skip to main content
research-article
Free Access

Execution suppression: An automated iterative technique for locating memory errors

Published:24 May 2008Publication History
Skip Abstract Section

Abstract

By studying the behavior of several programs that crash due to memory errors, we observed that locating the errors can be challenging because significant propagation of corrupt memory values can occur prior to the point of the crash. In this article, we present an automated approach for locating memory errors in the presence of memory corruption propagation. Our approach leverages the information revealed by a program crash: when a crash occurs, this reveals a subset of the memory corruption that exists in the execution. By suppressing (nullifying) the effect of this known corruption during execution, the crash is avoided and any remaining (hidden) corruption may then be exposed by subsequent crashes. The newly exposed corruption can then be suppressed in turn. By iterating this process until no further crashes occur, the first point of memory corruption—and the likely root cause of the program failure—can be identified. However, this iterative approach may terminate prematurely, since programs may not crash even when memory corruption is present during execution. To address this, we show how crashes can be exposed in an execution by manipulating the relative ordering of particular variables within memory. By revealing crashes through this variable re-ordering, the effectiveness and applicability of the execution suppression approach can be improved. We describe a set of experiments illustrating the effectiveness of our approach in consistently and precisely identifying the first points of memory corruption in executions that fail due to memory errors. We also discuss a baseline software implementation of execution suppression that incurs an average overhead of 7.2x, and describe how to reduce this overhead to 1.8x through hardware support.

