Geek Answers Handbook

Can static analysis detect memory leaks?

Having received my ISTQB certification a long time ago, I remember that it makes the following difference:
Static analysis: performed by the source code, detects unreachable code, unassigned values, etc.
dynamic analysis: can detect memory leaks, etc., requires execution (profiling).

But when I search today, I see that various sites and sources mentioning static analysis are also able to detect memory leaks.

So, I wonder if this static analysis is really capable of this? And if so, what is the difference between dynamic analysis, then in terms of results?

+5
source share
4 answers

A well-designed / implemented static analysis tool can detect many cases where some code should leak, just by analyzing the code. Tools like Coverity / Prevent do this pretty well.

Such instruments can also detect many cases where a leak may occur (and the Turing pier glass does not allow him to know for sure). There is a huge argument as to whether this tool should report this because they can be false positives and false positives are a waste of time for the programmer. [Worse: if a programmer spends time on several false positives, he / she often leaves with the tool in general, and now even the value of the actually detected errors is lost].

Dynamic analysis tools can usually tell if a leak is occurring, at the moment it happens at runtime. (Imagine that the heap pointer is held in a local variable, and the local variable is out of scope). (See Our CheckPointer tool for a dynamic analysis tool that can detect almost all usage errors / distribution stacks / pointer errors encountered at run time).

+4
source

As one of the developers of the static analyzer, I can state that the problem of finding memory leaks is an extremely difficult and sometimes impossible task for SCA. Static analyzers in this area are very weak, and you should not expect much from them. Dynamic analyzers are much more relevant to the search for memory leaks, and if there is a task to find them, then you should consider dynamic rather than static analysis.

Yes, static analyzers can find simple cases of memory leaks. But in practice, you have a memory leak mainly when the code is complex and the memory is free / allocated in different parts of the program. Therefore, static analysis is really not very effective.

+3
source

I am sure that a static analyzer can catch:

void MyFunction() { char * leakable = new char[1000]; }

So the answer to your question is obviously "Yes."

A more interesting question: can it catch more subtle leaks. And the answer is "often yes" if he has access to all the source code or to the representation contract for the involved techniques (ie: if the commentary said: the caller is responsible for freeing the returned object ", the static analyzer can not catch it, but if this the concept is expressed in code (or can be obtained by analyzing the code), a static analyzer can find a problem - sometimes.

+1
source

Static analysis is able to detect the potential for memory leakage in the form of a design that can be expected to lead to memory leaks. However, it cannot detect the presence of an actual memory leak at runtime, since it never checks the execution of the code base.

-1
source

More articles:


All Articles