我现在正在学习静态程序分析。研究数据流分析后,我想知道我们是否可以使用数据流分析来检测任何潜在的内存泄漏?
为了简化它,假设指令集如下:
-
-
p = alloc();分配一个内存块,并将其指针分配给 p 。
-
-
*p = v ;将标量(非分子)值写入位置p。 (请注意,值 v 是标量,即不是指针。)
-
-
v = *p ;上述指令的读取版(再次, v 不能是指针)。
-
-
free(p);划分 p 。 指向的内存块
我们可以将每个指令视为基本块。有2种内存泄漏的类型:
- 忘记
free(p)
...
p = alloc()
...
- 分配一个由
alloc()返回的值 p 不是null的
...
p = alloc();
...
p = alloc();
...
我认为该分析应该是向前的,因此数据流分析的一般方法是将传输函数定义为
首先,我认为<<<<<<<代码> gen 函数应仅设置 alloc 指令为1,而杀死功能是在指令为 free(p)时工作将地址分配给 p 为0的说明。但是我认为这找不到类型2的内存泄漏。有什么帮助吗?
I'm now learning static program analysis. After studying Dataflow analysis, I wonder if we can use dataflow analysis to detect any potential memory leaks?
To make it easy, suppose the instruction set are as below:
-
p = alloc(); allocate a block of memory and assign its pointer to p.
-
*p = v; write the scalar (non-pointer) value v to the location p. (Note that the value v is scalar, i.e. not a pointer.)
-
v = *p; the read version of the above instruction (again, v couldn’t be a pointer).
-
free(p); deallocate the block of memory pointed to by p.
We may treat each instruction as a basic block.There are 2 type of memory leak:
- forget
free(p)
...
p = alloc()
...
- assign a value returned by
alloc() to p which is not null
...
p = alloc();
...
p = alloc();
...
I think this analysis should be forward, so the general approach for dataflow analysis is to define a transfer function as &space;=&space;Gen_b&space;&space;%5Cbigcup&space;(x&space;-&space;Kill_b))
First, I think the Gen function should just be set the alloc instruction to 1, and the kill function is to work when the instruction is free(p) and set all instructions that assign an address to p to 0. But I think this cannot find the memory leak of type 2. Any help?
发布评论