Abstract

The C programming language does not prevent out-of-bounds memory accesses. There exist several techniques to secure C programs; however, these methods tend to slow down these programs substantially, because they populate the binary code with runtime checks. To deal with this problem, we have designed and tested two static analyses - symbolic region and range analysis - which we combine to remove the majority of these guards. In addition to the analyses themselves, we bring two other contributions. First, we describe live range splitting strategies that improve the efficiency and the precision of our analyses. Secondly, we show how to deal with integer overflows, a phenomenon that can compromise the correctness of static algorithms that validate memory accesses. We validate our claims by incorporating our findings into AddressSanitizer. We generate SPEC CINT 2006 code that is 17% faster and 9% more energy efficient than the code produced originally by this tool. Furthermore, our approach is 50% more effective than Pentagons, a state-of-the-art analysis to sanitize memory accesses.
- P. Akritidis, M. Costa, M. Castro, and S. Hand. Baggy bounds checking: An efficient and backwards-compatible defense against out-of-bounds errors. In SSYM, pages 51--66. USENIX, 2009. Google Scholar
Digital Library
- S. Ananian. The static single information form. Master's thesis, MIT, September 1999.Google Scholar
- L. O. Andersen. Program Analysis and Specialization for the C Programming Language. PhD thesis, DIKU, University of Copenhagen, 1994.Google Scholar
- C. Bauer, A. Frink, and R. Kreckel. Introduction to the GiNaC framework for symbolic computation within the C++ programming language. J. Symb. Comput., 33(1):1--12, 2002. Google Scholar
Digital Library
- W. Blume and R. Eigenmann. Symbolic range propagation. In IPPS, pages 357--363, 1994. Google Scholar
Digital Library
- R. Bodik, R. Gupta, and V. Sarkar. ABCD: eliminating array bounds checks on demand. In PLDI, pages 321--333. ACM, 2000. Google Scholar
Digital Library
- D. Brumley, D. X. Song, T. cker Chiueh, R. Johnson, and H. Lin. RICH: Automatically protecting against integer-based vulnerabilities. In NDSS. USENIX, 2007.Google Scholar
- J.-D. Choi, R. Cytron, and J. Ferrante. Automatic construction of sparse data flow evaluation graphs. In POPL, pages 55--66. ACM, 1991. Google Scholar
Digital Library
- P. Cousot and R. Cousot. Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints. In POPL, pages 238--252. ACM, 1977. Google Scholar
Digital Library
- P. Cousot and N. Halbwachs. Automatic discovery of linear restraints among variables of a program. In POPL, pages 84--96. ACM, 1978. Google Scholar
Digital Library
- P. Cousot, R. Cousot, J. Feret, L. Mauborgne, A. Miné, and X. Rival. Why does astrée scale up? Form. Methods Syst. Des., 35(3):229--264, 2009. Google Scholar
Digital Library
- R. Cytron, J. Ferrante, B. Rosen, M.Wegman, and K. Zadeck. Efficiently computing static single assignment form and the control dependence graph. TOPLAS, 13(4):451--490, 1991. Google Scholar
Digital Library
- D. Dhurjati, S. Kowshik, and V. Adve. SAFECode: enforcing alias analysis for weakly typed languages. In PLDI, pages 144--157. ACM, 2006. Google Scholar
Digital Library
- W. Dietz, P. Li, J. Regehr, and V. Adve. Understanding integer overflow in C/C++. In ICSE, pages 760--770. IEEE, 2012. Google Scholar
Digital Library
- J. Ferrante, J. Ottenstein, and D. Warren. The program dependence graph and its use in optimization. TOPLAS, 9(3): 319--349, 1987. Google Scholar
Digital Library
- P. Ferrara, F. Logozzo, and M. Fähndrich. Safer unsafe code for .net. SIGPLAN Not., 43(10):329--346, 2008. Google Scholar
Digital Library
- B. Hardekopf and C. Lin. The ant and the grasshopper: fast and accurate pointer analysis for millions of lines of code. In PLDI, pages 290--299. ACM, 2007. Google Scholar
Digital Library
- C. Lattner and V. S. Adve. LLVM: A compilation framework for lifelong program analysis & transformation. In CGO, pages 75--88. IEEE, 2004. Google Scholar
Digital Library
- F. Logozzo and M. Fähndrich. Pentagons: A weakly relational abstract domain for the efficient validation of array accesses. Sci. Comput. Program., 75(9):796--807, 2010. Google Scholar
Digital Library
- A. Miné. The octagon abstract domain. Higher Order Symbol. Comput., 19:31--100, 2006. Google Scholar
