skip to main content
research-article
Open Access
Artifacts Available
Artifacts Evaluated & Reusable

Deciding memory safety for single-pass heap-manipulating programs

Published:20 December 2019Publication History
Skip Abstract Section

Abstract

We investigate the decidability of automatic program verification for programs that manipulate heaps, and in particular, decision procedures for proving memory safety for them. We extend recent work that identified a decidable subclass of uninterpreted programs to a class of alias-aware programs that can update maps. We apply this theory to develop verification algorithms for memory safety— determining if a heap-manipulating program that allocates and frees memory locations and manipulates heap pointers does not dereference an unallocated memory location. We show that this problem is decidable when the initial allocated heap forms a forest data-structure and when programs are streaming-coherent, which intuitively restricts programs to make a single pass over a data-structure. Our experimental evaluation on a set of library routines that manipulate forest data-structures shows that common single-pass algorithms on data-structures often fall in the decidable class, and that our decision procedure is efficient in verifying them.

Skip Supplemental Material Section

Supplemental Material

a35-mathur.webm

References

  1. Rajeev Alur and Pavol Černý. 2011. Streaming Transducers for Algorithmic Verification of Single-pass List-processing Programs. SIGPLAN Not. 46, 1 (Jan. 2011), 599–610. Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. Todd M. Austin, Scott E. Breach, and Gurindar S. Sohi. 1994. Efficient Detection of All Pointer and Array Access Errors. In Proceedings of the ACM SIGPLAN 1994 Conference on Programming Language Design and Implementation (PLDI ’94). ACM, New York, NY, USA, 290–301. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. Ittai Balaban, Amir Pnueli, and Lenore D. Zuck. 2005. Shape Analysis by Predicate Abstraction. In Proceedings of the 6th International Conference on Verification, Model Checking, and Abstract Interpretation (VMCAI’05). Springer-Verlag, Berlin, Heidelberg, 164–180. Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. Thomas Ball, Rupak Majumdar, Todd Millstein, and Sriram K. Rajamani. 2001. Automatic Predicate Abstraction of C Programs. In Proceedings of the ACM SIGPLAN 2001 Conference on Programming Language Design and Implementation (PLDI ’01). ACM, New York, NY, USA, 203–213. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. Sébastien Bardin, Alain Finkel, and David Nowak. 2004. Toward symbolic verification of programs handling pointers. (2004).Google ScholarGoogle Scholar
  6. Josh Berdine, Cristiano Calcagno, and Peter W. O’Hearn. 2004. A Decidable Fragment of Separation Logic. In Proceedings of the 24th International Conference on Foundations of Software Technology and Theoretical Computer Science (FSTTCS’04). Springer-Verlag, Berlin, Heidelberg, 97–109. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. Josh Berdine, Cristiano Calcagno, and Peter W. O’Hearn. 2006. Smallfoot: Modular Automatic Assertion Checking with Separation Logic. In Formal Methods for Components and Objects, Frank S. de Boer, Marcello M. Bonsangue, Susanne Graf, and Willem-Paul de Roever (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 115–137.Google ScholarGoogle Scholar
  8. Ahmed Bouajjani, Marius Bozga, Peter Habermehl, Radu Iosif, Pierre Moro, and Tomáš Vojnar. 2006. Programs with Lists Are Counter Automata. In Computer Aided Verification, Thomas Ball and Robert B. Jones (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 517–531.Google ScholarGoogle Scholar
