1 of 17

SPrinter: A Static Checker for Finding Smart Pointer Errors in C++ Programs

Xutong Ma, Jiwei Yan, Yaqi Li, Jun Yan and Jian Zhang

Institute of Software, Chinese Academy of Sciences

maxt@ios.ac.cn

2 of 17

Manual and Automated Memory Management

  • Manual Management
    • Allocations and deallocations are verbose
    • Memory errors: Memory Leak, Use after Free, Double Free, etc.
  • Automated Management (through Smart Pointers)
    • Automated (implicit) deallocations
    • Can be used like stack memory
    • Smart Pointer Errors (not absolutely safe)
  • Reason of Smart Pointer Errors
    • Basic concepts are unfriendly to beginners
    • APIs of smart pointer classes are confusing
    • Programmers are credulous when using smart pointers

3 of 17

Manual Memory Management

4 of 17

Automated Memory Management (Smart Pointer)

Reasons:

  • Concept
  • API names
  • Programmers

5 of 17

RAII and Smart Pointer

  • Smart Pointer:
  • Resource Acquisition Is Initialization (RAII)
    • Bind the life cycle of resources to container objects
    • Deallocate the resource when:
      • the container goes out of scope
      • the memory is no longer referenced by any containers.

Memory

Smart Pointer

Resource

Container

Dallocated

Destructed

6 of 17

Ownership and Smart Pointer API

  • Ownership indicates the responsibility to deallocate the managed heap memory object.
  • The Smart Pointer APIs are used to manage the ownership rather than allocate or deallocate the memory directly.

p

release()

p

get()

7 of 17

Error Patterns

  • Unconscious ownership transfer
  • Leaked ownership
  • Forked ownership
  • Invalid memory ownership

8 of 17

Error Patterns

  • Unconscious ownership transfer
  • Leaked ownership
  • Forked ownership
  • Invalid memory ownership

9 of 17

Unconscious ownership transfer

  • Using auto pointers in STL containers.
  • Declaring private auto pointer fields with default copy constructor and assignment operator.

1

2

1

p

10 of 17

Leaked ownership

  • Unused return values of release method.
  • Using release method as an observer.
  • Deallocating the return value of the get method.

Freed

OR

11 of 17

Forked ownership

  • Using raw pointers to initialize smart pointers.
  • Multiple initializations with the same raw pointer.

A

A

A

A

A

Double Free

Freed

12 of 17

Invalid memory ownership

  • Using non-heap memory to initialize a smart pointer.
  • Array and non-array type mismatch.
  • Using weak pointers without checking for validity.

S

A

R

Stack Memory

Freed Memory

Type-Mismatched Memory

13 of 17

Implementation

  • Based on Clang-Tidy Framework
  • Using AST Matchers to detect bad usages of Smart Pointer APIs

AST

AST Sub-Tree

...

Reports

AST Matchers

AST Checkers

Error Patterns

14 of 17

Usage

  • Direct execute on command line:
    • clang-tidy -checks='-*,smartpointersafety-*' source.cpp
    • source.cpp:3:23: warning: Initiating smart pointer with raw pointer.
    • shared_ptr<int> sp1(p);
    • ^
    • 1 warning generated.
  • Integrated into editors:

15 of 17

Evaluation - Manual Benchmark Instances

16 of 17

Evaluation - Open Source Projects

17 of 17

Q & A

Thank you.