Heap-based bug identification using anomaly detection
First Claim
1. A method of identifying heap-based bugs, comprising:
- building a model of heap behavior for a program executing on a computer comprising physical memory devices such that at least some memory storage for the program on the memory devices is managed as a heap, the building occurring by observing heap behavior of the program during execution, the model comprising a suite of numerical metrics, the numerical metrics measuring structure of a heap-graph which represents objects and pointers between objects in the heap;
calculating a rate of change of the numerical metrics across one or more execution runs and comparing the rate of change to a threshold rate;
identifying slowly-changing numerical metrics from the suite whose rate of change remains lower than the threshold rate to be globally stable;
detecting anomalous heap behavior deviating from the model, wherein the detecting comprises computing the globally stable metrics from a subsequent execution of the program and detecting anomalies where the globally stable metrics deviate from predefined acceptable ranges, wherein the detecting ignores startup and shutdown of the program; and
reporting information of the anomalous heap behavior as indicative of a heap-based bug in the program.
2 Assignments
0 Petitions
Accused Products
Abstract
A dynamic analysis tool uses anomaly detection to find heap-based bugs. In spite of the evolving nature of the heap, programs generally exhibit several of properties of their heap usage that remain stable. Periodically, during the execution of the program, the analysis tool computes a suite of metrics which are sensitive to the state of the heap. These metrics track heap behavior, and the stability of the heap reflects quantitatively in the values of these metrics. The ranges of stable metrics, obtained by running a program on a multiple input training set, are then treated as indicators of correct behavior, and are used in conjunction with an anomaly detector to find heap-based bugs.
83 Citations
20 Claims
-
1. A method of identifying heap-based bugs, comprising:
-
building a model of heap behavior for a program executing on a computer comprising physical memory devices such that at least some memory storage for the program on the memory devices is managed as a heap, the building occurring by observing heap behavior of the program during execution, the model comprising a suite of numerical metrics, the numerical metrics measuring structure of a heap-graph which represents objects and pointers between objects in the heap; calculating a rate of change of the numerical metrics across one or more execution runs and comparing the rate of change to a threshold rate; identifying slowly-changing numerical metrics from the suite whose rate of change remains lower than the threshold rate to be globally stable; detecting anomalous heap behavior deviating from the model, wherein the detecting comprises computing the globally stable metrics from a subsequent execution of the program and detecting anomalies where the globally stable metrics deviate from predefined acceptable ranges, wherein the detecting ignores startup and shutdown of the program; and reporting information of the anomalous heap behavior as indicative of a heap-based bug in the program. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A computer system programmed as a dynamic analysis tool for identifying heap-based bugs in programs, comprising:
-
a processor; memory devices, the memory devices containing memory storage for a program executing on the processor, the memory storage managed as a heap; the processor configured to perform; detecting phases of execution of the program; building a model of heap behavior for the program, the model comprising a set of numerical metrics, the numerical metrics measuring properties of a heap-graph which represents objects and pointers between objects in the heap and which is modified as the heap changes; calculating a rate of change of the numerical metrics across one or more execution runs and comparing the rate of change to a threshold rate; identifying slowly-changing numerical metrics from the set whose rate of change remains lower than the threshold rate within a detected phase of execution to be locally stable; and detecting anomalies occurring in an execution of the program in which heap behavior of the program deviates from the model wherein the detecting comprises computing the locally stable metrics from a subsequent execution of the program and detecting anomalies where the locally stable metrics deviate from predefined acceptable ranges, wherein the detecting ignores startup and shutdown of the program; and reporting information of the anomalies as indicative of a heap-based bug in the program. - View Dependent Claims (13, 14, 15, 16, 17)
-
-
18. A set of one or more computer-readable software-storing media having computer-executable instructions of a dynamic program analysis tool stored thereon, the computer-executable instructions causing a computer to perform:
-
computing a suite of numerical heap-related metrics from one or more execution runs of a program on a training set of inputs, the program executing on a computer comprising physical memory devices such that at least some memory storage for the program on the memory devices is managed as a heap, and the numerical heap-related metrics measure structure of a heap-graph which represents pointers between objects in the heap during the one or more execution runs; recording an instruction that causes a write to a location of the heap; calculating a rate of change of the heap-related metrics across the one or more execution runs; comparing the rate of change to a threshold rate; identifying phases in the program; identifying slowly changing heap-related metrics from the suite whose rate of change remains lower than the threshold rate to be globally stable or locally stable metrics, wherein the identifying ignores startup and shutdown of the program for purposes of evaluating globally stable metrics; establishing ranges of the globally stable or locally stable metrics; computing the globally stable or locally stable metrics from a subsequent execution of the program, wherein the computing restricts attention to data members of a particular type; and detecting anomalies where the globally stable or locally stable metrics deviate from their respective ranges. - View Dependent Claims (19, 20)
-
Specification