Memory Leak Detection Based on Memory State Transition Graph

Memory leak is a common type of defect that is hard to detect manually. Existing memory leak detection tools suffer from lack of precise interprocedural alias and path conditions. To address this problem, we present a static interprocedural analysis algorithm, which captures memory actions and path conditions precisely, to detect memory leak in C programs. Our algorithm uses path-sensitive symbolic execution to track the memory actions in different program paths guarded by path conditions. A novel analysis model called Memory State Transition Graph (MSTG) is proposed to describe the tracking process and its results. An MSTG is generated from a procedure. Nodes in an MSTG contain states of memory objects which record the function behaviors precisely. Edges in anMSTG are annotated with path conditions collected by symbolic execution. The path conditions are checked for satisfiability to reduce the number of false alarms and the path explosion. In order to do interprocedural analysis, our algorithm generates a summary for each procedure from the MSTG and applies the summary at the procedure's call sites. Our implemented tool has found several memory leak bugs in some open source programs and detected more bugs than other tools in some programs from the SPEC2000 benchmarks. In some cases, our tool produces many false positives, but most of them are caused by the same code patterns which are easy to check.