skip to main content
research-article

EffectiveSan: type and memory error detection using dynamically typed C/C++

Published:11 June 2018Publication History
Skip Abstract Section

Abstract

Low-level programming languages with weak/static type systems, such as C and C++, are vulnerable to errors relating to the misuse of memory at runtime, such as (sub-)object bounds overflows, (re)use-after-free, and type confusion. Such errors account for many security and other undefined behavior bugs for programs written in these languages. In this paper, we introduce the notion of dynamically typed C/C++, which aims to detect such errors by dynamically checking the "effective type" of each object before use at runtime. We also present an implementation of dynamically typed C/C++ in the form of the Effective Type Sanitizer (EffectiveSan). EffectiveSan enforces type and memory safety using a combination of low-fat pointers, type meta data and type/bounds check instrumentation. We evaluate EffectiveSan against the SPEC2006 benchmark suite and the Firefox web browser, and detect several new type and memory errors. We also show that EffectiveSan achieves high compatibility and reasonable overheads for the given error coverage. Finally, we highlight that EffectiveSan is one of only a few tools that can detect sub-object bounds errors, and uses a novel approach (dynamic type checking) to do so.

Skip Supplemental Material Section

Supplemental Material

p181-duck.webm

References

  1. P. Akritidis, M. Costa, M. Castro, and S. Hand. 2009. Baggy Bounds Checking: An Efficient and Backwards-Compatible Defense Against Out-of-Bounds Errors. In USENIX Security Symposium. USENIX. Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. T. Austin, S. Breach, and G. Sohi. 1994. Efficient Detection of All Pointer and Array Access Errors. In Programming Language Design and Implementation. ACM. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. H. Boehm and M. Weiser. 1988. Garbage Collection in an Uncooperative Environment. Software Practical Experience 18, 9 (1988). Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. Debugging Information Format Committee. 2010. DWARF Debugging Information Format V4.Google ScholarGoogle Scholar
  5. A. Diwan, K. McKinley, and J. Moss. 1998. Type-based Alias Analysis. In Programming Language Design and Implementation. ACM. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. G. Duck and R. Yap. 2016. Heap Bounds Protection with Low Fat Pointers. In Compiler Construction. ACM. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. G. Duck and R. Yap. 2018. An Extended Low Fat Allocator API and Applications. CoRR abs/1804.04812 (2018).Google ScholarGoogle Scholar
  8. G. Duck, R. Yap, and L. Cavallaro. 2017. Stack Bounds Protection with Low Fat Pointers. In Network and Distributed System Security Symposium. The Internet Society.Google ScholarGoogle Scholar
  9. F. Eigler. 2003. Mudflap: Pointer Use Checking for C/C++. In GCC Developer's Summit.Google ScholarGoogle Scholar
  10. Firefox 2018. Firefox Web Browser. https://www.mozilla.org/.Google ScholarGoogle Scholar
  11. I. Haller, Y. Jeon, H. Peng, M. Payer, C. Giuffrida, H. Bos, and E. van der Kouwe. 2016. TypeSan: Practical Type Confusion Detection. In Computer and Communications Security. ACM. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. C. Hathhorn, C. Ellison, and G. Rosu. 2015. Defining the Undefinedness of C. In Programming Language Design and Implementation. ACM. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. J. Henning. 2006. SPEC CPU2006 Benchmark Descriptions. Computer Architecture News 34, 4 (2006). Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. Intel Corporation. 2018. Intel 64 and IA-32 Architectures Software Developer's Manual.Google ScholarGoogle Scholar
  15. I. Ireland. 2013. SafeType: Detecting Type Violations for Type-Based Alias Analysis of C. Master's thesis. University of Alberta.Google ScholarGoogle Scholar
  16. ISO. 2011. Programming Languages - C. ISO/IEC 9899:2011.Google ScholarGoogle Scholar
  17. ISO. 2017. Programming Languages - C++. ISO/IEC 14882:2017.Google ScholarGoogle Scholar
