Hastings Hastings

Purify: Fast Detection of Memory Leaks and Access

Errors

OverviewOverview

IntroductionIntroduction Memory Access Errors and DetectionMemory Access Errors and Detection Object Code InsertionObject Code Insertion Memory Leaks and DetectionMemory Leaks and Detection Previous WorkPrevious Work

Malloc DebugMalloc Debug Mprof Mprof

MeasurementsMeasurements Link/ Purify and LinkLink/ Purify and Link

ConclusionConclusion

IntroductionIntroduction

A single memory access error can A single memory access error can crash a programcrash a program

Almost impossible to find all errorsAlmost impossible to find all errors Errors not always found in testingErrors not always found in testing When a problem is scene very hard When a problem is scene very hard

to track downto track down

IntroductionIntroduction

Memory leak is when memory is no Memory leak is when memory is no longer used by a program but is not longer used by a program but is not freedfreed

Can cause a system to run out of Can cause a system to run out of paged memorypaged memory

Very hard to fix when foundVery hard to fix when found Purify is a tool that can help find and Purify is a tool that can help find and

fix these types of errorsfix these types of errors

Memory Access ErrorsMemory Access Errors

Some errors can be found statically, Some errors can be found statically, some at run-time, and others by the some at run-time, and others by the programmerprogrammer

Purify finds these errors at run-timePurify finds these errors at run-time Purify finds the errors where they Purify finds the errors where they

occur occur Still need to have testing but makes Still need to have testing but makes

testing more effectivetesting more effective

Detecting Memory Access ErrorsDetecting Memory Access Errors

Purify tracks every memory accessPurify tracks every memory access When an error occurs a message is When an error occurs a message is

printedprinted Purify puts a function call before Purify puts a function call before

each load and storeeach load and store Function calls maintain a bit table that Function calls maintain a bit table that

keeps track each memory bytekeeps track each memory byte Has 3 possible statesHas 3 possible states Uses 2 bits to represent thisUses 2 bits to represent this

Detecting Memory Access ErrorsDetecting Memory Access Errors

Unallocated

(unwriteable and unreadable)

Allocated and unititialized

(writeable, but unreadable)

Allocated and initialized

(readable and writeable)

allocated deallocat

e

initialize

deallocate

Detecting Memory Access ErrorsDetecting Memory Access Errors

An error is generated when memory An error is generated when memory is not in the correct stateis not in the correct state

Uses a “red-zone” on arraysUses a “red-zone” on arrays Memory has to “age” before reusedMemory has to “age” before reused Byte-level state codes find more Byte-level state codes find more

errors than using lesserrors than using less Another option is to store the state Another option is to store the state

information directlyinformation directly

Object Code InsertionObject Code Insertion

Purify uses object code insertion for Purify uses object code insertion for checking logicchecking logic

Insertions can be done before or Insertions can be done before or after linkingafter linking

Purify reads object files and then Purify reads object files and then adds error checking instructionsadds error checking instructions

Object Code InsertionObject Code InsertionCompiling Purifying Linking

cc

C++

Purify ld

Ul.c

Class.c

Ul.c

Class.o

Libc.a

Ul.c

Class.oLibc.a

a.out

Object Code InsertionObject Code Insertion

Advantages of object code insertionAdvantages of object code insertion Setup performanceSetup performance ConvenienceConvenience Multi-language supportMulti-language support CompletenessCompleteness

DisadvantageDisadvantage It is instruction-set dependent and It is instruction-set dependent and

somewhat operating system dependentsomewhat operating system dependent

Memory LeaksMemory Leaks

Harder to detect than memory Harder to detect than memory access errorsaccess errors

One symptom is that the address of One symptom is that the address of a process goes up a process goes up

Problems with this Problems with this Does not rule out if enough heap Does not rule out if enough heap

memory is allocatedmemory is allocated Very time consumingVery time consuming

Memory LeaksMemory Leaks

Two ways to find memory leaks Two ways to find memory leaks without Prufiywithout Prufiy Shrink the test code bit by bit until the Shrink the test code bit by bit until the

address space stays constantaddress space stays constant Modify Malloc and free to record Modify Malloc and free to record

argumentsarguments Since it is so hard to find memory Since it is so hard to find memory

leaks sometimes they are toleratedleaks sometimes they are tolerated

Detecting Memory LeaksDetecting Memory Leaks

A memory leak is when allocated A memory leak is when allocated memory is no longer usedmemory is no longer used

One way of detecting memory leaks One way of detecting memory leaks is with a garbage collectoris with a garbage collector Garbage detectorGarbage detector Garbage reclaimerGarbage reclaimer

Purify uses a callable garbage Purify uses a callable garbage collectorcollector The algorithm used is close to the The algorithm used is close to the

conventional mark and sweepconventional mark and sweep

Detecting Memory LeaksDetecting Memory Leaks

Purify uses the garbage collect at Purify uses the garbage collect at developmentdevelopment

It seperates heap chunks into 3 It seperates heap chunks into 3 groupsgroups Almost certainly garbageAlmost certainly garbage Potentially garbagePotentially garbage Probably not garbageProbably not garbage

Previous WorkPrevious Work

In C code there is a problem In C code there is a problem managing the memorymanaging the memory

Has been several attempts to solve Has been several attempts to solve this problemthis problem

According to the paper there have According to the paper there have been no solutions that addressed been no solutions that addressed memory leaks and memory access memory leaks and memory access errorserrors

Malloc DebugMalloc Debug

Is the most used tool for finding Is the most used tool for finding memory access errorsmemory access errors

Have several levels for error checking Have several levels for error checking and memory markingand memory marking

Useful for finding errors because of Useful for finding errors because of writing past the end of an array or heapwriting past the end of an array or heap

Only find the error after the factOnly find the error after the fact Doesn’t provide any memory leak Doesn’t provide any memory leak

informationinformation

MprofMprof

Gives programmers information on C Gives programmers information on C program’s dynamic memory usageprogram’s dynamic memory usage

Does not provide memory access Does not provide memory access checkingchecking

Only gives memory usage on global Only gives memory usage on global program not sectionsprogram not sections

Gives a “memory leak table” it shows Gives a “memory leak table” it shows memory used but not freedmemory used but not freed

MeasurementsMeasurements

The overhead added because of Purify The overhead added because of Purify is dependant on the density of is dependant on the density of memory accessmemory access

Here is a comparison of a program Here is a comparison of a program that does nothing but copy memory that does nothing but copy memory has an has an overhead factor of 5.5 over the optimized overhead factor of 5.5 over the optimized

C code.C code. 3.2 factor slowdown when compiled for 3.2 factor slowdown when compiled for

debuggingdebugging Factor of 300 slowdown when compared Factor of 300 slowdown when compared

to a C interpreterto a C interpreter

Link/Purify and LinkLink/Purify and Link

Requires extra run-time overhead for Requires extra run-time overhead for checking memory before each functionschecking memory before each functions

A.out size is increased because of function A.out size is increased because of function calls before every store and loadcalls before every store and load

Extra heap size is increased because of Extra heap size is increased because of red-zones around every heap.red-zones around every heap.

Increase in overhead because of the Purify Increase in overhead because of the Purify process and extra demands on the linkerprocess and extra demands on the linker

ConclusionConclusion Purify provides memory access Purify provides memory access

checking and memory leak detectionchecking and memory leak detection Purify is fast so can be used during Purify is fast so can be used during

entire development processentire development process Purify should be used in conjunction Purify should be used in conjunction

with test suiteswith test suites Purify is the safety net that C and C+Purify is the safety net that C and C+

+ need+ need

Questions ?