Bugs in Deployed Software

Similar documents
Probabilistic Calling Context

Acknowledgements These slides are based on Kathryn McKinley s slides on garbage collection as well as E Christopher Lewis s slides

Exploiting the Behavior of Generational Garbage Collector

Garbage Collection (1)

I J C S I E International Science Press

Complex, concurrent software. Precision (no false positives) Find real bugs in real executions

Run-time Environments -Part 3

Towards Parallel, Scalable VM Services

Tolerating Memory Leaks

Efficient Runtime Tracking of Allocation Sites in Java

GC Assertions: Using the Garbage Collector to Check Heap Properties

Managed runtimes & garbage collection. CSE 6341 Some slides by Kathryn McKinley

Runtime. The optimized program is ready to run What sorts of facilities are available at runtime

Managed runtimes & garbage collection

Garbage Collection. Weiyuan Li

Older-First Garbage Collection in Practice: Evaluation in a Java Virtual Machine

Dynamic Storage Allocation

Cycle Tracing. Presented by: Siddharth Tiwary

Automatic Memory Management

Garbage Collection Algorithms. Ganesh Bikshandi

Pause-Less GC for Improving Java Responsiveness. Charlie Gracie IBM Senior Software charliegracie

Efficient Context Sensitivity for Dynamic Analyses via Calling Context Uptrees and Customized Memory Management

Book keeping. Will post HW5 tonight. OK to work in pairs. Midterm review next Wednesday

Dynamic Memory Allocation: Advanced Concepts

Free-Me: A Static Analysis for Automatic Individual Object Reclamation

Dynamic Memory Allocation

Advanced Programming & C++ Language

Compiler Construction

Lecture 15 Garbage Collection

Program Calling Context. Motivation

Hard Real-Time Garbage Collection in Java Virtual Machines

Garbage Collection. Steven R. Bagley

How s the Parallel Computing Revolution Going? Towards Parallel, Scalable VM Services

Leak Pruning. 1. Introduction. Abstract. Department of Computer Sciences The University of Texas at Austin

PERFBLOWER: Quickly Detecting Memory-Related Performance Problems via Amplification

A program execution is memory safe so long as memory access errors never occur:

Automatic Garbage Collection

Hybrid Static-Dynamic Analysis for Statically Bounded Region Serializability

Systems software design. Software build configurations; Debugging, profiling & Quality Assurance tools

One-Slide Summary. Lecture Outine. Automatic Memory Management #1. Why Automatic Memory Management? Garbage Collection.

Compiler Construction

FastTrack: Efficient and Precise Dynamic Race Detection (+ identifying destructive races)

Agenda. CSE P 501 Compilers. Java Implementation Overview. JVM Architecture. JVM Runtime Data Areas (1) JVM Data Types. CSE P 501 Su04 T-1

Garbage Collection (2) Advanced Operating Systems Lecture 9

18-642: Code Style for Compilers

MEMORY MANAGEMENT HEAP, STACK AND GARBAGE COLLECTION

Ulterior Reference Counting: Fast Garbage Collection without a Long Wait

Oracle Developer Studio Code Analyzer

Legato: Bounded Region Serializability Using Commodity Hardware Transactional Memory. Aritra Sengupta Man Cao Michael D. Bond and Milind Kulkarni

Garbage Collection Techniques

Simple Overflow. #include <stdio.h> int main(void){ unsigned int num = 0xffffffff;

ACM Trivia Bowl. Thursday April 3 rd (two days from now) 7pm OLS 001 Snacks and drinks provided All are welcome! I will be there.

