Abstract
By studying the behavior of several programs that crash due to memory errors, we observed that locating the errors can be challenging because significant propagation of corrupt memory values can occur prior to the point of the crash. In this article, we present an automated approach for locating memory errors in the presence of memory corruption propagation. Our approach leverages the information revealed by a program crash: when a crash occurs, this reveals a subset of the memory corruption that exists in the execution. By suppressing (nullifying) the effect of this known corruption during execution, the crash is avoided and any remaining (hidden) corruption may then be exposed by subsequent crashes. The newly exposed corruption can then be suppressed in turn. By iterating this process until no further crashes occur, the first point of memory corruption—and the likely root cause of the program failure—can be identified. However, this iterative approach may terminate prematurely, since programs may not crash even when memory corruption is present during execution. To address this, we show how crashes can be exposed in an execution by manipulating the relative ordering of particular variables within memory. By revealing crashes through this variable re-ordering, the effectiveness and applicability of the execution suppression approach can be improved. We describe a set of experiments illustrating the effectiveness of our approach in consistently and precisely identifying the first points of memory corruption in executions that fail due to memory errors. We also discuss a baseline software implementation of execution suppression that incurs an average overhead of 7.2x, and describe how to reduce this overhead to 1.8x through hardware support.
- Agrawal, H. and Horgan, J. R. 1990. Dynamic program slicing. In Proceedings of the ACM SIGPLAN '90 Conference on Programming Language Design and Implementation. ACM, New York, 246--256. Google Scholar
Digital Library
- Agrawal, H., Horgan, J. R., Krauser, E. W., and London, S. 1993. Incremental regression testing. In Proceedings of the IEEE International Conference on Software Maintenance. IEEE Computer Society Press, Los Alamitos, CA, 348--357. Google Scholar
Digital Library
- Akritidis, P., Cadar, C., Raiciu, C., Costa, M., and Castro, M. 2008. Preventing memory error exploits with WIT. In Proceedings of the 2008 IEEE Symposium on Security and Privacy. IEEE Computer Society Press, Los Alamitos, CA, 263--277. Google Scholar
Digital Library
- Ammann, P. and Knight, J. 1988. Data diversity: An approach to software fault tolerance. IEEE Transactions on Computers 37, 4 (April), 418--425. Google Scholar
Digital Library
- Berger, E. D. and Zorn, B. G. 2006. DieHard: Probabilistic memory safety for unsafe languages. In Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation. ACM, New York, 158--168. Google Scholar
Digital Library
- Bond, M. 2008. Diagnosing and tolerating bugs in deployed systems. PhD dissertation, The University of Texas at Austin, Austin, TX. Google Scholar
Digital Library
- Bond, M. and McKinley, K. 2008. Tolerating memory leaks. In Proceedings of the 23rd Annual International Conference on Object-Oriented Programming, Systems, Languages, and Applications. ACM, New York, 109--126. Google Scholar
Digital Library
- Bond, M. and McKinley, K. 2009. Leak pruning. In Proceedings of the 14th International Conference on Architectural Support for Programming Languages and Operating Systems. ACM, New York, 277--288. Google Scholar
Digital Library
- Chen, H., Wu, X., Yuan, L., Zang, B., Yew, P., and Chong, F. T. 2008. From speculation to security: Practical and efficient information flow tracking using speculative hardware. In Proceedings of the International Symposium on Computer Architecture. IEEE Computer Society Press, Los Alamitos, CA, 401--412. Google Scholar
Digital Library
- Cleve, H. and Zeller, A. 2005. Locating causes of program failures. In Proceedings of the 27th International Conference on Software Engineering. ACM, New York, 342--351. Google Scholar
Digital Library
- Csallner, C. and Smaragdakis, Y. 2005. Check 'n' Crash: Combining static checking and testing. In Proceedings of the 27th ACM/IEEE International Conference on Software Engineering. ACM, New York, 422--431. Google Scholar
Digital Library
- Dalton, M., Kannan, H., and Kozyrakis, C. 2007. Raksha: a flexible information flow architecture for software security. In Proceedings of the 34th Annual International Symposium on Computer Architecture. IEEE Computer Society Press, Los Alamitos, CA, 482--493. Google Scholar