References

  1. Agrawal, H. and Horgan, J. R. 1990. Dynamic program slicing. In Proceedings of the ACM SIGPLAN '90 Conference on Programming Language Design and Implementation. ACM, New York, 246--256. Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. Agrawal, H., Horgan, J. R., Krauser, E. W., and London, S. 1993. Incremental regression testing. In Proceedings of the IEEE International Conference on Software Maintenance. IEEE Computer Society Press, Los Alamitos, CA, 348--357. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. Akritidis, P., Cadar, C., Raiciu, C., Costa, M., and Castro, M. 2008. Preventing memory error exploits with WIT. In Proceedings of the 2008 IEEE Symposium on Security and Privacy. IEEE Computer Society Press, Los Alamitos, CA, 263--277. Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. Ammann, P. and Knight, J. 1988. Data diversity: An approach to software fault tolerance. IEEE Transactions on Computers 37, 4 (April), 418--425. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. Berger, E. D. and Zorn, B. G. 2006. DieHard: Probabilistic memory safety for unsafe languages. In Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation. ACM, New York, 158--168. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. Bond, M. 2008. Diagnosing and tolerating bugs in deployed systems. PhD dissertation, The University of Texas at Austin, Austin, TX. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. Bond, M. and McKinley, K. 2008. Tolerating memory leaks. In Proceedings of the 23rd Annual International Conference on Object-Oriented Programming, Systems, Languages, and Applications. ACM, New York, 109--126. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. Bond, M. and McKinley, K. 2009. Leak pruning. In Proceedings of the 14th International Conference on Architectural Support for Programming Languages and Operating Systems. ACM, New York, 277--288. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. Chen, H., Wu, X., Yuan, L., Zang, B., Yew, P., and Chong, F. T. 2008. From speculation to security: Practical and efficient information flow tracking using speculative hardware. In Proceedings of the International Symposium on Computer Architecture. IEEE Computer Society Press, Los Alamitos, CA, 401--412. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. Cleve, H. and Zeller, A. 2005. Locating causes of program failures. In Proceedings of the 27th International Conference on Software Engineering. ACM, New York, 342--351. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. Csallner, C. and Smaragdakis, Y. 2005. Check 'n' Crash: Combining static checking and testing. In Proceedings of the 27th ACM/IEEE International Conference on Software Engineering. ACM, New York, 422--431. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. Dalton, M., Kannan, H., and Kozyrakis, C. 2007. Raksha: a flexible information flow architecture for software security. In Proceedings of the 34th Annual International Symposium on Computer Architecture. IEEE Computer Society Press, Los Alamitos, CA, 482--493. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. Ernst, M. D., Cockrell, J., Griswold, W. G., and Notkin, D. 2001. Dynamically discovering likely program invariants to support program evolution. IEEE Trans. Softw. Eng. 27, 2 (Feb.), 99--123. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. Flanagan, C., Leino, K. R. M., Lillibridge, M., Nelson, G., Saxe, J. B., and Stata, R. 2002. Extended static checking for java. In Proceedings of the ACM SIGPLAN 2002 Conference on Programming Language Design and Implementation. ACM, New York, 234--245. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. Gyimothy, T., Beszedes, A., and Forgacs, I. 1999. An efficient relevant slicing method for debugging. In Proceedings of the Symposium ACM/SIGSOFT Foundations of Software Engineering. ACM, New York, 303--321. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. Hangal, S. and Lam, M. S. 2002. Tracking down software bugs using automatic anomaly detection. In Proceedings of the 24th International Conference on Software Engineering. ACM, New York, 291--301. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. Hastings, R. and Joyce, B. 1992. Purify: Fast detection of memory leaks and access errors. In Proceedings of the USENIX Winter Technical Conference. USENIX, Berkeley, CA, 125--136.Google ScholarGoogle Scholar
  18. Jeffrey, D., Gupta, N., and Gupta, R. 2008a. Fault localization using value replacement. In Proceedings of the International Symposium on Software Testing and Analysis. ACM, New York, 167--178. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. Jeffrey, D., Gupta, N., and Gupta, R. 2008b. Identifying the root causes of memory bugs using corrupted memory location suppression. In Proceedings of the IEEE International Conference on Software Maintenance. IEEE Computer Society Press, Los Alamitos, CA, 356--365.Google ScholarGoogle Scholar
  20. Jones, J. A., Harrold, M. J., and Stasko, J. 2002. Visualization of test information to assist fault localization. In Proceedings of the 24th International Conference on Software Engineering. ACM, New York, 467--477. Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. Korel, B. and Laski, J. 1988. Dynamic program slicing. Inf. Proc. Lett. 29, 3 (Oct.), 155--163. Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. Li, Z., Lu, S., Myagmar, S., and Zhou, Y. 2006. CP-Miner: Finding copy-paste and related bugs in large-scale software code. IEEE Trans. Softw. Eng. 32, 3 (Mar.), 176--192. Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. Lu, S., Li, Z., Qin, F., Tan, L., Zhou, P., and Zhou, Y. 2005. BugBench: Benchmarks for evaluating bug detection tools. In Proceedings of the Workshop on the Evaluation of Software Defect Detection Tools Co-located with PLDI.Google ScholarGoogle Scholar
