LLM-based Resource-Oriented Intention Inference for Static Resource Leak Detection

Resource leaks, caused by resources not being released after acquisition, often lead to performance issues and system crashes. Existing static detection techniques rely on mechanical matching of predefined resource acquisition/release APIs, posing challenges to their effectiveness, including completeness of predefined APIs, identification of reachability validation, and analysis complexity. To overcome these challenges, we propose InferROI, a novel approach that leverages LLMs to directly infer resource-oriented intentions (acquisition, release, and reachability validation) in code, based on resource management knowledge and code context understanding, rather than mechanical API matching. InferROI uses a prompt to instruct the LLM in inferring involved intentions from a given code snippet, which are then translated into formal expressions. By aggregating these inferred intentions, InferROI utilizes a lightweight static-analysis based algorithm to analyze control-flow paths extracted from the code, thereby detecting resource leaks. We evaluate InferROI on Java program and investigate its effectiveness in both resource-oriented intention inference and resource leak detection. Experimental results demonstrate that InferROI achieves a precision of 74.6% and a recall of 81.8% in intention inference on 172 code snippets from the DroidLeaks dataset. Additionally, InferROI covers a significant portion of concerned Android resources listed in the dataset. When applied to 86 bugs from the DroidLeaks dataset, InferROI exhibits a high bug detection rate (53.5%) and a low false alarm rate (8.1%) compared to eight baseline detectors. Moreover, we apply InferROI to resource leak detection in 100 methods from real-world open-source projects, where it identifies 12 unknown resource leak bugs, with 7 of them being confirmed by developers.