LAMeD: LLM-generated Annotations for Memory Leak Detection

TL;DR

LAMeD uses large language models to automatically generate function annotations, enhancing memory leak detection in static analysis tools and addressing scalability issues in complex codebases.

Contribution

Introduces LAMeD, a novel method leveraging LLMs to automate annotation generation, improving static analysis for memory leaks.

Findings

Significantly improves memory leak detection accuracy.

Reduces path explosion in static analysis.

Automates annotation process, saving manual effort.

Abstract

Static analysis tools are widely used to detect software bugs and vulnerabilities but often struggle with scalability and efficiency in complex codebases. Traditional approaches rely on manually crafted annotations -- labeling functions as sources or sinks -- to track data flows, e.g., ensuring that allocated memory is eventually freed, and code analysis tools such as CodeQL, Infer, or Cooddy can use function specifications, but manual annotation is laborious and error-prone, especially for large or third-party libraries. We present LAMeD (LLM-generated Annotations for Memory leak Detection), a novel approach that leverages large language models (LLMs) to automatically generate function-specific annotations. When integrated with analyzers such as Cooddy, LAMeD significantly improves memory leak detection and reduces path explosion. We also suggest directions for extending LAMeD to broader code analysis.