Resource Leak Checker (RLC#) for C# Code using CodeQL
Abstract
Resource leaks occur when a program fails to release a finite resource after it is no longer needed. These leaks are a significant cause of real-world crashes and performance issues. Given their critical impact on software performance and security, detecting and preventing resource leaks is a crucial problem. Recent research has proposed a specify-and-check approach to prevent resource leaks. In this approach, programmers write resource management specifications that guide how resources are stored, passed around, and released within an application. We have developed a tool called RLC#, for detecting resource leaks in C# code. Inspired by the Resource Leak Checker (RLC) from the Checker Framework, RLC# employs CodeQL for intraprocedural data flow analysis. The tool operates in a modular fashion and relies on resource management specifications integrated at method boundaries for interprocedural analysis. In practice, RLC# has successfully identified 24 resource leaks in open-source projects and internal proprietary Azure microservices. Its implementation is declarative, and it scales well. While it incurs a reasonable false positive rate, the burden on developers is minimal, involving the addition of specifications to the source code.
Cite
@article{arxiv.2312.01912,
title = {Resource Leak Checker (RLC#) for C# Code using CodeQL},
author = {Pritam Gharat and Narges Shadab and Shrey Tiwari and Shuvendu Lahiri and Akash Lal},
journal= {arXiv preprint arXiv:2312.01912},
year = {2023}
}