hastings purify: fast detection of memory leaks and access errors
TRANSCRIPT
OverviewOverview
IntroductionIntroduction Memory Access Errors and DetectionMemory Access Errors and Detection Object Code InsertionObject Code Insertion Memory Leaks and DetectionMemory Leaks and Detection Previous WorkPrevious Work
Malloc DebugMalloc Debug Mprof Mprof
MeasurementsMeasurements Link/ Purify and LinkLink/ Purify and Link
ConclusionConclusion
IntroductionIntroduction
A single memory access error can A single memory access error can crash a programcrash a program
Almost impossible to find all errorsAlmost impossible to find all errors Errors not always found in testingErrors not always found in testing When a problem is scene very hard When a problem is scene very hard
to track downto track down
IntroductionIntroduction
Memory leak is when memory is no Memory leak is when memory is no longer used by a program but is not longer used by a program but is not freedfreed
Can cause a system to run out of Can cause a system to run out of paged memorypaged memory
Very hard to fix when foundVery hard to fix when found Purify is a tool that can help find and Purify is a tool that can help find and
fix these types of errorsfix these types of errors
Memory Access ErrorsMemory Access Errors
Some errors can be found statically, Some errors can be found statically, some at run-time, and others by the some at run-time, and others by the programmerprogrammer
Purify finds these errors at run-timePurify finds these errors at run-time Purify finds the errors where they Purify finds the errors where they
occur occur Still need to have testing but makes Still need to have testing but makes
testing more effectivetesting more effective
Detecting Memory Access ErrorsDetecting Memory Access Errors
Purify tracks every memory accessPurify tracks every memory access When an error occurs a message is When an error occurs a message is
printedprinted Purify puts a function call before Purify puts a function call before
each load and storeeach load and store Function calls maintain a bit table that Function calls maintain a bit table that
keeps track each memory bytekeeps track each memory byte Has 3 possible statesHas 3 possible states Uses 2 bits to represent thisUses 2 bits to represent this
Detecting Memory Access ErrorsDetecting Memory Access Errors
Unallocated
(unwriteable and unreadable)
Allocated and unititialized
(writeable, but unreadable)
Allocated and initialized
(readable and writeable)
allocated deallocat
e
initialize
deallocate
Detecting Memory Access ErrorsDetecting Memory Access Errors
An error is generated when memory An error is generated when memory is not in the correct stateis not in the correct state
Uses a “red-zone” on arraysUses a “red-zone” on arrays Memory has to “age” before reusedMemory has to “age” before reused Byte-level state codes find more Byte-level state codes find more
errors than using lesserrors than using less Another option is to store the state Another option is to store the state
information directlyinformation directly
Object Code InsertionObject Code Insertion
Purify uses object code insertion for Purify uses object code insertion for checking logicchecking logic
Insertions can be done before or Insertions can be done before or after linkingafter linking
Purify reads object files and then Purify reads object files and then adds error checking instructionsadds error checking instructions
Object Code InsertionObject Code InsertionCompiling Purifying Linking
cc
C++
Purify ld
Ul.c
Class.c
Ul.c
Class.o
Libc.a
Ul.c
Class.oLibc.a
a.out
Object Code InsertionObject Code Insertion
Advantages of object code insertionAdvantages of object code insertion Setup performanceSetup performance ConvenienceConvenience Multi-language supportMulti-language support CompletenessCompleteness
DisadvantageDisadvantage It is instruction-set dependent and It is instruction-set dependent and
somewhat operating system dependentsomewhat operating system dependent
Memory LeaksMemory Leaks
Harder to detect than memory Harder to detect than memory access errorsaccess errors
One symptom is that the address of One symptom is that the address of a process goes up a process goes up
Problems with this Problems with this Does not rule out if enough heap Does not rule out if enough heap
memory is allocatedmemory is allocated Very time consumingVery time consuming
Memory LeaksMemory Leaks
Two ways to find memory leaks Two ways to find memory leaks without Prufiywithout Prufiy Shrink the test code bit by bit until the Shrink the test code bit by bit until the
address space stays constantaddress space stays constant Modify Malloc and free to record Modify Malloc and free to record
argumentsarguments Since it is so hard to find memory Since it is so hard to find memory
leaks sometimes they are toleratedleaks sometimes they are tolerated
Detecting Memory LeaksDetecting Memory Leaks
A memory leak is when allocated A memory leak is when allocated memory is no longer usedmemory is no longer used
One way of detecting memory leaks One way of detecting memory leaks is with a garbage collectoris with a garbage collector Garbage detectorGarbage detector Garbage reclaimerGarbage reclaimer
Purify uses a callable garbage Purify uses a callable garbage collectorcollector The algorithm used is close to the The algorithm used is close to the
conventional mark and sweepconventional mark and sweep
Detecting Memory LeaksDetecting Memory Leaks
Purify uses the garbage collect at Purify uses the garbage collect at developmentdevelopment
It seperates heap chunks into 3 It seperates heap chunks into 3 groupsgroups Almost certainly garbageAlmost certainly garbage Potentially garbagePotentially garbage Probably not garbageProbably not garbage
Previous WorkPrevious Work
In C code there is a problem In C code there is a problem managing the memorymanaging the memory
Has been several attempts to solve Has been several attempts to solve this problemthis problem
According to the paper there have According to the paper there have been no solutions that addressed been no solutions that addressed memory leaks and memory access memory leaks and memory access errorserrors
Malloc DebugMalloc Debug
Is the most used tool for finding Is the most used tool for finding memory access errorsmemory access errors
Have several levels for error checking Have several levels for error checking and memory markingand memory marking
Useful for finding errors because of Useful for finding errors because of writing past the end of an array or heapwriting past the end of an array or heap
Only find the error after the factOnly find the error after the fact Doesn’t provide any memory leak Doesn’t provide any memory leak
informationinformation
MprofMprof
Gives programmers information on C Gives programmers information on C program’s dynamic memory usageprogram’s dynamic memory usage
Does not provide memory access Does not provide memory access checkingchecking
Only gives memory usage on global Only gives memory usage on global program not sectionsprogram not sections
Gives a “memory leak table” it shows Gives a “memory leak table” it shows memory used but not freedmemory used but not freed
MeasurementsMeasurements
The overhead added because of Purify The overhead added because of Purify is dependant on the density of is dependant on the density of memory accessmemory access
Here is a comparison of a program Here is a comparison of a program that does nothing but copy memory that does nothing but copy memory has an has an overhead factor of 5.5 over the optimized overhead factor of 5.5 over the optimized
C code.C code. 3.2 factor slowdown when compiled for 3.2 factor slowdown when compiled for
debuggingdebugging Factor of 300 slowdown when compared Factor of 300 slowdown when compared
to a C interpreterto a C interpreter
Link/Purify and LinkLink/Purify and Link
Requires extra run-time overhead for Requires extra run-time overhead for checking memory before each functionschecking memory before each functions
A.out size is increased because of function A.out size is increased because of function calls before every store and loadcalls before every store and load
Extra heap size is increased because of Extra heap size is increased because of red-zones around every heap.red-zones around every heap.
Increase in overhead because of the Purify Increase in overhead because of the Purify process and extra demands on the linkerprocess and extra demands on the linker
ConclusionConclusion Purify provides memory access Purify provides memory access
checking and memory leak detectionchecking and memory leak detection Purify is fast so can be used during Purify is fast so can be used during
entire development processentire development process Purify should be used in conjunction Purify should be used in conjunction
with test suiteswith test suites Purify is the safety net that C and C+Purify is the safety net that C and C+
+ need+ need
Questions ?