skip to main content
research-article

Sulong, and Thanks for All the Bugs: Finding Errors in C Programs by Abstracting from the Native Execution Model

Published:19 March 2018Publication History
Skip Abstract Section

Abstract

In C, memory errors, such as buffer overflows, are among the most dangerous software errors; as we show, they are still on the rise. Current dynamic bug-finding tools that try to detect such errors are based on the low-level execution model of the underlying machine. They insert additional checks in an ad-hoc fashion, which makes them prone to omitting checks for corner cases. To address this, we devised a novel approach to finding bugs during the execution of a program. At the core of this approach is an interpreter written in a high-level language that performs automatic checks (such as bounds, NULL, and type checks). By mapping data structures in C to those of the high-level language, accesses are automatically checked and bugs discovered. We have implemented this approach and show that our tool (called Safe Sulong) can find bugs that state-of-the-art tools overlook, such as out-of-bounds accesses to the main function arguments.

References

  1. Matthew Arnold, Stephen Fink, David Grove, Michael Hind, and Peter F. Sweeney . 2000. Adaptive Optimization in the Jalape nO JVM. In Proceedings of the 15th ACM SIGPLAN Conference on Object-oriented Programming, Systems, Languages, and Applications (OOPSLA '00). ACM, New York, NY, USA, 47--65. Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. Edd Barrett, Carl Friedrich Bolz-Tereick, Rebecca Killick, Sarah Mount, and Laurence Tratt . 2017. Virtual Machine Warmup Blows Hot and Cold. Proc. ACM Program. Lang. Vol. 1, OOPSLA, Article bibinfoarticleno52 (Oct. . 2017), 27 pages. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. Yves Younan, Wouter Joosen, and Frank Piessens. 2012. Runtime Countermeasures for Code Injection Attacks Against C and CGoogle ScholarGoogle Scholar
  4. Programs. ACM Comput. Surv. Vol. 44, 3, Article 17 (June. 2012), 28 pages. 0360-0300Google ScholarGoogle Scholar

Index Terms

  1. Sulong, and Thanks for All the Bugs: Finding Errors in C Programs by Abstracting from the Native Execution Model

            Recommendations

            Comments

            Login options

            Check if you have access through your login credentials or your institution to get full access on this article.

            Sign in

            Full Access

            • Published in

              cover image ACM SIGPLAN Notices
              ACM SIGPLAN Notices  Volume 53, Issue 2
              ASPLOS '18
              February 2018
              809 pages
              ISSN:0362-1340
              EISSN:1558-1160
              DOI:10.1145/3296957
              Issue’s Table of Contents
              • cover image ACM Conferences
                ASPLOS '18: Proceedings of the Twenty-Third International Conference on Architectural Support for Programming Languages and Operating Systems
                March 2018
                827 pages
                ISBN:9781450349116
                DOI:10.1145/3173162

              Copyright © 2018 ACM

              Publisher

              Association for Computing Machinery

              New York, NY, United States

              Publication History

              • Published: 19 March 2018

              Check for updates

              Qualifiers

              • research-article

            PDF Format

            View or Download as a PDF file.

            PDF

            eReader

            View online with eReader.

            eReader
            About Cookies On This Site

            We use cookies to ensure that we give you the best experience on our website.

            Learn more

            Got it!