skip to main content
10.1145/1250734.1250736acmconferencesArticle/Chapter ViewAbstractPublication PagespldiConference Proceedingsconference-collections
Article

Exterminator: automatically correcting memory errors with high probability

Published:10 June 2007Publication History

ABSTRACT

Programs written in C and C++ are susceptible to memory errors, including buffer overflows and dangling pointers. These errors, whichcan lead to crashes, erroneous execution, and security vulnerabilities, are notoriously costly to repair. Tracking down their location in the source code is difficult, even when the full memory state of the program is available. Once the errors are finally found, fixing them remains challenging: even for critical security-sensitive bugs, the average time between initial reports and the issuance of a patch is nearly one month.

We present Exterminator, a system that automatically correct sheap-based memory errors without programmer intervention. Exterminator exploits randomization to pinpoint errors with high precision. From this information, Exterminator derives runtime patches that fix these errors both in current and subsequent executions. In addition, Exterminator enables collaborative bug correction by merging patches generated by multiple users. We present analytical and empirical results that demonstrate Exterminator's effectiveness at detecting and correcting both injected and real faults.

References

  1. T. M. Austin, S. E. Breach, and G. S. Sohi. Efficient detection of all pointer and array access errors. In Proceedings of the ACM SIGPLAN 1994 Conference on Programming Language Design and Implementation, pages 290--301, New York, NY, USA, 1994. ACM Press. Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. D. Avots, M. Dalton, V. B. Livshits, and M. S. Lam. Improving software security with a C pointer analysis. In Proceedings of the 27th International Conference on Software Engineering, pages 332--341, New York, NY, USA, 2005. ACM Press. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. E. D. Berger and B. G. Zorn. DieHard: Probabilistic memory safety for unsafe languages. In Proceedings of the 2006 ACM SIGPLAN Conference on Programming Language Design and Implementation, pages 158--168, New York, NY, USA, 2006. ACM Press. Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. E. D. Berger and B. G. Zorn. Efficient probabilistic memory safety. Technical Report UMCS TR--2007--17, Department of Computer Science, University of Massachusetts Amherst, Mar. 2007.Google ScholarGoogle Scholar
  5. E. D. Berger, B. G. Zorn, and K. S. McKinley. Composing high--performance memory allocators. In Proceedings of the 2001 ACM SIGPLAN Conference on Programming Language Design and Implementation, Snowbird, Utah, June 2001. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. D. Bernstein. Usenet posting, comp.lang.c. http://groups.google.com/group/comp.lang.c/msg/6b82e964887d73d9, Dec. 1990.Google ScholarGoogle Scholar
  7. S. Bhatkar, D. C. DuVarney, and R. Sekar. Address obfuscation: An efficient approach to combat a broad range of memory error exploits. In Proceedings of the 12th USENIX Security Symposium, pages 105--120. USENIX, Aug. 2003. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. S. Bhatkar, R. Sekar, and D. C. DuVarney. Efficient techniques for comprehensive protection from memory error exploits. In Proceedings of the 14th USENIX Security Symposium, pages 271--286. USENIX, Aug. 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. H.-J. Boehm and M. Weiser. Garbage collection in an uncooperative environment. Software Practice and Experience, 18(9):807--820, 1988. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. H. Cleve and A. Zeller. Locating causes of program failures. In Proceedings of the 27th International Conference on Software Engineering, pages 342--351, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. B. Demsky, M. D. Ernst, P. J. Guo, S. McCamant, J. H. Perkins, and M. Rinard. Inference and enforcement of data structure consistency specifications. In Proceedings of the 2006 International Symposium on Software Testing and Analysis, pages 233--244, New York, NY, USA, 2006. ACM Press. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. B. Demsky and M. Rinard. Automatic detection and repair of errors in data structures. In Proceedings of the 18th annual ACM SIGPLAN Conference on Object-oriented Programing, Systems, Languages, and Applications, pages 78--95, New York, NY, USA, 2003. ACM Press. