skip to main content
research-article

CETS: compiler enforced temporal safety for C

Published:05 June 2010Publication History
Skip Abstract Section

Abstract

Temporal memory safety errors, such as dangling pointer dereferences and double frees, are a prevalent source of software bugs in unmanaged languages such as C. Existing schemes that attempt to retrofit temporal safety for such languages have high runtime overheads and/or are incomplete, thereby limiting their effectiveness as debugging aids. This paper presents CETS, a compile-time transformation for detecting all violations of temporal safety in C programs. Inspired by existing approaches, CETS maintains a unique identifier with each object, associates this metadata with the pointers in a disjoint metadata space to retain memory layout compatibility, and checks that the object is still allocated on pointer dereferences. A formal proof shows that this is sufficient to provide temporal safety even in the presence of arbitrary casts if the program contains no spatial safety violations. Our CETS prototype employs both temporal check removal optimizations and traditional compiler optimizations to achieve a runtime overhead of just 48% on average. When combined with a spatial-checking system, the average overall overhead is 116% for complete memory safety

References

  1. NIST SAMATE Reference Data Set. http://samate.nist.gov/SRD/.Google ScholarGoogle Scholar
  2. SoftBound website. http://www.cis.upenn.edu/acg/softbound/.Google ScholarGoogle Scholar
  3. M. Abadi, M. Budiu, Ú. Erlingsson, and J. Ligatti. Control-Flow Integrity. In Proceedings of the 10th ACM Conference on Computer and Communications Security, Nov. 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. P. Akritidis, C. Cadar, C. Raiciu, M. Costa, and M. Castro. Preventing Memory Error Exploits with WIT. In Proceedings of the 2008 IEEE Symposium on Security and Privacy, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. T. M. Austin, S. E. Breach, and G. S. Sohi. Efficient Detection of All Pointer and Array Access Errors. In Proceedings of the SIGPLAN 1994 Conference on Programming Language Design and Implementation, June 1994. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. E. D. Berger and B. G. Zorn. DieHard: Probabilistic Memory Safety for Unsafe Languages. In Proceedings of the SIGPLAN 2006 Conference on Programming Language Design and Implementation, June 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. R. Bodík, R. Gupta, and V. Sarkar. ABCD: Eliminating Array Bounds Checks on Demand. In Proceedings of the SIGPLAN 2000 Conference on Programming Language Design and Implementation, June 2000. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. H.-J. Boehm. Space Efficient Conservative Garbage Collection. In Proceedings of the SIGPLAN 1993 Conference on Programming Language Design and Implementation, June 1993. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. M. Castro, M. Costa, and T. Harris. Securing Software by Enforcing Data-Flow Integrity. In Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation, Nov. 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. J. Condit, M. Harren, Z. Anderson, D. Gay, and G. C. Necula. Dependent Types for Low-Level Programming. In Proceedings of the 16th European Symposium on Programming, Apr. 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. The Coq Development Team. The Coq Proof Assistant Reference Manual (Version 8.2pl1), 2009.Google ScholarGoogle Scholar
  12. J. Devietti, C. Blundell, M. M. K. Martin, and S. Zdancewic. Hardbound: Architectural Support for Spatial Safety of the C Programming Language. In Proceedings of the 12th International Conference on Architectural Support for Programming Languages and Operating Systems, Mar. 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. D. Dhurjati and V. Adve. Backwards-Compatible Array Bounds Checking for C with Very Low Overhead. In Proceedings of the 28th International Conference on Software Engineering (ICSE), 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. D. Dhurjati and V. Adve. Efficiently Detecting All Dangling Pointer Uses in Production Servers. In Proceedings of the International Conference on Dependable Systems and Networks, June 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. D. Dhurjati, S. Kowshik, V. Adve, and C. Lattner. Memory Safety Without Runtime Checks or Garbage Collection. In Proceedings of the 2003 ACM SIGPLAN Conference on Language, Compiler, and Tool for Embedded Systems (LCTES), 2003. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. D. Grossman. Safe Programming at the C Level of Abstraction. PhD thesis, Cornell University, Aug. 2003. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. R. Gupta. A Fresh Look at Optimizing Array Bound Checking. In Proceedings of the SIGPLAN 1990 Conference on Programming Language Design and Implementation, June 1990. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. R. Hastings and B. Joyce. Purify: Fast Detection of Memory Leaks and Access Errors. In Proc. of the Winter Usenix Conference, 1992.Google ScholarGoogle Scholar