Digital Library
- Ernst, M. D., Cockrell, J., Griswold, W. G., and Notkin, D. 2001. Dynamically discovering likely program invariants to support program evolution. IEEE Trans. Softw. Eng. 27, 2 (Feb.), 99--123. Google Scholar
Digital Library
- Flanagan, C., Leino, K. R. M., Lillibridge, M., Nelson, G., Saxe, J. B., and Stata, R. 2002. Extended static checking for java. In Proceedings of the ACM SIGPLAN 2002 Conference on Programming Language Design and Implementation. ACM, New York, 234--245. Google Scholar
Digital Library
- Gyimothy, T., Beszedes, A., and Forgacs, I. 1999. An efficient relevant slicing method for debugging. In Proceedings of the Symposium ACM/SIGSOFT Foundations of Software Engineering. ACM, New York, 303--321. Google Scholar
Digital Library
- Hangal, S. and Lam, M. S. 2002. Tracking down software bugs using automatic anomaly detection. In Proceedings of the 24th International Conference on Software Engineering. ACM, New York, 291--301. Google Scholar
Digital Library
- Hastings, R. and Joyce, B. 1992. Purify: Fast detection of memory leaks and access errors. In Proceedings of the USENIX Winter Technical Conference. USENIX, Berkeley, CA, 125--136.Google Scholar
- Jeffrey, D., Gupta, N., and Gupta, R. 2008a. Fault localization using value replacement. In Proceedings of the International Symposium on Software Testing and Analysis. ACM, New York, 167--178. Google Scholar
Digital Library
- Jeffrey, D., Gupta, N., and Gupta, R. 2008b. Identifying the root causes of memory bugs using corrupted memory location suppression. In Proceedings of the IEEE International Conference on Software Maintenance. IEEE Computer Society Press, Los Alamitos, CA, 356--365.Google Scholar
- Jones, J. A., Harrold, M. J., and Stasko, J. 2002. Visualization of test information to assist fault localization. In Proceedings of the 24th International Conference on Software Engineering. ACM, New York, 467--477. Google Scholar
Digital Library
- Korel, B. and Laski, J. 1988. Dynamic program slicing. Inf. Proc. Lett. 29, 3 (Oct.), 155--163. Google Scholar
Digital Library
- Li, Z., Lu, S., Myagmar, S., and Zhou, Y. 2006. CP-Miner: Finding copy-paste and related bugs in large-scale software code. IEEE Trans. Softw. Eng. 32, 3 (Mar.), 176--192. Google Scholar
Digital Library
- Lu, S., Li, Z., Qin, F., Tan, L., Zhou, P., and Zhou, Y. 2005. BugBench: Benchmarks for evaluating bug detection tools. In Proceedings of the Workshop on the Evaluation of Software Defect Detection Tools Co-located with PLDI.Google Scholar
- Lu, S., Zhou, P., Liu, W., Zhou, Y., and Torrellas, J. 2006. PathExpander: Architectural support for increasing the path coverage of dynamic bug detection. In Proceedings of the 39th Annual IEEE/ACM International Symposium on Microarchitecture. ACM, New York, 38--52. Google Scholar
Digital Library
- Lvin, V. B., Novark, G., Berger, E. D., and Zorn, B. G. 2008. Archipelago: Trading address space for reliability and security. In Proceedings of the 13th International Conference on Architectural Support for Programming Languages and Operating Systems. ACM, New York, 115--124. Google Scholar
Digital Library
- Narayanasamy, S., Pokam, G., and Calder, B. 2005. BugNet: Continuously recording program execution for deterministic replay debugging. In Proceedings of the 32nd Annual International Symposium on Computer Architecture. IEEE Computer Society Press, Los Alamitos, CA, 284--295. Google Scholar
Digital Library
- Necula, G. C., McPeak, S., and Weimer, W. 2002. CCured: Type-safe retrofitting of legacy code. In Proceedings of the Symposium on Principles of Programming Languages. ACM, New York, 128--139. Google Scholar
Digital Library
- Nethercote, N. and Seward, J. 2007. Valgrind: A framework for heavyweight dynamic binary instrumentation. In Proceedings of the ACM SIGPLAN 2007 Conference on Programming Language Design and Implementation. ACM, New York, 89--100. Google Scholar
Digital Library
- Novark, G., Berger, E. D., and Zorn, B. G. 2007. Exterminator: Automatically correcting memory errors with high probability. In Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation. ACM, New York, 1--11. Google Scholar
Digital Library
- Novark, G., Berger, E. D., and Zorn, B. G. 2009. Efficiently and precisely locating memory leaks and bloat. In Proceedings of the Conference on Programming Language Design and Implementation. ACM, New York, 397--407. Google Scholar