  18. Y. Jeon, P. Biswas, S. Carr, B. Lee, and M. Payer. 2017. HexType: Efficient Detection of Type Confusion Errors for C++. In Computer and Communications Security. ACM. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. T. Jim, G. Morrisett, D. Grossman, M. Hicks, J. Cheney, and Y. Wang. 2002. Cyclone: A Safe Dialect of C. In USENIX Annual Technical Conference. USENIX. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. S. Kell. 2016. Dynamically Diagnosing Type Errors in Unsafe Code. In Object-Oriented Programming, Systems, Languages, and Applications. ACM. Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. V. Kuznetsov, L. Szekeres, M. Payer, G. Candea, R. Sekar, and D. Song. 2014. Code-pointer Integrity. In USENIX Symposium on Operating Systems Design and Implementation. USENIX. Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. A. Kwon, U. Dhawan, J. Smith, T. Knight, and A. DeHon. 2013. Low-fat Pointers: Compact Encoding and Efficient Gate-level Implementation of Fat Pointers for Spatial Safety and Capability-based Security. In Computer and Communications Security. ACM. Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. B. Lee, C. Song, T. Kim, and W. Lee. 2015. Type Casting Verification: Stopping an Emerging Attack Vector. In USENIX Security Symposium. USENIX. Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. LLVM. 2018. http://llvm.org.Google ScholarGoogle Scholar
  25. A. Loginov, S. Yong, S. Horwitz, and T. Reps. 2001. Debugging via Run-Time Type Checking. In Fundamental Approaches to Software Engineering. Springer. Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. K. Memarian, J. Matthiesen, J. Lingard, K. Nienhuis, D. Chisnall, R. Watson, and P. Sewell. 2016. Into the Depths of C: Elaborating the De Facto Standards. In Programming Language Design and Implementation. ACM. Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. Microsoft. 2013. Microsoft Security Intelligence Report: Featured Intelligence. Volume 16.Google ScholarGoogle Scholar
  28. S. Nagarakatte, Z. Santosh, M. Jianzhou, M. Martin, and S. Zdancewic. 2009. SoftBound: Highly Compatible and Complete Spatial Memory Safety for C. In Programming Language Design and Implementation. ACM. Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. S. Nagarakatte, J. Zhao, M. Martin, and S. Zdancewic. 2010. CETS: Compiler Enforced Temporal Safety for C. In International Symposium on Memory Management. ACM. Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. G. Necula, J. Condit, M. Harren, S. McPeak, and W. Weimer. 2005. CCured: Type-safe Retrofitting of Legacy Software. Transactions on Programming Languages and Systems (2005). Google ScholarGoogle ScholarDigital LibraryDigital Library
  31. O. Oleksenko, D. Kuvaiskii, P. Bhatotia, P. Felber, and C. Fetzer. 2017. Intel MPX Explained: An Empirical Study of Intel MPX and Software-based Bounds Checking Approaches. CoRR abs/1702.00719 (2017).Google ScholarGoogle Scholar
  32. K. Serebryany, D. Bruening, A. Potapenko, and D. Vyukov. 2012. AddressSanitizer: A Fast Address Sanity Checker. In USENIX Annual Technical Conference. USENIX. Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. UBSan 2018. Undefined Behavior Sanitizer. https://clang.llvm.org/docs/UndefinedBehaviorSanitizer.html.Google ScholarGoogle Scholar
  34. Y. Younan, P. Philippaerts, L. Cavallaro, R. Sekar, F. Piessens, and W. Joosen. 2010. PAriCheck: An Efficient Pointer Arithmetic Checker for C Programs. In Information, Computer and Communications Security. ACM. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. EffectiveSan: type and memory error detection using dynamically typed C/C++

            Recommendations

            Comments

            Login options

            Check if you have access through your login credentials or your institution to get full access on this article.

            Sign in

            Full Access

            PDF Format

            View or Download as a PDF file.

            PDF

            eReader

            View online with eReader.

            eReader
            About Cookies On This Site

            We use cookies to ensure that we give you the best experience on our website.

            Learn more

            Got it!