Abstract
In C, memory errors, such as buffer overflows, are among the most dangerous software errors; as we show, they are still on the rise. Current dynamic bug-finding tools that try to detect such errors are based on the low-level execution model of the underlying machine. They insert additional checks in an ad-hoc fashion, which makes them prone to omitting checks for corner cases. To address this, we devised a novel approach to finding bugs during the execution of a program. At the core of this approach is an interpreter written in a high-level language that performs automatic checks (such as bounds, NULL, and type checks). By mapping data structures in C to those of the high-level language, accesses are automatically checked and bugs discovered. We have implemented this approach and show that our tool (called Safe Sulong) can find bugs that state-of-the-art tools overlook, such as out-of-bounds accesses to the main function arguments.
- Matthew Arnold, Stephen Fink, David Grove, Michael Hind, and Peter F. Sweeney . 2000. Adaptive Optimization in the Jalape nO JVM. In Proceedings of the 15th ACM SIGPLAN Conference on Object-oriented Programming, Systems, Languages, and Applications (OOPSLA '00). ACM, New York, NY, USA, 47--65. Google Scholar
Digital Library
- Edd Barrett, Carl Friedrich Bolz-Tereick, Rebecca Killick, Sarah Mount, and Laurence Tratt . 2017. Virtual Machine Warmup Blows Hot and Cold. Proc. ACM Program. Lang. Vol. 1, OOPSLA, Article bibinfoarticleno52 (Oct. . 2017), 27 pages. Google Scholar
Digital Library
- Yves Younan, Wouter Joosen, and Frank Piessens. 2012. Runtime Countermeasures for Code Injection Attacks Against C and CGoogle Scholar
- Programs. ACM Comput. Surv. Vol. 44, 3, Article 17 (June. 2012), 28 pages. 0360-0300Google Scholar
Index Terms
Sulong, and Thanks for All the Bugs: Finding Errors in C Programs by Abstracting from the Native Execution Model
Recommendations
Sulong, and Thanks for All the Bugs: Finding Errors in C Programs by Abstracting from the Native Execution Model
ASPLOS '18: Proceedings of the Twenty-Third International Conference on Architectural Support for Programming Languages and Operating SystemsIn C, memory errors, such as buffer overflows, are among the most dangerous software errors; as we show, they are still on the rise. Current dynamic bug-finding tools that try to detect such errors are based on the low-level execution model of the ...
Sulong, and thanks for all the fish
Programming '18: Companion Proceedings of the 2nd International Conference on the Art, Science, and Engineering of ProgrammingDynamic languages rely on native extensions written in languages such as C/C++ or Fortran. To efficiently support the execution of native extensions in the multi-lingual GraalVM, we have implemented Sulong, which executes LLVM IR to support all ...
Sulong - execution of LLVM-based languages on the JVM: position paper
ICOOOLPS '16: Proceedings of the 11th Workshop on Implementation, Compilation, Optimization of Object-Oriented Languages, Programs and SystemsFor the last decade, the Java Virtual Machine (JVM) has been a popular platform to host languages other than Java. Language implementation frameworks like Truffle allow the implementation of dynamic languages such as JavaScript or Ruby with competitive ...







Comments