Using terminology from SafeC, memory errors in C programs can be classifieds into two
(1) Spatial memory errors and
(2) Temporal memory errors.
Spatial memory errors in C programs include array bounds violations (i.e., buffer
overrun) errors, uninitialized pointer dereferences (causing an access to an invalid
address), invalid type conversion errors, format string errors, etc. Temporal memory
errors include uses of pointers to freed heap memory and uses of pointers to an
activation record after the function invocation completes.
Here we focus on detecting uses of pointers to freed heap memory. In previous work,
we have described techniques for detecting spatial errors with very low overhead,
which also exploits Automatic Pool Allocation to reduce run-time overhead. Those
techniques (and other approaches that detect spatial errors) are complementary to
our approach here because our approach here does not use any metadata on individual
pointers or objects and does not restrict adding such metadata. For dangling pointer
accesses to stack objects, some combination of compile time escape analysis, run-time
checks, or converting possibly escaping stack allocations to heap allocations can be
used. By dangling pointer errors we mean use of pointers to freed heap memory, where
use of a pointer is a read, write or free operation on that pointer.