SWAT Memory Leak Detection - PowerPoint PPT Presentation

1 / 49
About This Presentation
Title:

SWAT Memory Leak Detection

Description:

SWAT Memory Leak Detection – PowerPoint PPT presentation

Number of Views:201
Avg rating:3.0/5.0
Slides: 50
Provided by: matthi158
Category:
Tags: swat | detection | fx | leak | memory | network

less

Transcript and Presenter's Notes

Title: SWAT Memory Leak Detection


1
SWATMemory Leak Detection
  • Matthias Hauswirth

2
Agenda
  • Approaches to memory leak detection
  • SWAT infrastructure
  • Heap model
  • Staleness predicates
  • Leak analysis tool

3
Memory Leaks
alloc
free
access
object1
time
4
Memory Leaks
alloc
free
access
object1
alloc
access
object2
time
shutdown
5
Memory Leaks
alloc
free
access
object1
alloc
access
object2
alloc
access
object3
reachable
unreachable
time
shutdown
6
Approaches to Leak Detection
  • Survivors
  • Objects surviving until program termination
  • Unreachables
  • Objects unreachable at snapshot (GC)
  • Stales
  • Objects not recently accessed at snapshot (SWAT)

7
Survivors Guess
o5
-
o4
leak
o3
leak
o2
leak
o1
leak
time
startup
shutdown
8
Survivors Reality
o5
-
o4
leak ?
o3
leak
o2
leak
o1
leak ?
time
startup
shutdown
9
Unreachables Guess
o5
-
o4
alive
o3
leak
o2
alive
o1
-
time
startup
shutdown
snapshot
10
Unreachables Reality
o5
-
o4
alive
o3
leak
o2
alive ?
o1
-
time
startup
shutdown
snapshot
11
Stales (SWAT) Guess
o5
-
o4
alive
o3
leak
o2
leak
o1
-
time
startup
shutdown
snapshot
12
Stales (SWAT) Reality
o5
-
o4
alive
o3
leak
o2
leak
o1
-
time
startup
shutdown
snapshot
13
SWAT Infrastructure
winword.exe
instrument
settings
winword.swat.exe
source info
run
swatruntime.dll
snapshots
postprocess
statistics
view
14
Instrument
comp1
proc1
15
Bursty TracingDuplicate Basic Blocks
comp1
proc1
profproc1
16
Bursty TracingInsert Dispatch Checks
comp1
proc1
profproc1
17
InstrumentationPatch Allocations Frees
comp1
swatruntime.dll
xalloc
XallocWrapper
18
InstrumentationInstrument Loads Stores
comp1
proc1
profproc1
swatruntime.dll
RecordReference
19
Bursty TracingDispatch Check
OrigSrc
ProfSrc
Global Counters cOrig of StayOrig cProf of
StayProf
cOrig1
DecOrig
OrigZero
DecProf
cOriggt1
cProf0
cProf1
cProfgt1
StayOrig
StayProf
StartOrig
StartProf
OrigTgt
ProfTgt
20
Adaptive Bursty Tracing
  • Bursty tracing
  • Sampling rate influences results
  • Rate chosen at runtime
  • Adaptive bursty tracing
  • Different sampling rate by dispatch check point
  • Start at high rate
  • Wait until average gets down to requested rate
  • Start rate, delta target rate chosen at runtime

21
Why Adaptive Bursty Tracing?
22
Adaptive Bursty TracingDispatch Check
OrigSrc
ProfSrc
Per-Dispatch Check Counter cOrigdcid of
StayOrig Global Counter cProf of StayProf
dcid
cOrigdcid1
DecOrig
OrigZero
DecProf
cOrigdcidgt1
cProf0
cProf1
cProfgt1
StayOrig
StayProf
StartOrig
StartProf
OrigTgt
ProfTgt
23
Effect of Adaptive Bursty Tracing on Coverage
24
SWAT Heap Model
  • Requirements
  • AllocateObject(eip, startAddress, size)
  • FreeObject(eip, startAddress)
  • FindObject(eip, address)
  • GetObjectIterator()
  • Implementations
  • Hash table (address?objectInfo)
  • Hash table (startAddress?objectInfo)Hash table
    (address?offsetToStartAddress)
  • Address tree