Myths and Realities: The Performance Impact of Garbage Collection

Verifying a Concurrent Garbage Collector using a Rely-Guarantee Methodology

HeapMD: Identifying Heap-based Bugs using Anomaly Detection

Programming Language Implementation

Adaptive Optimization using Hardware Performance Monitors. Master Thesis by Mathias Payer

Garbage Collection. Akim D le, Etienne Renault, Roland Levillain. May 15, CCMP2 Garbage Collection May 15, / 35

Opera&ng Systems CMPSCI 377 Garbage Collec&on. Emery Berger and Mark Corner University of Massachuse9s Amherst

Causes of Software Failures

Dynamic Memory Allocation II October 22, 2008

Dynamic Memory Alloca/on: Advanced Concepts

Method-Level Phase Behavior in Java Workloads

SoK: Eternal War in Memory

Program Analysis. Uday Khedker. ( uday) Department of Computer Science and Engineering, Indian Institute of Technology, Bombay

Vertical Profiling: Understanding the Behavior of Object-Oriented Applications

Run-time Environments - 3

Name, Scope, and Binding. Outline [1]

Quantifying the Performance of Garbage Collection vs. Explicit Memory Management

Greater complexity & reliance

Rethinking the Memory Hierarchy for Modern Languages. Po-An Tsai, Yee Ling Gan, and Daniel Sanchez

Motivation for Dynamic Memory. Dynamic Memory Allocation. Stack Organization. Stack Discussion. Questions answered in this lecture:

Performance of Non-Moving Garbage Collectors. Hans-J. Boehm HP Labs

TI2725-C, C programming lab, course

CS527 Software Security

Software Security II: Memory Errors - Attacks & Defenses

Implementation Garbage Collection

Honours/Master/PhD Thesis Projects Supervised by Dr. Yulei Sui

Static Analysis and Bugfinding

Towards Garbage Collection Modeling

CS61C : Machine Structures

CS-527 Software Security

Write Barrier Removal by Static Analysis

Memory Leak Detection with Context Awareness

6.172 Performance Engineering of Software Systems Spring Lecture 9. P after. Figure 1: A diagram of the stack (Image by MIT OpenCourseWare.

CMSC 330: Organization of Programming Languages

Lightweight Data Race Detection for Production Runs

<Insert Picture Here>

Glacier: A Garbage Collection Simulation System

Plug: Automatically Tolerating Memory Leaks in C and C++ Applications

CS 345. Garbage Collection. Vitaly Shmatikov. slide 1

A new Mono GC. Paolo Molaro October 25, 2006

CSE P 501 Compilers. Memory Management and Garbage Collec<on Hal Perkins Winter UW CSE P 501 Winter 2016 W-1

The Z Garbage Collector Low Latency GC for OpenJDK

Phase-based Adaptive Recompilation in a JVM

Robust Memory Management Schemes

A Novel Approach to Explain the Detection of Memory Errors and Execution on Different Application Using Dr Memory.

CMSC 330: Organization of Programming Languages

Short-term Memory for Self-collecting Mutators. Martin Aigner, Andreas Haas, Christoph Kirsch, Ana Sokolova Universität Salzburg

Memory Allocation III

Transcription:

Bell: Bit-Encoding Online Memory Leak Detection Michael D. Bond Kathryn S. McKinley University of Texas at Austin Bugs in Deployed Software Humans rely on software for critical tasks Bugs are costly & risky Software more complex More bugs & harder to fix 1

Bugs in Deployed Software Humans rely on software for critical tasks Bugs are costly & risky Software more complex More bugs & harder to fix Bugs are a problem in deployed software In-house testing incomplete Performance is critical Focus on space overhead Why do bug tools want so much space? Store lots of info about the program Correlate program locations (sites) & data Ex: DirectedGraph.java:309 Tag each object with one or more sites Alloc site Last-use site Header Field 1 Field 2 Field 3 2

