IEEE Access (Jan 2024)

Combining Static Analysis With Directed Symbolic Execution for Scalable and Accurate Memory Leak Detection

  • Hayk Aslanyan,
  • Hovhannes Movsisyan,
  • Hripsime Hovhannisyan,
  • Zhora Gevorgyan,
  • Ruslan Mkoyan,
  • Arutyun Avetisyan,
  • Sevak Sargsyan

DOI
https://doi.org/10.1109/ACCESS.2024.3409838
Journal volume & issue
Vol. 12
pp. 80128 – 80137

Abstract

Read online

This article introduces a novel method for the precise and scalable detection of memory leaks comprising two primary stages. Initially, context-, flow-, and field-sensitive static analysis is used to identify potential memory leaks. This includes an annotation system that allows specifying key properties of functions. Therefore, they do not need to be reanalyzed every time they are called. It also allows manual annotation of important library or system functions, thus enhancing analysis quality. The static analysis is conducted in reverse topological order on the call graph, enabling the parallel processing of functions within the same level of hierarchy. Subsequently, directed symbolic execution provides path-sensitivity and effectively filters out false positives. This process is performed concurrently for each bug detected by static analysis. This two-stage approach aims to enhance the efficiency and precision of memory leak detection in industrial software. The proposed method was implemented in the MLH (Memory Leak Hunter) tool, which identified numerous bugs in the open-source software, including OpenSSL, FFmpeg, and Radare2. These bugs were reported and confirmed by the community, thereby proving the effectiveness of the developed method.

Keywords