Affiliation:
1. College of Information Science and Technology, Xidian University, Xi’an 710126, China
Abstract
The resource release bugs are a common type of serious programming bug. However, it is hard to catch them by using static detection for the lacking of comprehensive prior knowledge about the release functions. In this paper, a resource release bug detection method is proposed by introducing analogical reasoning on word vectors. First, the functions of the target source code are encoded into word vectors by the word embedding technique in natural language processing. Second, a two-stage reasoning method is developed for automatically identifying unknown resource release functions according to a few well-known seed functions. 3CosAvg algorithm is employed for the first stage, and a new algorithm is designed for the latter, called 3CosAddExchange. Finally, the identified release functions are translated into static analysis rules to detect potential bugs. The experiment shows that the proposed method is effective and efficient for the large-scale software project. Five unknown resource release bugs are successfully detected in the Linux kernel and confirmed by kernel developers.
Funder
National Natural Science Foundation of China
Subject
Computer Science Applications,Software
Reference20 articles.
1. Common vulnerabilities & exposures
2. Efficient estimation of word representations in vector space;T. Mikolov,2013
3. Program Slicing
4. Finding bugs using your own code: detecting functionally-similar yet inconsistent code;M. Ahmadi
5. The LLVM compiler infrastructure