Dynamically Validating Static Memory Leak Warnings For C Programs

Memory leaks have significant impact on software availability, performance, and security. Both static and dynamic program analysis techniques have been attempted to find memory leaks. Static analysis is able to detect a lot of defects in a program. Since a static tool doesn’t execute the program, it often ends up reporting a sea of likely warnings with true problems being buried among them. Manually inspecting all of the warnings to find true leaks is a daunting and time-consuming task, which significantly limits the usefulness of static analysis. Dynamic testing can find true memory leaks, while it needs high-quality test suits and usually incurs heavy execution overhead.In this paper, we propose a novel validating approach that reduces the human val-idation effort by dynamically classifying statically generated memory leak warnings. We introduce our approach by defining the four categories of warnings and describing the detailed operation on how to classify them. Developers then have different fix-ing priority and validation priority for different categories. Our approach works for any static memory leak detector that reports leak warnings with their corresponding suspected path fragments. We then use some testing engine to generate test cases to cover the path fragment and then dynamically track the memory objects. The cover-age of suspected path fragments during testing and the collected runtime information by tracking memory objects are used to confirm and classify the static memory leak warnings. In particular, the major contributions of this paper are as follows:1. Propose and give a formal description on our criterion to classify static memory leak warnings. Basically, warnings are classified into four categories:MUST-LEAK, LIKELY-NOT-LEAK, BLOAT, and MAY-LEAK. Warnings in MUST-LEAK reveal the fact that some memory objects are not released. Warnings in LIKELY-NOT-LEAK are highly likely to be false warnings. Although we cannot provide any formal guar-antee that they are not leaks, we have high confidence that this is the case. Warnings in BLOAT are also not likely to be leaks but they should be fixed to improve perfor-mance. Using our approach, the developer’s manual validation effort needs to be focused mainly on warnings in the category MAY-LEAK, which is often much smaller than the original set.2. Based on the validation and classification criterion, we propose the framework of dynamically validating static memory leak warnings. The framework consists of several components -formatting static leak warnings, preprocessing warnings and pro-grams, generating test cases, runtime tracking and classification, etc. We also propose the SymVal approach based on symbolic execution and the ConcVal approach based on concolic execution, which are both instantiation of the aforementioned framework. We further exploit the path fragment to direct the concolic testing engine, optimizing the test generation algorithm in ConcVal approach. After that, we describe in detail the tracking and updating operation on memory objects, and discuss how these operations affect the result of classification.3. Implement the SymVal and ConcVal approach to validate static leak warnings and evaluate the technique on a set of programs. We assess the precision and perfor-mance of the classification on 10 programs to discuss the effectiveness of our validation approach. A case study on texinfo is also carried out to understand the scalability and practicability of our validation approach.