  9. Ahmed Bouajjani, Peter Habermehl, Pierre Moro, and Tomáš Vojnar. 2005. Verifying Programs with Dynamic 1-selectorlinked Structures in Regular Model Checking. In Proceedings of the 11th International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS’05). Springer-Verlag, Berlin, Heidelberg, 13–29. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. Marius Bozga and Radu Iosif. 2007. On Flat Programs with Lists. In Proceedings of the 8th International Conference on Verification, Model Checking, and Abstract Interpretation (VMCAI’07). Springer-Verlag, Berlin, Heidelberg, 122–136. http://dl.acm.org/citation.cfm?id=1763048.1763061Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. Aaron R. Bradley and Zohar Manna. 2007. The Calculus of Computation: Decision Procedures with Applications to Verification. Springer-Verlag, Berlin, Heidelberg.Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. Cristiano Calcagno, Dino Distefano, Peter W. O’Hearn, and Hongseok Yang. 2011. Compositional Shape Analysis by Means of Bi-Abduction. J. ACM 58, 6, Article 26 (Dec. 2011), 66 pages. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. Jeremy Condit, Matthew Harren, Scott McPeak, George C. Necula, and Westley Weimer. 2003. CCured in the real world. In Proceedings of the ACM SIGPLAN 2003 Conference on Programming Language Design and Implementation 2003, San Diego, California, USA, June 9-11, 2003. 232–244. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. Byron Cook, Christoph Haase, Joël Ouaknine, Matthew Parkinson, and James Worrell. 2011. Tractable Reasoning in a Fragment of Separation Logic. In Proceedings of the 22Nd International Conference on Concurrency Theory (CONCUR’11). Springer-Verlag, Berlin, Heidelberg, 235–249. http://dl.acm.org/citation.cfm?id=2040235.2040256Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. John Criswell, Andrew Lenharth, Dinakar Dhurjati, and Vikram S. Adve. 2007. Secure virtual architecture: a safe execution environment for commodity operating systems. In Proceedings of the 21st ACM Symposium on Operating Systems Principles 2007, SOSP 2007, Stevenson, Washington, USA, October 14-17, 2007. 351–366. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. Nurit Dor, Michael Rodeh, and Shmuel Sagiv. 2000. Checking Cleanness in Linked Lists. In SAS.Google ScholarGoogle Scholar
  17. Robert W. Floyd. 1967. Assigning meanings to programs. Mathematical aspects of computer science 19, 19-32 (1967), 1. http://www.cs.ucdavis.edu/~su/teaching/ecs240- s09/readings/FloydMeaning.pdfGoogle ScholarGoogle Scholar
  18. Guillem Godoy and Ashish Tiwari. 2009. Invariant Checking for Programs with Procedure Calls. In Proceedings of the 16th International Symposium on Static Analysis (SAS ’09). Springer-Verlag, Berlin, Heidelberg, 326–342.Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. Michael Hicks. 2014. What is memory safety?, The Programming Languages Enthusiast. http://www.pl- enthusiast.net/ 2014/07/21/memory- safety/ . Accessed: 2019-04-05.Google ScholarGoogle Scholar
  20. C. A. R. Hoare. 1969. An Axiomatic Basis for Computer Programming. Commun. ACM 12, 10 (Oct. 1969), 576–580. Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. Trevor Jim, J Greg Morrisett, Dan Grossman, Michael W Hicks, James Cheney, and Yanling Wang. 2002. Cyclone: A Safe Dialect of C. In Proceedings of the General Track of the annual conference on USENIX Annual Technical Conference. USENIX Association, 275–288.Google ScholarGoogle Scholar
  22. A. Joannou, J. Woodruff, R. Kovacsics, S. W. Moore, A. Bradbury, H. Xia, R. N. M. Watson, D. Chisnall, M. Roe, B. Davis, E. Napierala, J. Baldwin, K. Gudka, P. G. Neumann, A. Mazzinghi, A. Richardson, S. Son, and A. T. Markettos. 2017. Efficient Tagged Memory. In 2017 IEEE International Conference on Computer Design (ICCD). 641–648. Google ScholarGoogle ScholarCross RefCross Ref
  23. Tal Lev-Ami and Mooly Sagiv. 2000. TVLA: A System for Implementing Static Analyses. In Static Analysis, Jens Palsberg (Ed.). Springer Berlin Heidelberg, Berlin, Heidelberg, 280–301.Google ScholarGoogle Scholar
  24. Christof Løding, P. Madhusudan, Adithya Murali, and Lucas Pe. 2019. A First Order Logic with Frames. CoRR abs/1910.09089 (2019). arXiv: 1910.09089 https://arxiv.org/abs/1901.09089Google ScholarGoogle Scholar
  25. Roman Manevich, E. Yahav, G. Ramalingam, and Mooly Sagiv. 2005. Predicate Abstraction and Canonical Abstraction for Singly-Linked Lists. In Verification, Model Checking, and Abstract Interpretation, Radhia Cousot (Ed.). Springer Berlin Heidelberg, Berlin, Heidelberg, 181–198.Google ScholarGoogle Scholar
  26. Umang Mathur, P. Madhusudan, and Mahesh Viswanathan. 2019a. Decidable Verification of Uninterpreted Programs. Proc. ACM Program. Lang. 3, POPL, Article 46 (Jan. 2019), 29 pages. Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. Umang Mathur, P. Madhusudan, and Mahesh Viswanathan. 2019b. What’s Decidable About Program Verification Modulo Axioms? CoRR abs/1910.10889 (2019). arXiv: 1910.10889 https://arxiv.org/abs/1910.10889Google ScholarGoogle Scholar
