FastCheck

Installation

Note: FastCheck requires a Java 1.6 runtime environment

Download and unpack the source tarball, fastcheck-1.0.tgz
Go into the fastcheck directory and run ant. (you will need a Java 1.6 development kit installed)

Invocation

The basic command-line invocation is

$ fastcheck [options] file1.i file2.i ...

Where file1.i, file2.i, etc, are preprocessed C source files.

The many command line options are described here: Command Line Usage

Example

Consider the following:

example.c

#include <stdlib.h>

int example(void)
{
    int *x; 
    int *y;

    x = (int *) malloc(1);

    if(x == NULL) 
      return -1;
    
    y = (int *) malloc(1);

    if(y == NULL) 
      return -1;
    
    free(x);
    free(y);

    return 0;
}

Memory is allocated in two locations. The programmer's intent is to return an error code if any memory allocation fails. Unfortunately, there's an error: If the first allocation succeeds but the second does not, allocated memory is not freed before returning the error code.

Basic invocation

At first, we can try FastCheck with no extra options. We set the flag -stubs=no to indicate we do not want to use a stubs.c file.

$ fastcheck -stubs=no example.i

FastCheck summarizes its findings on standard out.

Parsing 2 files ... done. (0.22 s)
Build CFGs ... done. (0.02 s)
Pointer analysis ... done. (0.00 s)
Call graph ... done. (0.00 s)

Building graph ...done. (0.00 s)
Analyzing sites ...

Error: example.c, line 8: allocation leaks memory
     x = ((int *)malloc(1));
Leak path:     y == ((void *)0)               example.c, line 15
           
done. (0.06 s)
Total fastcheck time... (0.06 s)

FastCheck correctly identifies line 8 as the allocation site that may leak memory.

Leak path shows the conditions under which memory may leak; in this case, y == NULL at line 15.

Options for more detailed output

Some flags cause FastCheck to write verbose output files to an output/ directory.

Subdirectories of output/ divide the allocation sites into seven categories.

Here we run FastCheck again, this time with flags to generate HTML summaries and PNG representations of the value flow graph for each site. The HTML summaries include C source code highted to show leak paths.

$ fastcheck -stubs=no -genHtml=yes -genPng=yes example.i

The resulting output/ directory structure is shown below. A quick look at the summaries for site 1 and site 2 gives a concise description of what is wrong, and what isn't.

output/

freed.cond.leaked/

     site2.dot
     site2.html
     site2.png

freed.local.unknown/

freed.not_local.unknown/

freed.ok/

     site1.dot
     site1.html
     site1.png

not_freed.local.main/

not_freed.local.not_main/

not_freed.not_local/