Why do bug tools want so much space? Store lots of info about the program Correlate program locations (sites) & data Ex: DirectedGraph.java:309 Tag each object with one or more sites Alloc site Last-use site Header Field 1 Field 2 Field 3 Bug detection applications AVIO tracks last-use site of each object Leak detection reports leaking objects sites [JRockit,.NET Memory Profiler, Purify, SWAT, Valgrind] High space overhead if many small objects Why do bug tools want so much space? Store lots of info about the program Correlate program locations (sites) & data Ex: DirectedGraph.java:309 Tag each object with one or more sites Alloc site Last-use site Header Field 1 Field 2 Field 3 Bug detection applications AVIO tracks last-use site of each object Leak detection reports leaking objects sites SWAT: 75% space [JRockit,.NET Memory Profiler, Purify, SWAT, Valgrind] overhead on twolf High space overhead if many small objects 3

How many bits do we need? Site Header Field 1 Field 2 Field 3 How many bits do we need? Site Header Field 1 Field 2 Field 3 32 bits 4

How many bits do we need? Site Header Field 1 Field 2 Field 3 32 bits 20 bits if # sites < 1,000,000 10 bits for common case (hot sites) How many bits do we need? Site Header Field 1 Field 2 Field 3 32 bits 20 bits if # sites < 1,000,000 10 bits for common case (hot sites) 1 bit? 5

How many bits do we need? Site Header Field 1 Field 2 Field 3 32 bits 20 bits if # sites < 1,000,000 10 bits for common case (hot sites) 1 bit? One bit loses info about site How many bits do we need? 0 1 1 0 1? 1 0 1 0 1 bit? One bit loses info about site But with many objects 6

Bell: Bit-Encoding Leak Location 0 1 1 0 1 1 site 0 1 0 Stores per-object sites in single bit Reconstructs sites by looking at multiple objects bits Outline Introduction Memory leaks Bell encoding and decoding Leak detection using Bell Related work 7

Memory Leaks Memory bugs Memory corruption: dangling refs, buffer overflows Memory leaks Lost objects: unreachable but t freed Useless objects: reachable but t used again Memory Leaks Memory bugs Memory corruption: dangling refs, buffer overflows Memory leaks Lost objects: unreachable but t freed Useless objects: reachable but t used again Managed Languages 80% of new software in Java or C# by 2010 [Gartner] Type safety & GC eliminate many bugs 8

Memory Leaks Memory bugs Memory corruption: dangling refs, buffer overflows Memory leaks Lost objects: unreachable but t freed Useless objects: reachable but t used again Managed Languages 80% of new software in Java or C# by 2010 [Gartner] Type safety & GC eliminate many bugs Memory Leaks Leaks Memory occur bugs in practice in managed languages [Cork, Memory JRockit, corruption: JProbe, LeakBot, dangling.net refs, Memory buffer Profiler] overflows Memory leaks Lost objects: unreachable but t freed Useless objects: reachable but t used again Managed Languages 80% of new software in Java or C# by 2010 [Gartner] Type safety & GC eliminate many bugs 9

Outline Introduction Memory leaks Bell encoding and decoding Leak detection using Bell Related work Bell s Encoding Function f ( site, object ) = 0 or 1 10

Bell s Encoding Function f ( site, object ) = 0 or 1 Color indicates site (ex: allocation site) Bell s Encoding Function f ( site, object ) = 0 or 1 may match f ( site, object ) = 0 or 1 11

Bell s Encoding Function f ( site, object ) = 0 or 1 may match f ( site, object ) = 0 or 1 Probability of match is ½ unbiased function How do we find leaking sites? Problem: leaking objects with unkwn allocation sites 12

How do we find leaking sites? f ( site, object ) Solution: for each site, see how many objects it matches How do we find leaking sites? f ( site, object ) Site matches all objects it allocated 13

How do we find leaking sites? f ( site, object ) Site matches all objects it allocated Site matches ~50% objects it didn t allocate How do we find leaking sites? f ( site, object ) Site matches all objects it allocated matches allocobjs + ½ (leakingobjs - allocobjs) Site matches ~50% objects it didn t allocate 14