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. B. Demsky and M. Rinard. Data structure repair using goal-directed reasoning. In Proceedings of the 27th International Conference on Software Engineering, pages 176--185, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. D. Dhurjati and V. Adve. Backwards--Compatible Array Bounds Checking for C with Very Low Overhead. In Proceedings of the 2006 International Conference on Software Engineering, Shanghai, China, May 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. D. Dhurjati and V. Adve. Efficiently Detecting All Dangling Pointer Uses in Production Servers. In International Conference on Dependable Systems and Networks (DSN'06), pages 269--280, 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. D. Dhurjati, S. Kowshik, and V. Adve. SAFEcode: enforcing alias analysis for weakly typed languages. In Proceedings of the 2006 ACM SIGPLAN Conference on Programming Language Design and Implementation, pages 144--157, New York, NY, USA, 2006. ACM Press. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. D. Dhurjati, S. Kowshik, V. Adve, and C. Lattner. Memory safety without runtime checks or garbage collection. In ACM SIGPLAN 2003 Conference on Languages, Compilers, and Tools for Embedded Systems (LCTES'2003), San Diego, CA, June 2003. ACM Press. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. M. D. Ernst, A. Czeisler, W. G. Griswold, and D. Notkin. Quickly detecting relevant program invariants. In Proceedings of the 22nd International Conference on Software Engineering, pages 449--458, New York, NY, USA, 2000. ACM Press. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. D. Grunwald, B. Zorn, and R. Henderson. Improving the cache locality of memory allocation. In Proceedings of SIGPLAN'93 Conference on Programming Languages Design and Implementation, volume 28(6) of ACM SIGPLAN Notices, pages 177--186, Albuquerque, NM, June 1993. ACM Press. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. Z. Guo, G. Jiang, H. Chen, and K. Yoshihira. Tracking probabilistic correlation of monitoring data for fault detection in complex systems. In Proceedings of the 2006 International Conference on Dependable Systems and Networks, pages 259--268, Los Alamitos, CA, USA, 2006. IEEE Computer Society. Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. R. Hastings and B. Joyce. Purify: Fast detection of memory leaks and access errors. In Proc. of the Winter 1992 USENIX Conference, pages 125--138, San Francisco, California, 1991.Google ScholarGoogle Scholar
  22. M. S. Johnstone and P. R. Wilson. The memory fragmentation problem: Solved? In P. Dickman and P. R. Wilson, editors, OOPSLA '97 Workshop on Garbage Collection and Memory Management, Oct. 1997. Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. M. Kharbutli, X. Jiang, Y. Solihin, G. Venkataramani, and M. Prvulovic. Comprehensively and efficiently protecting the heap. In Proceedings of the 12th International Conference on Architectural Support for Programming Languages and Operating Systems, pages 207--218, New York, NY, USA, 2006. ACM Press. Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. D. Lea. A memory allocator. http://gee.cs.oswego.edu/dl/html/malloc.html.Google ScholarGoogle Scholar
  25. B. Liblit, A. Aiken, A. Zheng, and M. Jordan. Bug isolation via remote program sampling. In Proceedings of the ACM SIGPLAN 2003 Conference on Programming Language Design and Implementation, 2003. Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. B. Liblit, M. Naik, A. X. Zheng, A. Aiken, and M. I. Jordan. Scalable statistical bug isolation. In Proceedings of the ACM SIGPLAN 2005 Conference on Programming Language Design and Implementation, pages 15--26, New York, NY, USA, 2005. ACM Press. Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. C. Liu, X. Yan, L. Fei, J. Han, and S. P. Midkiff. SOBER: statistical model--based bug localization. In Proceedings of the 10th European Software Engineering Conference held jointly with 13th ACM SIGSOFT International Symposium on Foundations of Software Engineering, pages 286--295, New York, NY, USA, 2005. ACM Press. Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. G. Misherghi and Z. Su. HDD: Hierarchical delta debugging. In Proceedings of the 28th International Conference on Software Engineering, pages 142--151, New York, NY, USA, 2006. ACM Press. Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. G. C. Necula, S. McPeak, and W. Weimer. CCured: type--safe retrofitting of legacy code. In Proceedings of the 29th ACM SIGPLAN--SIGACT symposium on Principles of Programming Languages, pages 128--139, New York, NY, USA, 2002. ACM Press. Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. N. Nethercote and J. Fitzhardinge. Bounds-checking entire programs without recompiling. In SPACE 2004, Venice, Italy, Jan. 2004.Google ScholarGoogle Scholar
  31. PaX Team. PaX address space layout randomization (ASLR). http://pax.grsecurity.net/docs/aslr.txt.Google ScholarGoogle Scholar