  19. T. Jim, G. Morrisett, D. Grossman, M. Hicks, J. Cheney, and Y. Wang. Cyclone: A Safe Dialect of C. In Proceedings of the 2002 USENIX Annual Technical Conference, June 2002. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. R. W. M. Jones and P. H. J. Kelly. Backwards-Compatible Bounds Checking for Arrays and Pointers in C Programs. In Third International Workshop on Automated Debugging, Nov. 1997.Google ScholarGoogle Scholar
  21. C. Lattner and V. Adve. LLVM: A Compilation Framework for Lifelong Program Analysis & Transformation. In Proceedings of the International Symposium on Code Generation and Optimization, 2004. Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. S. Nagarakatte, J. Zhao, M. M. K. Martin, and S. Zdancewic. SoftBound: Highly Compatible and Complete Spatial Memory Safety for C. In Proceedings of the SIGPLAN 2009 Conference on Programming Language Design and Implementation, June 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. G. C. Necula, J. Condit, M. Harren, S. McPeak, and W. Weimer. CCured: Type-Safe Retrofitting of Legacy Software. ACM Transactions on Programming Languages and Systems, 27(3), May 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. N. Nethercote and J. Seward. How to shadow every byte of memory used by a program. In Proceedings of the 4th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments, 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. N. Nethercote and J. Seward. Valgrind: A Framework for Heavyweight Dynamic Binary Instrumentation. In Proceedings of the SIGPLAN 2007 Conference on Programming Language Design and Implementation, June 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. G. Novark, E. D. Berger, and B. G. Zorn. Exterminator: Automatically Correcting Memory Errors with High Probability. In Proceedings of the SIGPLAN 2007 Conference on Programming Language Design and Implementation, June 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. H. Patil and C. N. Fischer. Low-Cost, Concurrent Checking of Pointer and Array Accesses in C Programs. Software - Practice & Experience, 27(1):87--110, 1997. Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. G. Venkataramani, B. Roemer, M. Prvulovic, and Y. Solihin. MemTracker: Efficient and Programmable Support for Memory Access Monitoring and Debugging. In Proceedings of the 13th Symposium on High-Performance Computer Architecture, Feb. 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. T. Würthinger, C. Wimmer, and H. Mössenböck. Array Bounds Check Elimination for the Java HotSpot Client Compiler. In Proceedings of the 5th International Symposium on Principles and Practice of Programming in Java, 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. W. Xu, D. C. DuVarney, and R. Sekar. An Efficient and Backwards-Compatible Transformation to Ensure Memory Safety of C Programs. In Proceedings of the 12th ACM SIGSOFT International Symposium on Foundations of Software Engineering (FSE), 2004. Google ScholarGoogle ScholarDigital LibraryDigital Library
  31. S. H. Yong and S. Horwitz. Protecting C Programs From Attacks via Invalid Pointer Dereferences. In Proceedings of the 11th ACM SIGSOFT International Symposium on Foundations of Software Engineering (FSE), 2003. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. CETS: compiler enforced temporal safety for C

      Recommendations

      Comments

      Login options

      Check if you have access through your login credentials or your institution to get full access on this article.

      Sign in

      Full Access

      • Published in

        cover image ACM SIGPLAN Notices
        ACM SIGPLAN Notices  Volume 45, Issue 8
        ISMM '10
        August 2010
        129 pages
        ISSN:0362-1340
        EISSN:1558-1160
        DOI:10.1145/1837855
        Issue’s Table of Contents
        • cover image ACM Conferences
          ISMM '10: Proceedings of the 2010 international symposium on Memory management
          June 2010
          140 pages
          ISBN:9781450300544
          DOI:10.1145/1806651
          • General Chair:
          • Jan Vitek,
          • Program Chair:
          • Doug Lea

        Copyright © 2010 ACM

        Publisher

        Association for Computing Machinery

        New York, NY, United States

        Publication History

        • Published: 5 June 2010

        Check for updates

        Qualifiers

        • research-article

      PDF Format

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader
      About Cookies On This Site

      We use cookies to ensure that we give you the best experience on our website.

      Learn more

      Got it!