Digital Library
- Pacheco, C. and Ernst, M. D. 2005. Eclat: Automatic generation and classification of test inputs. In Proceedings of the 19th European Conference on Object-Oriented Programming. 504--527. Google Scholar
Digital Library
- Pattabiraman, K., Grover, V., and Zorn, B. 2008. Samurai: Protecting critical data in unsafe languages. In Proceedings of EuroSys'08, 219--232. Google Scholar
Digital Library
- Renieris, M. and Reiss, S. 2003. Fault localization with nearest neighbor queries. In Proceedings of the 18th IEEE International Conference on Automated Software Engineering. IEEE Computer Society Press, Los Alamitos, CA, 30--39.Google Scholar
- Ruwase, O. and Lam, M. 2004. A practical dynamic buffer overflow detector. In Proceedings of the 11th Annual Network and Distributed System Security Symposium, 159--169.Google Scholar
- Shetty, R., Kharbutli, M., Solihin, Y., and Prvulovic, M. 2006. HeapMon: A helper-thread approach to programmable, automatic, and low-overhead memory bug detection. IBM J. Res. Devel. 50, 2/3 (Mar.), 261--275. Google Scholar
Digital Library
- Tallam, S., Tian, C., Gupta, R., and Zhang, X. 2008. Avoiding program failures through safe execution perturbations. In Proceedings of the 32nd Annual IEEE International Computer Software and Applications Conference. IEEE Computer Society Press, Los Alamitos, CA, 152--159. Google Scholar
Digital Library
- Venkataramani, G., Doudalis, I., Solihin, Y., and Prvulovic, M. 2008. FlexiTaint: A programmable accelerator for dynamic taint propagation. In Proceedings of the 14th IEEE International Symposium on High-Performance Computer Architecture. IEEE Computer Society Press, Los Alamitos, CA.Google Scholar
- Weiser, M. 1984. Program slicing. IEEE Trans. Softw. Eng. 10, 4 (July), 352--357.Google Scholar
- Yang, J., Sar, C., and Engler, D. R. 2006. EXPLODE: A lightweight, general system for finding serious storage system errors. In Proceedings of the 7th Symposium on Operating Systems Design and Implementation, 131--146. Google Scholar
Digital Library
- Zeller, A. 2002. Isolating cause-effect chains from computer programs. In Proceedings of the 10th International Symposium on the Foundations of Software Engineering, 1--10. Google Scholar
Digital Library
- Zeller, A. and Hildebrandt, R. 2002. Simplifying and isolating failure-inducing input. IEEE Trans. Softw. Eng. 28, 2 (Feb.), 183--200. Google Scholar
Digital Library
- Zhang, X., Gupta, N., and Gupta, R. 2006a. Locating faults through automated predicate switching. In Proceedings of the 28th International Conference on Software Engineering, 272--281. Google Scholar
Digital Library
- Zhang, X., Gupta, N., and Gupta, R. 2006b. Pruning dynamic slices with confidence. In Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation. ACM, New York, 169--180. Google Scholar
Digital Library
- Zhou, P., Liu, W., Fei, L., Lu, S., Qin, F., Zhou, Y., Midkiff, S. P., and Torrellas, J. 2004. AccMon: Automatically detecting memory-related bugs via program counter-based invariants. In Proceedings of the 37th Annual International Symposium on Microarchitecture. IEEE Computer Society, Press, Los Alamitos, CA, 269--280. Google Scholar
Digital Library
Index Terms
Execution suppression: An automated iterative technique for locating memory errors
Recommendations
Isolating bugs in multithreaded programs using execution suppression
Memory-related program failures in multithreaded programs can be caused by a variety of bugs. Concurrency bugs can occur due to unexpected or incorrect thread interleavings during execution. Other kinds of memory bugs, such as buffer overflows and ...
Exterminator: automatically correcting memory errors with high probability
PLDI '07: Proceedings of the 28th ACM SIGPLAN Conference on Programming Language Design and ImplementationPrograms written in C and C++ are susceptible to memory errors, including buffer overflows and dangling pointers. These errors, whichcan lead to crashes, erroneous execution, and security vulnerabilities, are notoriously costly to repair. Tracking down ...
Improving the reliability of chip-off forensic analysis of NAND flash memory devices
Digital forensic investigators often need to extract data from a seized device that contains NAND flash memory. Many such devices are physically damaged, preventing investigators from using automated techniques to extract the data stored within the ...






Comments