Mike Furr, Validating Reference Counting Operations
Reference counting provides low level languages like C and C++ a means to implement automatic memory management without a garbage collector. While this frees the programmer from having to reason about object lifetimes, it comes with a high cost. The programmer must manually insert reference counting operations at (potentially) every introduction and elimination of a pointer to a reference counted object. Furthermore, there is no checking that these operations are used correctly or even at all. In this work, we present a static analysis to verify reference counting operations are used correctly in C++ COM code. COM requires all objects in its API to be reference counted and provides a protocol for describing exactly when reference counting operations are required. We use a flow and path sensitive dataflow analysis to track two separate counts in the source code: the actual count induced by the code, and an idealized "policy" count which tracks the count expected by the COM protocol. These counts are allowed to differ only temporarily, allowing the programmer flexibility while maintaining safety. Furthermore, the COM protocol can be too restrictive in some cases and thus we allow annotations to support safe deviations from the protocol. While the number of annotations is expected to be small, our analysis is able to infer these annotations in the common cases to ease their introduction. Finally, we have implemented the analysis and found several bugs in production code.