{"title":"在Linux内核中使用错误码分析检测结构成员相关的内存泄漏","authors":"Keita Suzuki, Takafumi Kubota, K. Kono","doi":"10.1109/ISSREW51248.2020.00097","DOIUrl":null,"url":null,"abstract":"Struct member-related memory leak can become a serious problem. Linux kernel is not an exception. According to our study of Linux Kernel patches, 54.6% of all memory leak-related patches within the last two years were related to the leak of struct members. This occurs when a struct is freed before freeing its dynamically allocated struct members. Detecting these bugs in large-scale software requires to reduce analysis cost for scalability and effectively collect the state of a struct and its members.In this paper, we present a simple static-analysis approach to detect struct member-related memory leak in the Linux Kernel. Our analysis first collects alloc/free information by conducting a path-insensitive analysis. To efficiently conduct inter-procedural analysis, we introduce error-code analysis, which is an optimization to efficiently pass back the alloc/free information by focusing on the return value of callee and its use in the caller. When detecting a struct free, we scan through the collected information to detect any member that remains unfreed, and generate warnings to them. We evaluated our method by analyzing the Linux Kernel 5.3-rc4, and found two new bugs. Both of the bugs were reviewed and confirmed by Linux Kernel developers.","PeriodicalId":202247,"journal":{"name":"2020 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW)","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2020-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Detecting Struct Member-Related Memory Leaks Using Error Code Analysis in Linux Kernel\",\"authors\":\"Keita Suzuki, Takafumi Kubota, K. Kono\",\"doi\":\"10.1109/ISSREW51248.2020.00097\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Struct member-related memory leak can become a serious problem. Linux kernel is not an exception. According to our study of Linux Kernel patches, 54.6% of all memory leak-related patches within the last two years were related to the leak of struct members. This occurs when a struct is freed before freeing its dynamically allocated struct members. Detecting these bugs in large-scale software requires to reduce analysis cost for scalability and effectively collect the state of a struct and its members.In this paper, we present a simple static-analysis approach to detect struct member-related memory leak in the Linux Kernel. Our analysis first collects alloc/free information by conducting a path-insensitive analysis. To efficiently conduct inter-procedural analysis, we introduce error-code analysis, which is an optimization to efficiently pass back the alloc/free information by focusing on the return value of callee and its use in the caller. When detecting a struct free, we scan through the collected information to detect any member that remains unfreed, and generate warnings to them. We evaluated our method by analyzing the Linux Kernel 5.3-rc4, and found two new bugs. Both of the bugs were reviewed and confirmed by Linux Kernel developers.\",\"PeriodicalId\":202247,\"journal\":{\"name\":\"2020 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW)\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2020-10-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2020 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ISSREW51248.2020.00097\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2020 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ISSREW51248.2020.00097","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Detecting Struct Member-Related Memory Leaks Using Error Code Analysis in Linux Kernel
Struct member-related memory leak can become a serious problem. Linux kernel is not an exception. According to our study of Linux Kernel patches, 54.6% of all memory leak-related patches within the last two years were related to the leak of struct members. This occurs when a struct is freed before freeing its dynamically allocated struct members. Detecting these bugs in large-scale software requires to reduce analysis cost for scalability and effectively collect the state of a struct and its members.In this paper, we present a simple static-analysis approach to detect struct member-related memory leak in the Linux Kernel. Our analysis first collects alloc/free information by conducting a path-insensitive analysis. To efficiently conduct inter-procedural analysis, we introduce error-code analysis, which is an optimization to efficiently pass back the alloc/free information by focusing on the return value of callee and its use in the caller. When detecting a struct free, we scan through the collected information to detect any member that remains unfreed, and generate warnings to them. We evaluated our method by analyzing the Linux Kernel 5.3-rc4, and found two new bugs. Both of the bugs were reviewed and confirmed by Linux Kernel developers.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