  32. F. Qin, J. Tucek, J. Sundaresan, and Y. Zhou. Rx: Treating bugs as allergies: A safe method to survive software failures. In Proceedings of the Twentieth Symposium on Operating Systems Principles, volume XX of Operating Systems Review, Brighton, UK, Oct. 2005. ACM. Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. M. K. Qureshi, O. Mutlu, and Y. N. Patt. Microarchitecture--based introspection: a technique for transient--fault tolerance in microprocessors. In Proceedings of the 2005 International Conference on Dependable Systems and Networks (DSN 2005), pages 434--443, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  34. G. A. Reis, J. Chang, N. Vachharajani, R. Rangan, and D. I. August. SWIFT: Software Implemented Fault Tolerance. In Proceedings of the International Symposium on Code Generation and Optimization, pages 243--254, Washington, DC, USA, 2005. IEEE Computer Society. Google ScholarGoogle ScholarDigital LibraryDigital Library
  35. M. Rinard, C. Cadar, D. Dumitran, D. M. Roy, and T. Leu. A dynamic technique for eliminating buffer overflow vulnerabilities (and other memory errors). In Proceedings of the 2004 Annual Computer Security Applications Conference, Dec. 2004. Google ScholarGoogle ScholarDigital LibraryDigital Library
  36. M. Rinard, C. Cadar, D. Dumitran, D. M. Roy, T. Leu, and J. William S. Beebee. Enhancing server availability and security through failure--oblivious computing. In Sixth Symposium on Operating Systems Design and Implementation, San Francisco, CA, Dec. 2004. USENIX. Google ScholarGoogle ScholarDigital LibraryDigital Library
  37. W. Robertson, C. Kruegel, D. Mutz, and F. Valeur. Run-time detection of heap-based overflows. In Proceedings of the 17th Large Installation Systems Administration Conference, pages 51--60. USENIX, 2003. Google ScholarGoogle ScholarDigital LibraryDigital Library
  38. G. S. Roy. mpatrol: Related software. http://www.cbmamiga.demon.co.uk/mpatrol/mpatrol_83.html, Nov. 2006.Google ScholarGoogle Scholar
  39. C. Runciman and N. Rojemo. Lag, drag and postmortem heap profiling. In Implementation of Functional Languages Workshop, Bastad, Sweden, Sept. 1995.Google ScholarGoogle Scholar
  40. J. Seward and N. Nethercote. Using Valgrind to detect undefined value errors with bit-precision. In Proceedings of the USENIX'05 Annual Technical Conference, Anaheim, California, USA, Apr. 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  41. S. Sidiroglou, M. E. Locasto, S. W. Boyd, and A. D. Keromytis. Building a reactive immune system for software services. In USENIX Annual Technical Conference, pages 149--161. USENIX, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  42. S. Sidiroglou, M. E. Locasto, S. W. Boyd, and A. D. Keromytis. From STEM to SEAD: Speculative execution for automated defense. In USENIX Annual Technical Conference. USENIX, 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  43. Standard Performance Evaluation Corporation. SPEC2000. http://www.spec.org.Google ScholarGoogle Scholar
  44. Symantec. Internet security threat report. http://www.symantec.com/enterprise/threatreport/index.jsp, Sept. 2006.Google ScholarGoogle Scholar
  45. W. Xu, D. C. DuVarney, and R. Sekar. An efficient and backwards--compatible transformation to ensure memory safety of C programs. In Proceedings of the 12th ACM SIGSOFT Twelfth International Symposium on Foundations of Software Engineering, pages 117--126, New York, NY, USA, 2004. ACM Press. Google ScholarGoogle ScholarDigital LibraryDigital Library
  46. S. H. Yong and S. Horwitz. Protecting C programs from attacks via invalid pointer dereferences. In 11th ACM SIGSOFT International Symposium on Foundations of Software Engineering, pages 307--316, New York, NY, USA, 2003. ACM Press. Google ScholarGoogle ScholarDigital LibraryDigital Library
  47. Y. Younan, W. Joosen, F. Piessens, and H. V. den Eynden. Security of memory allocators for C and C++. Technical Report CW 419, Department of Computer Science, Katholieke Universiteit Leuven, Belgium, July 2005.Google ScholarGoogle Scholar
  48. A. Zeller. Yesterday, my program worked. Today, it does not. Why? In Proceedings of the 7th European Software Engineering Conference held jointly with the 7th ACM SIGSOFT International Symposium on Foundations of Software Engineering, pages 253--267, London, UK, 1999. Springer-Verlag. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Exterminator: automatically correcting memory errors with high probability

                  Recommendations

                  Comments

                  Login options

                  Check if you have access through your login credentials or your institution to get full access on this article.

                  Sign in

                  PDF Format

                  View or Download as a PDF file.

                  PDF

                  eReader

                  View online with eReader.

                  eReader
                  About Cookies On This Site

                  We use cookies to ensure that we give you the best experience on our website.

                  Learn more

                  Got it!