Sound garbage collection for C using pointer provenance

Published: 13 November 2020


Garbage collection (GC) support for unmanaged languages can reduce programming burden in reasoning about liveness of dynamic objects. It also avoids temporal memory safety violations and memory leaks. Sound GC for weakly-typed languages such as C/C++, however, remains an unsolved problem. Current value-based GC solutions examine values of memory locations to discover the pointers, and the objects they point to. The approach is inherently unsound in the presence of arbitrary type casts and pointer manipulations, which are legal in C/C++. Such language features are regularly used, especially in low-level systems code.
In this paper, we propose Dynamic Pointer Provenance Tracking to realize sound GC. We observe that pointers cannot be created out-of-thin-air, and they must have provenance to at least one valid allocation. Therefore, by tracking pointer provenance from the source (e.g., malloc) through both explicit data-flow and implicit control-flow, our GC has sound and precise information to compute the set of all reachable objects at any program state. We discuss several static analysis optimizations, that can be employed during compilation aided with profiling, to significantly reduce the overhead of dynamic provenance tracking from nearly 8× to 16% for well-behaved programs that adhere to the C standards. Pointer provenance based sound GC invocation is also 13% faster and reclaims 6% more memory on average, compared to an unsound value-based GC.

Auxiliary Presentation Video (oopsla20main-p196-p-video.mp4)
This talk presents "Sound Garbage Collection for C Using Pointer Provenance" at OOPSLA 2020. Prior Garbage Collectors for C identify pointers during runtime using their values. This is unsound, and can incorrectly free reachable objects. The paper introduces Dynamic Pointer Provenance Tracking to explicitly track pointer information at runtime, which provides a way to realize a sound Garbage Collector for C, and realizes efficient tracking using several static analysis optimizations.


Proceedings of the ACM on Programming Languages  Volume 4, Issue OOPSLA
November 2020
3108 pages
Association for Computing Machinery

New York, NY, United States

Published: 13 November 2020
Published in PACMPL Volume 4, Issue OOPSLA


  1. Garbage Collector Safety
  2. Optimistic Hybrid Analysis
  3. Pointer Provenance


  • NSF


