TY - GEN
T1 - Detecting Struct Member-Related Memory Leaks Using Error Code Analysis in Linux Kernel
AU - Suzuki, Keita
AU - Kubota, Takafumi
AU - Kono, Kenji
N1 - Funding Information:
This work was supported by JST CREST Grant Number JPMJCR19F3, Japan.
Publisher Copyright:
© 2020 IEEE.
PY - 2020/10
Y1 - 2020/10
N2 - Struct member-related memory leak can become a serious problem. Linux kernel is not an exception. According to our study of Linux Kernel patches, 54.6% of all memory leak-related patches within the last two years were related to the leak of struct members. This occurs when a struct is freed before freeing its dynamically allocated struct members. Detecting these bugs in large-scale software requires to reduce analysis cost for scalability and effectively collect the state of a struct and its members.In this paper, we present a simple static-analysis approach to detect struct member-related memory leak in the Linux Kernel. Our analysis first collects alloc/free information by conducting a path-insensitive analysis. To efficiently conduct inter-procedural analysis, we introduce error-code analysis, which is an optimization to efficiently pass back the alloc/free information by focusing on the return value of callee and its use in the caller. When detecting a struct free, we scan through the collected information to detect any member that remains unfreed, and generate warnings to them. We evaluated our method by analyzing the Linux Kernel 5.3-rc4, and found two new bugs. Both of the bugs were reviewed and confirmed by Linux Kernel developers.
AB - Struct member-related memory leak can become a serious problem. Linux kernel is not an exception. According to our study of Linux Kernel patches, 54.6% of all memory leak-related patches within the last two years were related to the leak of struct members. This occurs when a struct is freed before freeing its dynamically allocated struct members. Detecting these bugs in large-scale software requires to reduce analysis cost for scalability and effectively collect the state of a struct and its members.In this paper, we present a simple static-analysis approach to detect struct member-related memory leak in the Linux Kernel. Our analysis first collects alloc/free information by conducting a path-insensitive analysis. To efficiently conduct inter-procedural analysis, we introduce error-code analysis, which is an optimization to efficiently pass back the alloc/free information by focusing on the return value of callee and its use in the caller. When detecting a struct free, we scan through the collected information to detect any member that remains unfreed, and generate warnings to them. We evaluated our method by analyzing the Linux Kernel 5.3-rc4, and found two new bugs. Both of the bugs were reviewed and confirmed by Linux Kernel developers.
KW - Bug Detection
KW - Memory Leak
KW - Static Analysis
UR - http://www.scopus.com/inward/record.url?scp=85099826943&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85099826943&partnerID=8YFLogxK
U2 - 10.1109/ISSREW51248.2020.00097
DO - 10.1109/ISSREW51248.2020.00097
M3 - Conference contribution
AN - SCOPUS:85099826943
T3 - Proceedings - 2020 IEEE 31st International Symposium on Software Reliability Engineering Workshops, ISSREW 2020
SP - 329
EP - 335
BT - Proceedings - 2020 IEEE 31st International Symposium on Software Reliability Engineering Workshops, ISSREW 2020
A2 - Vieira, Marco
A2 - Madeira, Henrique
A2 - Antunes, Nuno
A2 - Zheng, Zheng
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 31st IEEE International Symposium on Software Reliability Engineering Workshops, ISSREW 2020
Y2 - 12 October 2020 through 15 October 2020
ER -