HeapMon: a Low Overhead, Automatic, and Programmable Memory Bug Detector

Abstract

Enabling memory-related bug detection in production runs is important for detecting and pinpointing bugs that survive debugging. Left undetected, such bugs may be manifested in behavior that is difficult to detect, such as wrong computation outputs, late or obscure system crashes, security attacks, and subtle performance loss. To be useful in production runs, a bug monitoring scheme must not slow down the monitored program much, must be automatic and not require programmer intervention, and must be easy to deploy. Unfortunately, existing tools and techniques either have a very high performance overhead or require a high degree of programmer involvement.

This thesis presents HeapMon, a heap memory bug detection scheme that has a very low performance overhead, is automatic, and is easy to deploy. HeapMon relies on two new techniques. First, it completely decouples the application code from bug monitoring functions, which are implemented as a helper thread that runs on a separate core in a Chip Multi-Processor system. The helper thread monitors the status of each word on the heap by associating state bits with it.These bits indicate whether the word is unallocated, allocated but uninitialized, or allocated and initialized. Each state defines which accesses are legal to perform on the word and which are illegal (bugs). When a bug is detected, its type, PC, and data address are logged to enable developers to precisely pinpoint the bug's nature and location. The second new technique in HeapMon is to associate a filter bit with each cached word in order to safely and significantly reduce bug checking frequency (by 95% on average). We test the effectiveness of our approach with existing and injected memory bugs on SPEC 2000 applications. Our experimental results show that HeapMon effectively detects and identifies most forms of heap memory bugs, and incurs a performance overhead of only 3.5% on the average, which is orders of magnitude smaller than existing tools. Finally, HeapMon requires modest storage overhead: 3.1% of the cache size and a 32KB victim cache for on-chip filter bits, and 6.2% of the allocated heap memory size for state bits, which are maintained by the helper thread as a software data structure.