ISMM 2007 START Conference Manager    

Safe Manual Memory Management

David Gay, Robert Ennals and Eric Brewer

The 2007 International Symposium on Memory Management (ISMM 2007)
Montreal, Canada, 21-22 October, 2007


We present CCount, a small extension to C that dynamically verifies the correctness of manual memory management using reference counting. CCount relies on a simple extension to the usual malloc/free memory management API, delayed free scopes during which otherwise dangling references can exist. Porting programs to CCount typically requires little effort (on average 0.56% of lines change), adds an average 11% time overhead (85% in the worst case), and increases space usage by an average of 14%. These results are based on porting over half a million lines of C code, including perl where we found six previously unknown bugs.

Many existing C programs continue to use unchecked manual memory management. One reason is that programmers fear that moving to garbage collection is too big a risk. We believe that CCount is a practical way to provide safe memory management for such programs. Since CCount checks existing memory management rather than changing it, programmers need not worry that CCount will introduce new bugs; and, since CCount does not manage memory itself, programmers can choose to deploy their programs without CCount if performance is critical (a simple header file allows CCount programs to compile and run with a regular C compiler). In contrast, we found that garbage collection, although faster, had much higher space overhead, and occasionally caused a space-usage explosion that made the program unusable.

START Conference Manager (V2.54.5)