  24. Lu, S., Zhou, P., Liu, W., Zhou, Y., and Torrellas, J. 2006. PathExpander: Architectural support for increasing the path coverage of dynamic bug detection. In Proceedings of the 39th Annual IEEE/ACM International Symposium on Microarchitecture. ACM, New York, 38--52. Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. Lvin, V. B., Novark, G., Berger, E. D., and Zorn, B. G. 2008. Archipelago: Trading address space for reliability and security. In Proceedings of the 13th International Conference on Architectural Support for Programming Languages and Operating Systems. ACM, New York, 115--124. Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. Narayanasamy, S., Pokam, G., and Calder, B. 2005. BugNet: Continuously recording program execution for deterministic replay debugging. In Proceedings of the 32nd Annual International Symposium on Computer Architecture. IEEE Computer Society Press, Los Alamitos, CA, 284--295. Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. Necula, G. C., McPeak, S., and Weimer, W. 2002. CCured: Type-safe retrofitting of legacy code. In Proceedings of the Symposium on Principles of Programming Languages. ACM, New York, 128--139. Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. Nethercote, N. and Seward, J. 2007. Valgrind: A framework for heavyweight dynamic binary instrumentation. In Proceedings of the ACM SIGPLAN 2007 Conference on Programming Language Design and Implementation. ACM, New York, 89--100. Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. Novark, G., Berger, E. D., and Zorn, B. G. 2007. Exterminator: Automatically correcting memory errors with high probability. In Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation. ACM, New York, 1--11. Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. Novark, G., Berger, E. D., and Zorn, B. G. 2009. Efficiently and precisely locating memory leaks and bloat. In Proceedings of the Conference on Programming Language Design and Implementation. ACM, New York, 397--407. Google ScholarGoogle ScholarDigital LibraryDigital Library
  31. Pacheco, C. and Ernst, M. D. 2005. Eclat: Automatic generation and classification of test inputs. In Proceedings of the 19th European Conference on Object-Oriented Programming. 504--527. Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. Pattabiraman, K., Grover, V., and Zorn, B. 2008. Samurai: Protecting critical data in unsafe languages. In Proceedings of EuroSys'08, 219--232. Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. Renieris, M. and Reiss, S. 2003. Fault localization with nearest neighbor queries. In Proceedings of the 18th IEEE International Conference on Automated Software Engineering. IEEE Computer Society Press, Los Alamitos, CA, 30--39.Google ScholarGoogle Scholar
  34. Ruwase, O. and Lam, M. 2004. A practical dynamic buffer overflow detector. In Proceedings of the 11th Annual Network and Distributed System Security Symposium, 159--169.Google ScholarGoogle Scholar
  35. Shetty, R., Kharbutli, M., Solihin, Y., and Prvulovic, M. 2006. HeapMon: A helper-thread approach to programmable, automatic, and low-overhead memory bug detection. IBM J. Res. Devel. 50, 2/3 (Mar.), 261--275. Google ScholarGoogle ScholarDigital LibraryDigital Library
  36. Tallam, S., Tian, C., Gupta, R., and Zhang, X. 2008. Avoiding program failures through safe execution perturbations. In Proceedings of the 32nd Annual IEEE International Computer Software and Applications Conference. IEEE Computer Society Press, Los Alamitos, CA, 152--159. Google ScholarGoogle ScholarDigital LibraryDigital Library
  37. Venkataramani, G., Doudalis, I., Solihin, Y., and Prvulovic, M. 2008. FlexiTaint: A programmable accelerator for dynamic taint propagation. In Proceedings of the 14th IEEE International Symposium on High-Performance Computer Architecture. IEEE Computer Society Press, Los Alamitos, CA.Google ScholarGoogle Scholar
  38. Weiser, M. 1984. Program slicing. IEEE Trans. Softw. Eng. 10, 4 (July), 352--357.Google ScholarGoogle Scholar
  39. Yang, J., Sar, C., and Engler, D. R. 2006. EXPLODE: A lightweight, general system for finding serious storage system errors. In Proceedings of the 7th Symposium on Operating Systems Design and Implementation, 131--146. Google ScholarGoogle ScholarDigital LibraryDigital Library
  40. Zeller, A. 2002. Isolating cause-effect chains from computer programs. In Proceedings of the 10th International Symposium on the Foundations of Software Engineering, 1--10. Google ScholarGoogle ScholarDigital LibraryDigital Library
  41. Zeller, A. and Hildebrandt, R. 2002. Simplifying and isolating failure-inducing input. IEEE Trans. Softw. Eng. 28, 2 (Feb.), 183--200. Google ScholarGoogle ScholarDigital LibraryDigital Library
  42. Zhang, X., Gupta, N., and Gupta, R. 2006a. Locating faults through automated predicate switching. In Proceedings of the 28th International Conference on Software Engineering, 272--281. Google ScholarGoogle ScholarDigital LibraryDigital Library
  43. Zhang, X., Gupta, N., and Gupta, R. 2006b. Pruning dynamic slices with confidence. In Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation. ACM, New York, 169--180. Google ScholarGoogle ScholarDigital LibraryDigital Library
  44. Zhou, P., Liu, W., Fei, L., Lu, S., Qin, F., Zhou, Y., Midkiff, S. P., and Torrellas, J. 2004. AccMon: Automatically detecting memory-related bugs via program counter-based invariants. In Proceedings of the 37th Annual International Symposium on Microarchitecture. IEEE Computer Society, Press, Los Alamitos, CA, 269--280. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Execution suppression: An automated iterative technique for locating memory errors

        Recommendations

        Comments

        Login options

        Check if you have access through your login credentials or your institution to get full access on this article.

        Sign in

        Full Access

        PDF Format

        View or Download as a PDF file.

        PDF

        eReader

        View online with eReader.

        eReader
        About Cookies On This Site

        We use cookies to ensure that we give you the best experience on our website.

        Learn more

        Got it!