Abstract
Temporal memory safety errors, such as dangling pointer dereferences and double frees, are a prevalent source of software bugs in unmanaged languages such as C. Existing schemes that attempt to retrofit temporal safety for such languages have high runtime overheads and/or are incomplete, thereby limiting their effectiveness as debugging aids. This paper presents CETS, a compile-time transformation for detecting all violations of temporal safety in C programs. Inspired by existing approaches, CETS maintains a unique identifier with each object, associates this metadata with the pointers in a disjoint metadata space to retain memory layout compatibility, and checks that the object is still allocated on pointer dereferences. A formal proof shows that this is sufficient to provide temporal safety even in the presence of arbitrary casts if the program contains no spatial safety violations. Our CETS prototype employs both temporal check removal optimizations and traditional compiler optimizations to achieve a runtime overhead of just 48% on average. When combined with a spatial-checking system, the average overall overhead is 116% for complete memory safety
- NIST SAMATE Reference Data Set. http://samate.nist.gov/SRD/.Google Scholar
- SoftBound website. http://www.cis.upenn.edu/acg/softbound/.Google Scholar
- M. Abadi, M. Budiu, Ú. Erlingsson, and J. Ligatti. Control-Flow Integrity. In Proceedings of the 10th ACM Conference on Computer and Communications Security, Nov. 2005. Google Scholar
Digital Library
- P. Akritidis, C. Cadar, C. Raiciu, M. Costa, and M. Castro. Preventing Memory Error Exploits with WIT. In Proceedings of the 2008 IEEE Symposium on Security and Privacy, 2008. Google Scholar
Digital Library
- T. M. Austin, S. E. Breach, and G. S. Sohi. Efficient Detection of All Pointer and Array Access Errors. In Proceedings of the SIGPLAN 1994 Conference on Programming Language Design and Implementation, June 1994. Google Scholar
Digital Library
- E. D. Berger and B. G. Zorn. DieHard: Probabilistic Memory Safety for Unsafe Languages. In Proceedings of the SIGPLAN 2006 Conference on Programming Language Design and Implementation, June 2006. Google Scholar
Digital Library
- R. Bodík, R. Gupta, and V. Sarkar. ABCD: Eliminating Array Bounds Checks on Demand. In Proceedings of the SIGPLAN 2000 Conference on Programming Language Design and Implementation, June 2000. Google Scholar
Digital Library
- H.-J. Boehm. Space Efficient Conservative Garbage Collection. In Proceedings of the SIGPLAN 1993 Conference on Programming Language Design and Implementation, June 1993. Google Scholar
Digital Library
- M. Castro, M. Costa, and T. Harris. Securing Software by Enforcing Data-Flow Integrity. In Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation, Nov. 2006. Google Scholar
Digital Library
- J. Condit, M. Harren, Z. Anderson, D. Gay, and G. C. Necula. Dependent Types for Low-Level Programming. In Proceedings of the 16th European Symposium on Programming, Apr. 2007. Google Scholar
Digital Library
- The Coq Development Team. The Coq Proof Assistant Reference Manual (Version 8.2pl1), 2009.Google Scholar
- J. Devietti, C. Blundell, M. M. K. Martin, and S. Zdancewic. Hardbound: Architectural Support for Spatial Safety of the C Programming Language. In Proceedings of the 12th International Conference on Architectural Support for Programming Languages and Operating Systems, Mar. 2008. Google Scholar
Digital Library
- D. Dhurjati and V. Adve. Backwards-Compatible Array Bounds Checking for C with Very Low Overhead. In Proceedings of the 28th International Conference on Software Engineering (ICSE), 2006. Google Scholar
Digital Library
- D. Dhurjati and V. Adve. Efficiently Detecting All Dangling Pointer Uses in Production Servers. In Proceedings of the International Conference on Dependable Systems and Networks, June 2006. Google Scholar
Digital Library
- D. Dhurjati, S. Kowshik, V. Adve, and C. Lattner. Memory Safety Without Runtime Checks or Garbage Collection. In Proceedings of the 2003 ACM SIGPLAN Conference on Language, Compiler, and Tool for Embedded Systems (LCTES), 2003. Google Scholar
Digital Library
- D. Grossman. Safe Programming at the C Level of Abstraction. PhD thesis, Cornell University, Aug. 2003. Google Scholar
Digital Library
- R. Gupta. A Fresh Look at Optimizing Array Bound Checking. In Proceedings of the SIGPLAN 1990 Conference on Programming Language Design and Implementation, June 1990. Google Scholar
Digital Library