  28. Umang Mathur, Adithya Murali, Paul Krogmeier, P. Madhusudan, and Mahesh Viswanathan. 2019c. Deciding Memory Safety for Single-Pass Heap-Manipulating Programs. CoRR abs/1910.00298 (2019). arXiv: 1910.00298 http://arxiv.org/abs/ 1910.00298Google ScholarGoogle Scholar
  29. Umang Mathur, Adithya Murali, Paul Krogmeier, P. Madhusudan, and Mahesh Viswanathan. 2019d. StreamVerif : Automata Based Verification of Uninterpreted Programs. https://github.com/umangm/streamverif .Google ScholarGoogle Scholar
  30. Nicholas D. Matsakis and Felix S. Klock, II. 2014. The Rust Language. In Proceedings of the 2014 ACM SIGAda Annual Conference on High Integrity Language Technology (HILT ’14). ACM, New York, NY, USA, 103–104. Google ScholarGoogle ScholarDigital LibraryDigital Library
  31. Microsoft. 2019. 70 Percent of All Security Bugs Are Memory Safety Issues. https://it.slashdot.org/story/19/02/11/2019247/ microsoft- 70- percent- of- all- security- bugs- are- memory- safety- issues . Accessed: 2019-04-05.Google ScholarGoogle Scholar
  32. Anders Møller and Michael I. Schwartzbach. 2001. The Pointer Assertion Logic Engine. In Proceedings of the ACM SIGPLAN 2001 Conference on Programming Language Design and Implementation (PLDI ’01). ACM, New York, NY, USA, 221–231. Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. Santosh Nagarakatte, Milo M. K. Martin, and Steve Zdancewic. 2015. Everything You Want to Know About Pointer-Based Checking. In 1st Summit on Advances in Programming Languages (SNAPL 2015) (Leibniz International Proceedings in Informatics (LIPIcs)), Thomas Ball, Rastislav Bodik, Shriram Krishnamurthi, Benjamin S. Lerner, and Greg Morrisett (Eds.), Vol. 32. Schloss Dagstuhl–Leibniz-Zentrum fuer Informatik, Dagstuhl, Germany, 190–208. Google ScholarGoogle ScholarCross RefCross Ref
  34. Juan Antonio Navarro Pérez and Andrey Rybalchenko. 2011. Separation Logic + Superposition Calculus = Heap Theorem Prover. In Proceedings of the 32Nd ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI ’11). ACM, New York, NY, USA, 556–566. Google ScholarGoogle ScholarDigital LibraryDigital Library
  35. Juan Antonio Navarro Pérez and Andrey Rybalchenko. 2013. Separation Logic Modulo Theories. In Programming Languages and Systems, Chung-chieh Shan (Ed.). Springer International Publishing, Cham, 90–106.Google ScholarGoogle Scholar
  36. George C. Necula, Jeremy Condit, Matthew Harren, Scott McPeak, and Westley Weimer. 2005. CCured: type-safe retrofitting of legacy software. ACM Trans. Program. Lang. Syst. 27, 3 (2005), 477–526. Google ScholarGoogle ScholarDigital LibraryDigital Library
  37. George C Necula, Scott McPeak, and Westley Weimer. 2002. CCured: Type-safe retrofitting of legacy code. In ACM SIGPLAN Notices, Vol. 37. ACM, 128–139.Google ScholarGoogle ScholarDigital LibraryDigital Library
  38. Daniel Neider, Pranav Garg, P. Madhusudan, Shambwaditya Saha, and Daejun Park. 2018. Invariant Synthesis for Incomplete Verification Engines. In Tools and Algorithms for the Construction and Analysis of Systems, Dirk Beyer and Marieke Huisman (Eds.). Springer International Publishing, Cham, 232–250.Google ScholarGoogle Scholar
  39. Nicholas Nethercote and Julian Seward. 2007. Valgrind: A Framework for Heavyweight Dynamic Binary Instrumentation. In Proceedings of the 28th ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI ’07). ACM, New York, NY, USA, 89–100. Google ScholarGoogle ScholarDigital LibraryDigital Library
  40. Peter W. O’Hearn, John C. Reynolds, and Hongseok Yang. 2001. Local Reasoning About Programs That Alter Data Structures. In Proceedings of the 15th International Workshop on Computer Science Logic (CSL ’01). Springer-Verlag, London, UK, UK, 1–19. http://dl.acm.org/citation.cfm?id=647851.737404Google ScholarGoogle ScholarDigital LibraryDigital Library
  41. Oleksii Oleksenko, Dmitrii Kuvaiskii, Pramod Bhatotia, Pascal Felber, and Christof Fetzer. 2018. Intel MPX Explained: A Cross-layer Analysis of the Intel MPX System Stack. Proc. ACM Meas. Anal. Comput. Syst. 2, 2, Article 28 (June 2018), 30 pages. Google ScholarGoogle ScholarDigital LibraryDigital Library
