摘要
资源泄漏是影响软件质量和可靠性的一种重要软件缺陷,存在资源泄漏的程序长时间运行会由于资源耗尽而发生异常甚至崩溃.静态代码分析是进行资源泄漏检测的一种有效的技术手段,能够基于源代码或者二进制代码有效地发现程序中潜在的资源泄漏问题.然而,精确的资源泄漏检测算法的复杂性会随着程序规模的增加呈指数级增长,无法满足生产中即时对缺陷进行分析检测的实际应用需求.面向大规模源代码提出了一种增量式的静态资源泄漏检测方法,该方法支持过程间流敏感的资源泄漏检测,在用户编辑代码的过程中,从变更的函数入手,通过资源闭包、指向分析过滤等多种技术手段缩小资源泄漏检测范围,进而实现了大规模代码的即时缺陷分析与报告.实验结果表明:该方法在保证准确率的前提下,90%的增量检测实验可以在10s内完成,能够满足在用户编辑程序过程中对缺陷进行即时检测和报告的实际应用需求.
Resource leak is an important software defect that affects the quality and reliability of software and may cause program abnormality or even system crash. Static analysis is an effective defect detection method which can identify potential resource leaks in source code or executable binary. However, as the scale of programs increases, the complexity of accurate resource leak detection rises exponentially, thereby making it difficult to meet the demand of just-in-time defect detection for large practical applications. In this paper, an incremental static resource leak detection algorithm is proposed for large-scale source code projects. The algorithm supports inter-procedural flow sensitive resource leak detection that allows developers to observe the impact of their changes immediately. Starting from the modified functions, this approach narrows down the scope of resource leak detection by generating method closures and performing points-to analysis to analyze hundreds of thousands of lines of source code in seconds. Experimental results show that the algorithm completes defect detection within 10s with a high accuracy on more than 90% of the tests, which makes it possible for just-in-time resource leak detection for practical applications.
作者
高志伟
计卫星
石剑君
王一拙
高玉金
廖心怡
罗辉
石峰
GAO Zhi-Wei, JI Wei-Xing, SHI Jian-Jun, WANG Yi-Zhuo, GAO Yu-Jin, LIAO Xin-Yi, LUO Hui, SHI Feng(School of Computer Science and Technology, Beijing Institute of Technology, Beijing 100081, Chin)
出处
《软件学报》
EI
CSCD
北大核心
2018年第5期1244-1257,共14页
Journal of Software
基金
国家自然科学基金(61300010)
国家重点研发计划(2016YFB1000801)~~
关键词
质量保障
缺陷检测
资源泄漏
指向分析
数据流分析
quality assurance
defect detection
resource leak
points-to analysis
data flow analysis