25
SWAT Heap Model
Address 0101
0
1
0
0
1
1
0
0
0
0
1
1
1
1
0
0
0
0
0
0
0
0
1
1
1
1
1
1
1
1
0000
1000
0100
1100
0101
26
SWAT Heap Model
0
1
0
0
1
1
0
0
0
0
1
1
1
1
0
0
0
0
0
0
0
0
1
1
1
1
1
1
1
1
8 byte
0101
0000
1000
0100
1100
27
SWAT Heap Model
0
1
0
0
1
1
0
0
0
0
1
1
1
1
0
0
0
0
0
0
0
0
1
1
1
1
1
1
1
1
0000
1000
0100
1100
28
SWAT Heap Model
0
1
0
0
1
1
0
0
0
1
1
1
0
0
0
0
0
1
1
1
1
1
0000
1000
0100
1100
29
SWAT Heap Model
0
1
0
0
1
1
0
0
0
1
1
1
0
0
0
0
0
1
1
1
1
1
0000
1000
0100
1100
30
SWAT Heap Model
0
1
0
0
1
1
0
0
1
1
0
0
1
1
0000
1000
0100
1100
31
SWAT Heap Model
0
1
0
0
1
1
0
0
1
1
0
0
1
1
Start address 0101 Size 8 Access
count 19 Last access time 19000000 Alloc
site EIP 0x400019 Last access site EIP 0x400190
32
SWAT Heap Model
  • Space Overhead
  • Address Tree Nodes
  • 0.03 0.35 allocated node bytes / allocated byte
  • Overall
  • 0.12 3.4 times the allocated memory
  • Time
  • FindObject(eip, address)
  • Log(addressSpaceSize) --- (32 bits 32 nodes)

33
Evaluation Time Overhead
34
Staleness Predicates
  • Stale object not needed anymore
  • Stale, if
  • Never accessed
  • Idle time gt t
  • Idle time gt n active time

idle
t
active
idle
nactive
35
Evaluation
  • Inject leaks
  • Randomly, at runtime, decide not to execute a
    free
  • Variables
  • Sampling rate
  • Adaptive or bursty
  • Predicate
  • Measurement results per snapshot
  • List of objects assumed leaked
  • Some true, some false
  • List of objects assumed alive
  • Some true, some false

36
Comparing Predicates
37
Comparing Sampling Rates
38
Lucky Omission Effect
Question At time of snapshot, is object a leak?
maxIdleTime
Injected Leak
time actual references
snapshot
39
Lucky Omission Effect
Low sampling rate
maxIdleTime
time actual references
snapshot
40
Lucky Omission Effect
Low sampling rate
assumed leaked true
maxIdleTime
time actual references
snapshot
41
Lucky Omission Effect
Low sampling rate
assumed leaked true
maxIdleTime
High sampling rate
time actual references
snapshot
42
Lucky Omission Effect
Low sampling rate
assumed leaked true
maxIdleTime
High sampling rate
assumed alive false
time actual references
snapshot
43
Lucky Omission Effect
Low sampling rate
assumed leaked true
maxIdleTime
lucky omission window
High sampling rate
assumed alive false
time actual references
snapshot
44
Mitigation ofLucky Omission Effect
  • Reduce chance of leak happening during
    maxIdleTime
  • snapshotInterval gtgt maxIdleTime

snapshotInterval
maxIdleTime
maxIdleTime
time actual references
snapshot
snapshot
45
Practical Sampling Rates Useful Predicates
46
Leak Analysis Tool
47
Ranking
  • Sort ltalloc site, last access sitegt pairs
  • Old rankings
  • of stale objects currently used
  • of stale bytes
  • Drag caused by stale objects (bytesidle time)
  • New ranking
  • of predicates declaring an object stale

48
Conclusions
  • Many ways to leak detection
  • Predicting leaks by looking at past events
  • Important objects might never be used (boxsim)
  • Lots of stale objects might indicate a
    space-inefficient algorithm
  • Leak Analysis Tool
  • Made it easy to find several statically injected
    leaks

49
Future Work
  • Currently
  • Store source info compactly (at instrumentation
    time)
  • Snapshots at runtime dont use source info
  • Post process snapshots to add source info
  • This week
  • Rank leaks
  • Update Leak Analysis Tool to use ranking
  • Run new version on winword.exe and mshtml.dll
  • Later
  • Combine Unreachables with Stales approach
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "SWAT Memory Leak Detection" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!