How do we find leaking sites? f ( site, object ) matches allocobjs + ½ (leakingobjs - allocobjs) allocobjs 2 x matches - leakingobjs How do we find leaking sites? f ( site, object ) matches allocobjs + ½ (leakingobjs - allocobjs) allocobjs 2 x matches 6 - leakingobjs 15

How do we find leaking sites? f ( site, object ) matches allocobjs + ½ (leakingobjs - allocobjs) allocobjs 2 x matches 6 - leakingobjs 9 How do we find leaking sites? f ( site, object ) matches allocobjs + ½ (leakingobjs - allocobjs) allocobjs 2 x matches 6-3 leakingobjs 9 16

Bell Decoding foreach possible site matches 0 foreach potentially leaking object if f ( site, object ) = object s site bit matches matches + 1 allocobjs = 2 x matches leakingobjs if allocobjs > threshold(leakingobjs) print site is the site for allocobjs objects Bell Decoding foreach possible site matches 0 foreach potentially leaking object if f ( site, object ) = object s site bit matches matches + 1 allocobjs = 2 x matches leakingobjs if allocobjs > threshold(leakingobjs) print site is the site for allocobjs objects 17

Bell Decoding foreach possible site matches 0 foreach potentially leaking object if f ( site, object ) = object s site bit matches matches + 1 allocobjs = 2 x matches leakingobjs if allocobjs > threshold(leakingobjs) print site is the site for allocobjs objects Bell Decoding foreach possible site matches 0 foreach potentially leaking object if f ( site, object ) = object s site bit matches matches + 1 allocobjs = 2 x matches leakingobjs if allocobjs > threshold(leakingobjs) print site is the site for allocobjs objects Threshold avoids reporting sites that allocated objects (false positives) 18

Bell Decoding foreach possible site matches 0 foreach potentially leaking object if f ( site, object ) = object s site bit matches matches + 1 (false positives) allocobjs = 2 x matches leakingobjs if allocobjs > threshold(leakingobjs) print site is the site for allocobjs objects Threshold avoids reporting sites that allocated objects Decoding misses sites that allocated few objects (false negatives) Bell Decoding foreach possible site matches 0 foreach potentially leaking where site is possible object if f ( site, object ) = object s site bit matches matches + 1 allocobjs = 2 x matches leakingobjs if allocobjs > threshold(leakingobjs) print site is the site for allocobjs objects Dynamic type check narrows possible objects 19

Outline Introduction Memory leaks Bell encoding and decoding Leak detection using Bell Related work Leak Detection using Bell Sleigh Bell encodes allocation and last-use sites Stale objects potential leaks [SWAT] Periodic decoding of highly stale objects 20

Leak Detection using Bell Sleigh Bell encodes allocation and last-use sites Stale objects potential leaks [SWAT] Periodic decoding of highly stale objects Implementation in Jikes RVM Find leaks in Eclipse and SPEC JBB2000 Leak Detection using Bell o.allocsite o.staleness 1 0 01 o.lastusesite 21

Leak Detection using Bell o.allocsite o.staleness 1 0 01 o.lastusesite No space overhead since four free bits in object header Maintaining Sleigh s Bits // Object allocation: s 1 : o = new MyObject(); o.allocsite o.staleness 1 0 01 o.lastusesite 22

Maintaining Sleigh s Bits // Object allocation: s 1 : o = new MyObject(); // Instrumentation: o.allocsite = f(s 1, o); o.allocsite o.staleness 1 0 01 o.lastusesite Maintaining Sleigh s Bits // Object allocation: s 1 : o = new MyObject(); // Instrumentation: o.allocsite = f(s 1, o); // Object use: s 2 : tmp = o.f; o.allocsite o.staleness 1 0 01 o.lastusesite 23