- R. Hastings and B. Joyce. Purify: Fast Detection of Memory Leaks and Access Errors. In Proc. of the Winter Usenix Conference, 1992.Google Scholar
- T. Jim, G. Morrisett, D. Grossman, M. Hicks, J. Cheney, and Y. Wang. Cyclone: A Safe Dialect of C. In Proceedings of the 2002 USENIX Annual Technical Conference, June 2002. Google Scholar
Digital Library
- R. W. M. Jones and P. H. J. Kelly. Backwards-Compatible Bounds Checking for Arrays and Pointers in C Programs. In Third International Workshop on Automated Debugging, Nov. 1997.Google Scholar
- C. Lattner and V. Adve. LLVM: A Compilation Framework for Lifelong Program Analysis & Transformation. In Proceedings of the International Symposium on Code Generation and Optimization, 2004. Google Scholar
Digital Library
- S. Nagarakatte, J. Zhao, M. M. K. Martin, and S. Zdancewic. SoftBound: Highly Compatible and Complete Spatial Memory Safety for C. In Proceedings of the SIGPLAN 2009 Conference on Programming Language Design and Implementation, June 2009. Google Scholar
Digital Library
- G. C. Necula, J. Condit, M. Harren, S. McPeak, and W. Weimer. CCured: Type-Safe Retrofitting of Legacy Software. ACM Transactions on Programming Languages and Systems, 27(3), May 2005. Google Scholar
Digital Library
- N. Nethercote and J. Seward. How to shadow every byte of memory used by a program. In Proceedings of the 4th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments, 2007. Google Scholar
Digital Library
- N. Nethercote and J. Seward. Valgrind: A Framework for Heavyweight Dynamic Binary Instrumentation. In Proceedings of the SIGPLAN 2007 Conference on Programming Language Design and Implementation, June 2007. Google Scholar
Digital Library
- G. Novark, E. D. Berger, and B. G. Zorn. Exterminator: Automatically Correcting Memory Errors with High Probability. In Proceedings of the SIGPLAN 2007 Conference on Programming Language Design and Implementation, June 2007. Google Scholar
Digital Library
- H. Patil and C. N. Fischer. Low-Cost, Concurrent Checking of Pointer and Array Accesses in C Programs. Software - Practice & Experience, 27(1):87--110, 1997. Google Scholar
Digital Library
- G. Venkataramani, B. Roemer, M. Prvulovic, and Y. Solihin. MemTracker: Efficient and Programmable Support for Memory Access Monitoring and Debugging. In Proceedings of the 13th Symposium on High-Performance Computer Architecture, Feb. 2007. Google Scholar
Digital Library
- T. Würthinger, C. Wimmer, and H. Mössenböck. Array Bounds Check Elimination for the Java HotSpot Client Compiler. In Proceedings of the 5th International Symposium on Principles and Practice of Programming in Java, 2007. Google Scholar
Digital Library
- W. Xu, D. C. DuVarney, and R. Sekar. An Efficient and Backwards-Compatible Transformation to Ensure Memory Safety of C Programs. In Proceedings of the 12th ACM SIGSOFT International Symposium on Foundations of Software Engineering (FSE), 2004. Google Scholar
Digital Library
- S. H. Yong and S. Horwitz. Protecting C Programs From Attacks via Invalid Pointer Dereferences. In Proceedings of the 11th ACM SIGSOFT International Symposium on Foundations of Software Engineering (FSE), 2003. Google Scholar
Digital Library
Index Terms
CETS: compiler enforced temporal safety for C
Recommendations
CETS: compiler enforced temporal safety for C
ISMM '10: Proceedings of the 2010 international symposium on Memory managementTemporal memory safety errors, such as dangling pointer dereferences and double frees, are a prevalent source of software bugs in unmanaged languages such as C. Existing schemes that attempt to retrofit temporal safety for such languages have high ...
Compiling c programs into a strongly typed assembly language
ASIAN'07: Proceedings of the 12th Asian computing science conference on Advances in computer science: computer and network securityC is one of the most popular languages in system programming, though its unsafe nature often causes security vulnerabilities. In the face of this situation, many tools are developed to ensure safety properties of C programs. However, most of them work ...
MemSafe: Ensuring the Spatial and Temporal Memory Safety of C at Runtime
SCAM '10: Proceedings of the 2010 10th IEEE Working Conference on Source Code Analysis and ManipulationMemory access violations are a leading source of unreliability in C programs. As evidence of this problem, a variety of methods exist that retrofit C with software checks to detect memory errors at runtime. However, these methods generally suffer from ...







Comments