Digital Library
- A. Miné. Backward under-approximations in numeric abstract domains to automatically infer sufficient program conditions. Science of Computer Programming, 2013.Google Scholar
- S. Nagarakatte, J. Zhao, M. M. Martin, and S. Zdancewic. Softbound: Highly compatible and complete spatial memory safety for c. In PLDI, pages 245--258. ACM, 2009. Google Scholar
Digital Library
- F. Nielson, H. R. Nielson, and C. Hankin. Principles of program analysis. Springer, 2005. Google Scholar
Digital Library
- H. Oh, K. Heo, W. Lee, W. Lee, and K. Yi. Design and implementation of sparse global analyses for c-like languages. In PLDI, pages 1--11. ACM, 2012. Google Scholar
Digital Library
- A. A. Rimsa, M. D'Amorim, F. M. Q. Pereira, and R. Bigonha. Efficient static checker for tainted variable attacks. Science of Computer Programming, 80(1):91--105, 2014. Google Scholar
Digital Library
- R. E. Rodrigues, V. H. S. Campos, and F. M. Q. Pereira. A fast and low overhead technique to secure programs against integer overflows. In CGO. ACM, 2013. Google Scholar
Digital Library
- R. Rugina and M. C. Rinard. Symbolic bounds analysis of pointers, array indices, and accessed memory regions. TOPLAS, 27(2):185--235, 2005. Google Scholar
Digital Library
- E. J. Schwartz, T. Avgerinos, and D. Brumley. All you ever wanted to know about dynamic taint analysis and forward symbolic execution (but might have been afraid to ask). In S&P, pages 1--15. IEEE, 2010. Google Scholar
Digital Library
- K. Serebryany, D. Bruening, A. Potapenko, and D. Vyukov. Addresssanitizer: a fast address sanity checker. In USENIX ATC, pages 28--28. USENIX Association, 2012. Google Scholar
Digital Library
- M. S. Simpson and R. K. Barua. Memsafe: Ensuring the spatial and temporal memory safety of c at runtime. Softw. Pract. Exper., 43(1):93--128, 2013. Google Scholar
Digital Library
- D. Singh and W. J. Kaiser. The atom LEAP platform for energy-efficient embedded computing. Technical Report 88b146bk, UCLA, 2010.Google Scholar
- A. L. C. Tavares, B. Boissinot, F. M. Q. Pereira, and F. Rastello. Parameterized construction of program representations for sparse dataflow analyses. In Compiler Construction, pages 2--21. Springer, 2014.Google Scholar
Cross Ref
- F. Tip. A survey of program slicing techniques. Technical report, CWI, 1994. Google Scholar
Digital Library
- J. von Ronne, A. Gampe, D. Niedzielski, and K. Psarris. Safe bounds check annotations. Concurr. Comput.: Pract. Exper., 21(1):41--57, 2009. Google Scholar
Digital Library
- M. Weiser. Program slicing. In ICSE, pages 439--449. IEEE, 1981. Google Scholar
Digital Library
- J. Wilander and M. Kamkar. A comparison of publicly available tools for dynamic buffer overflow prevention. In NDSS, pages 1--12. USENIX, 2003.Google Scholar
- J. Zhao, S. Nagarakatte, M. M. K. Martin, and S. Zdancewic. Formal verification of ssa-based optimizations for llvm. In PLDI, pages 175--186. ACM, 2013. Google Scholar
Digital Library
Index Terms
Validation of memory accesses through symbolic analyses
Recommendations
Validation of memory accesses through symbolic analyses
OOPSLA '14: Proceedings of the 2014 ACM International Conference on Object Oriented Programming Systems Languages & ApplicationsThe C programming language does not prevent out-of-bounds memory accesses. There exist several techniques to secure C programs; however, these methods tend to slow down these programs substantially, because they populate the binary code with runtime ...
ARCHER: using symbolic, path-sensitive analysis to detect memory access errors
Memory corruption errors lead to non-deterministic, elusive crashes. This paper describes ARCHER (ARray CHeckER) a static, effective memory access checker. ARCHER uses path-sensitive, interprocedural symbolic analysis to bound the values of both ...
ARCHER: using symbolic, path-sensitive analysis to detect memory access errors
ESEC/FSE-11: Proceedings of the 9th European software engineering conference held jointly with 11th ACM SIGSOFT international symposium on Foundations of software engineeringMemory corruption errors lead to non-deterministic, elusive crashes. This paper describes ARCHER (ARray CHeckER) a static, effective memory access checker. ARCHER uses path-sensitive, interprocedural symbolic analysis to bound the values of both ...







Comments