Memory leak bugs are a major problem in C/C++ programs. They occur when memory objects are not deallocated. Developers need to manually deallocate these objects to prevent memory leaks. As such, several techniques have been proposed to automatically fix memory leaks. Although proposed approaches have merit in automatically fixing memory leaks, they present limitations. Static-based approaches attempt to trace the complete semantics of memory object across all paths. However, they have scalability-related challenges when the target program has a large number of paths (path explosion). On the other hand, dynamic approaches can spell out precise semantics of memory object only on a single execution path (it does not consider multiple execution paths). In this paper, we complement prior approaches by designing and implementing a novel framework named AddressWatcher . AddressWatcher allows the semantics of a memory object to be tracked on multiple execution paths. Addresswatcher accomplishes this by using a leak database that allows one to store and compare different execution paths of a leak over several test cases. Also, AddressWatcher performs lightweight instrumentation during compile time that is utilized during the program execution to watch and track memory leak read/writes. We conduct an evaluation of AddressWatcher over five popular packages, namely binutils, openssh, tmux, openssl and git. In 23 out of 50 real-world memory leak bugs, AddressWatcher correctly points to a free location to fix memory leaks. Finally, we submit 25 Pull Requests across 12 popular OSS repositories using AddressWatcher suggestions. Among these, 21 were merged leading to 5 open issues being addressed. In fact, our critical fix prompted a new version release for the calc repository, a program used to find large primes. Furthermore, our contributions through these PRs sparked intense discussions and appreciation in various repositories such as coturn, h2o, and radare2.

中文翻译：

---

AddressWatcher：基于 Sanitizer 的内存泄漏修复本地化


内存泄漏错误是 C/C++ 程序中的一个主要问题。当内存对象未被释放时，就会发生这种情况。开发人员需要手动释放这些对象以防止内存泄漏。因此，已经提出了几种技术来自动修复内存泄漏。尽管所提出的方法在自动修复内存泄漏方面具有优点，但它们存在局限性。基于静态的方法尝试跨所有路径跟踪内存对象的完整语义。然而，当目标程序具有大量路径（路径爆炸）时，它们会面临与可扩展性相关的挑战。另一方面，动态方法只能在单个执行路径上阐明内存对象的精确语义（它不考虑多个执行路径）。在本文中，我们通过设计和实现一个名为 AddressWatcher 的新颖框架来补充先前的方法。 AddressWatcher 允许在多个执行路径上跟踪内存对象的语义。 Addresswatcher 通过使用泄漏数据库来实现这一目标，该数据库允许存储和比较多个测试用例中泄漏的不同执行路径。此外，AddressWatcher 在编译时执行轻量级检测，在程序执行期间利用该检测来监视和跟踪内存泄漏读/写。我们对五个流行软件包（即 binutils、openssh、tmux、openssl 和 git）对 AddressWatcher 进行了评估。在现实世界中 50 个内存泄漏错误中的 23 个中，AddressWatcher 正确地指向空闲位置来修复内存泄漏。最后，我们使用 AddressWatcher 建议跨 12 个流行的 OSS 存储库提交 25 个 Pull 请求。其中，21 个已合并，导致 5 个未决问题得到解决。 事实上，我们的关键修复促使 calc 存储库发布了新版本，这是一个用于查找大素数的程序。此外，我们通过这些 PR 做出的贡献引发了各种存储库（例如 coturn、h2o 和radare2）的激烈讨论和赞赏。