Maintaining Sleigh s Bits // Object allocation: s 1 : o = new MyObject(); // Instrumentation: o.allocsite = f(s 1, o); // Object use: s 2 : tmp = o.f; // Instrumentation: o.lastusesite = f(s 2, o); o.staleness = 0; o.allocsite o.staleness 1 0 01 o.lastusesite The Encoding Function // Object allocation: s 1 : o = new MyObject(); // Instrumentation: o.allocsite = f(s 1, o); // Object use: s 2 : tmp = o.f; // Instrumentation: o.lastusesite = f(s 2, o); o.staleness = 0; f ( site, object ) := bit 31 ( site х object ) 24

The Encoding Function // Object allocation: s 1 : o = new MyObject(); // Instrumentation: o.allocsite = f(s 1, o); // Object use: s 2 : tmp = o.f; // Instrumentation: o.lastusesite = f(s 2, o); o.staleness = 0; f ( site, object ) := bit 31 ( site х object х object ) Object Movement Restrictions // Object allocation: s 1 : o = new MyObject(); // Instrumentation: o.allocsite = f(s 1, o); // Object use: s 2 : tmp = o.f; // Instrumentation: o.lastusesite = f(s 2, o); o.staleness = 0; f ( site, object ) := bit 31 ( site х object х object ) Objects may t move (Mostly) n-moving collector Mark-sweep Generational mark-sweep C and C++ do t move objects 25

Sleigh s Time Overhead // Object allocation: s 1 : o = new MyObject(); // Instrumentation: o.allocsite = f(s 1, o); // Object use: s 2 : tmp = o.f; // Instrumentation: o.lastusesite = f(s 2, o); o.staleness = 0; f ( site, object ) := bit 31 ( site х object х object ) DaCapo [Blackburn et al. 06] SPEC JBB2000 SPEC JVM98 Sleigh s Time Overhead // Object allocation: s 1 : o = new MyObject(); // Instrumentation: o.allocsite = f(s 1, o); // Object use: s 2 : tmp = o.f; // Instrumentation: o.lastusesite = f(s 2, o); o.staleness = 0; f ( site, object ) := bit 31 ( site х object х object ) DaCapo [Blackburn et al. 06] SPEC JBB2000 SPEC JVM98 29% time overhead (11% with adaptive profiling) 26

Finding and Fixing Leaks Leaks in Eclipse and SPEC JBB2000 Finding and Fixing Leaks Leaks in Eclipse and SPEC JBB2000 Data structures leak 27

Finding and Fixing Leaks Leaks in Eclipse and SPEC JBB2000 Data structures leak Finding and Fixing Leaks Leaks in Eclipse and SPEC JBB2000 Data structures leak Most interesting: stale roots 28

Finding and Fixing Leaks Leaks in Eclipse and SPEC JBB2000 Data structures leak Most interesting: stale roots many Finding and Fixing Leaks Leaks in Eclipse and SPEC JBB2000 Data structures leak Most interesting: stale roots many few 29

Finding and Fixing Leaks Leaks in Eclipse and SPEC JBB2000 Data structures leak Most interesting: stale roots Need significant number of stale data structures Finding and Fixing Leaks Leaks in Eclipse and SPEC JBB2000 Data structures leak Most interesting: stale roots Sleigh s output directly useful for fixing leaks 30

Bell Decoding Again foreach possible site matches 0 foreach potentially leaking object where site is possible and object is root of stale data structure if f ( site, object ) = object s site bit matches matches + 1 allocobjs = 2 x matches leakingobjs if allocobjs > threshold(leakingobjs) print site is the site for allocobjs objects Consider roots of stale data structures only Related Work Leak detectors store per-object sites [JRockit,.NET Memory Profiler, Purify, SWAT, Valgrind] Sampling [Jump et al. 04] Trades accuracy for lower overhead (like Bell) Adds some overhead; requires conditional instrumentation No encoding or decoding Communication complexity & information theory 31

Summary 0 1 1 0 1 site 1 0 1 0 Bell encodes sites in a single bit and decodes sites using multiple objects bits Leak detection with low overhead Thank You Questions? 32

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback