection for Millions of Lines of CodeTechnical Track Technical Track Gang Fan Hong Kong University of Science and Technology, Rongxin Wu Department of Computer Science and Engineering, The Hong Kong University of Science and Technology, Qingkai Shi Hong Kong University of Science and Technology, Xiao Xiao Sourcebrella Inc., Jinguo Zhou Sourcebrella Inc., Charles Zhang The Hong Kong University of Science and Technology Pre-print | ||
11:20 20mTalk | Reasonably-Most-General Clients for JavaScript Library AnalysisTechnical TrackIndustry Program Technical Track | ||
11:40 20mTalk | Resource-aware Program Analysis via Online Abstraction CoarseningTechnical Track Technical Track | ||
12:00 20mTalk | SMT-Based Refutation of Spurious Bug Reports in the Clang Static AnalyzerDemos Demonstrations Mikhail R. Gadelha SIDIA Instituto de Ciência e Tecnologia, Enrico Steffinlongo , Lucas C. Cordeiro University of Manchester, UK, Bernd Fischer Stellenbosch University, Denis A. Nicole University of Southampton | ||
12:20 10mTalk | Discussion Period Papers |