  42. Ruzica Piskac, Thomas Wies, and Damien Zufferey. 2013. Automating Separation Logic Using SMT. In Proceedings of the 25th International Conference on Computer Aided Verification - Volume 8044 (CAV 2013). Springer-Verlag New York, Inc., New York, NY, USA, 773–789. Google ScholarGoogle ScholarCross RefCross Ref
  43. Ruzica Piskac, Thomas Wies, and Damien Zufferey. 2014a. Automating Separation Logic with Trees and Data. In Computer Aided Verification, Armin Biere and Roderick Bloem (Eds.). Springer International Publishing, Cham, 711–728.Google ScholarGoogle Scholar
  44. Ruzica Piskac, Thomas Wies, and Damien Zufferey. 2014b. GRASShopper. In Tools and Algorithms for the Construction and Analysis of Systems, Erika Ábrahám and Klaus Havelund (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 124–139.Google ScholarGoogle Scholar
  45. John C. Reynolds. 2002. Separation Logic: A Logic for Shared Mutable Data Structures. In Proceedings of the 17th Annual IEEE Symposium on Logic in Computer Science (LICS ’02). IEEE Computer Society, Washington, DC, USA, 55–74. http: //dl.acm.org/citation.cfm?id=645683.664578Google ScholarGoogle ScholarDigital LibraryDigital Library
  46. Grigore Rosu, Wolfram Schulte, and Traian Florin Serbanuta. 2009. Runtime Verification of C Memory Safety. In Runtime Verification (RV’09) (Lecture Notes in Computer Science), Saddek Bensalem and Doron A. Peled (Eds.), Vol. 5779. 132–152.Google ScholarGoogle Scholar
  47. Safe-C. 2019. Safe C Library. https://rurban.github.io/safeclib/doc/safec- 3.4/index.html . Accessed: 2019-04-05.Google ScholarGoogle Scholar
  48. Mooly Sagiv, Thomas Reps, and Reinhard Wilhelm. 1999. Parametric Shape Analysis via 3-valued Logic. In Proceedings of the 26th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL ’99). ACM, New York, NY, USA, 105–118. Google ScholarGoogle ScholarDigital LibraryDigital Library
  49. Konstantin Serebryany, Derek Bruening, Alexander Potapenko, and Dmitry Vyukov. 2012. AddressSanitizer: A Fast Address Sanity Checker. In Proceedings of the 2012 USENIX Conference on Annual Technical Conference (USENIX ATC’12). USENIX Association, Berkeley, CA, USA, 28–28. http://dl.acm.org/citation.cfm?id=2342821.2342849Google ScholarGoogle ScholarDigital LibraryDigital Library
  50. Kostya Serebryany, Evgenii Stepanov, Aleksey Shlyapnikov, Vlad Tsyrklevich, and Dmitry Vyukov. 2018. Memory Tagging and how it improves C/C++ memory safety. CoRR abs/1802.09517 (2018). arXiv: 1802.09517 http://arxiv.org/abs/1802.09517Google ScholarGoogle Scholar
  51. Laszlo Szekeres, Mathias Payer, Tao Wei, and Dawn Song. 2013. SoK: Eternal War in Memory. In Proceedings of the 2013 IEEE Symposium on Security and Privacy (SP ’13). IEEE Computer Society, Washington, DC, USA, 48–62. Google ScholarGoogle ScholarDigital LibraryDigital Library
  52. The Rust Team. 2019. The Rust programming language. https://www.rust- lang.org/Google ScholarGoogle Scholar
  53. Robert N. M. Watson, Jonathan Woodruff, Peter G. Neumann, Simon W. Moore, Jonathan Anderson, David Chisnall, Nirav Dave, Brooks Davis, Khilan Gudka, Ben Laurie, Steven J. Murdoch, Robert Norton, Michael Roe, Stacey Son, and Munraj Vadera. 2015. CHERI: A Hybrid Capability-System Architecture for Scalable Software Compartmentalization. In Proceedings of the 2015 IEEE Symposium on Security and Privacy (SP ’15). IEEE Computer Society, Washington, DC, USA, 20–37. Google ScholarGoogle ScholarDigital LibraryDigital Library
  54. Eran Yahav. 2001. Verifying Safety Properties of Concurrent Java Programs Using 3-valued Logic. In Proceedings of the 28th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL ’01). ACM, New York, NY, USA, 27–40. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Deciding memory safety for single-pass heap-manipulating programs

      Recommendations

      Comments

      Login options

      Check if you have access through your login credentials or your institution to get full access on this article.

      Sign in

      Full Access

      PDF Format

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader
      About Cookies On This Site

      We use cookies to ensure that we give you the best experience on our website.

      Learn more

      Got it!