Safe manual memory management

Abstract

We present HeapSafe, a tool that uses reference counting to dynamically verify the soundness of manual memory man- agement of C programs. HeapSafe relies on a simple ex- tension to the usual malloc/free memory management API: delayed free scopes during which otherwise dangling refer- ences can exist. Porting programs for use with HeapSafe typ- ically requires little effort (on average 0.6% of lines change), adds an average 11% time overhead (84% in the worst case), and increases space usage by an average of 13%. These re- sults are based on porting over half a million lines of C code, including perl where we found six previously unknown bugs. Many existing C programs continue to use unchecked manual memory management. One reason is that program- mers fear that moving to garbage collection is too big a risk. We believe that HeapSafe is a practical way to provide safe memory management for such programs. Since HeapSafe checks existing memory management rather than changing it, programmers need not worry that HeapSafe will intro- duce new bugs; and, since HeapSafe does not manage mem- ory itself, programmers can choose to deploy their programs without HeapSafe if performance is critical (a simple header file allows HeapSafe programs to compile and run with a regular C compiler). In contrast, we found that garbage col- lection, although faster, had much higher space overhead, and occasionally caused a space-usage explosion that made the program unusable.