skip to main content
research-article

Soundness of a Dataflow Analysis for Memory Monitoring

Authors Info & Claims
Published:06 December 2019Publication History
Skip Abstract Section

Abstract

An important concern addressed by runtime verification tools for C code is related to detecting memory errors. It requires to monitor some properties of memory locations (e.g., their validity and initialization) along the whole program execution. Static analysis based optimizations have been shown to significantly improve the performances of such tools by reducing the monitoring of irrelevant locations. However, soundness of the verdict of the whole tool strongly depends on the soundness of the underlying static analysis technique. This paper tackles this issue for the dataflow analysis used to optimize the E-ACSL runtime assertion checking tool.We formally define the core dataflow analysis used by E-ACSL and prove its soundness.

References

  1. Todd M. Austin, Scott E. Breach, and Gurindar S. Sohi. Efficient detection of all pointer and array access errors. In Programming Languages Design and Implementation (PLDI). ACM, 1994.Google ScholarGoogle Scholar
  2. Yves Bertot, Benjamin Grégoire, and Xavier Leroy. A structured approach to proving compiler optimizations based on dataflow analysis. In Types for Proofs and Programs (TYPES). Springer, 2006.Google ScholarGoogle Scholar
  3. Sandrine Blazy and Xavier Leroy. Mechanized semantics for the Clight subset of the C language. Journal of Automated Reasoning, 43, 2009.Google ScholarGoogle Scholar
  4. David Cachera, Thomas P. Jensen, David Pichardie, and Vlad Rusu. Extracting a data flow analyser in constructive logic. Theoretical Computer Science, 342, 2005.Google ScholarGoogle Scholar
  5. Steve Christey. 2011 CWE/SANS top 25 most dangerous software errors. Technical Report 1.0.3, The MITRE Corporation, http://www.mitre.org, 2011.Google ScholarGoogle Scholar
  6. Lori A. Clarke and David S. Rosenblum. A historical perspective on runtime assertion checking in software development. Software Engineering Notes, 31, 2006.Google ScholarGoogle Scholar
  7. Loïc Correnson and Julien Signoles. Combining analyses for C program verification. In Formal Methods for Industrial Case Studies (FMICS). Springer, 2012.Google ScholarGoogle Scholar
  8. M. Delahaye, N. Kosmatov, and J. Signoles. Common specification language for static and dynamic analysis of C programs. In Applied Computing (SAC). ACM, 2013.Google ScholarGoogle Scholar
  9. Martin Hofmann, Aleksandr Karbyshev, and Helmut Seidl. Verifying a local generic solver in Coq. In Static Analysis (SAS). Springer, 2010.Google ScholarGoogle ScholarCross RefCross Ref
  10. Programming languages -- C. ISO/IEC 9899:1999, 1999.Google ScholarGoogle Scholar
  11. Arvid Jakobsson, Nikolai Kosmatov, and Julien Signoles. Fast as a shadow, expressive as a tree: optimized memory monitoring for C. Science of Computer Programming, 132, 2016.Google ScholarGoogle Scholar
  12. Jacques-Henri Jourdan, Vincent Laporte, Sandrine Blazy, Xavier Leroy, and David Pichardie. A formally-verified C static analyzer. In Principles of Programming Languages (POPL). ACM, 2015.Google ScholarGoogle Scholar
  13. Gary A. Kildall. A unified approach to global program optimization. In Principles of Programming Languages (POPL). ACM, 1973.Google ScholarGoogle Scholar
  14. F. Kirchner, N. Kosmatov, V. Prevosto, J. Signoles, and B. Yakobowski. Frama-C: A software analysis perspective. Formal Aspects of Computing, 27, 2015.Google ScholarGoogle Scholar
  15. N. Kosmatov, G. Petiot, and J. Signoles. An optimized memory monitoring for runtime assertion checking of C programs. In Runtime Verification (RV). Springer, 2013.Google ScholarGoogle Scholar
  16. Xavier Leroy, Andrew W. Appel, Sandrine Blazy, and Gordon Stewart. The CompCert memory model. In Andrew W. Appel, editor, Program Logics for Certified Compilers. Cambridge University Press, 2014.Google ScholarGoogle Scholar
  17. Michael Mehlich. CheckPointer - a C memory access validator. In Source Code Analysis and Manipulation (SCAM). IEEE, 2011.Google ScholarGoogle Scholar
  18. G. C. Necula, J. Condit, M. Harren, S. McPeak, andW.Weimer. CCured: Type-safe retrofitting of legacy software. Programming Languages and Systems (TOPLAS), 27, 2005.Google ScholarGoogle Scholar
  19. Flemming Nielson, Hanne R. Nielson, and Chris Hankin. Principles of Program Analysis. Springer-Verlag New York, 1999.Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. Yutaka Oiwa. Implementation of the memory-safe full ANSI-C compiler. In Programming Language Design and Implementation (PLDI). ACM, 2009.Google ScholarGoogle Scholar
  21. Guillaume Petiot, Nikolai Kosmatov, Bernard Botella, Alain Giorgetti, and Jacques Julliand. Your proof fails? Testing helps to find the reason. In Tests and Proofs (TAP). Springer, 2016.Google ScholarGoogle Scholar
  22. K. Serebryany, D. Bruening, A. Potapenko, and D. Vyukov. AddressSanitizer: a fast address sanity checker. In USENIX Annual Technical Conference (USENIX). USENIX Association, 2012.Google ScholarGoogle Scholar
  23. Julien Signoles, Nikolai Kosmatov, and Kostyantyn Vorobyov. E-ACSL, a runtime verification tool for safety and security of C programs. tool paper. In Competitions, Usability, Benchmarks, Evaluation, and Standardisation for Runtime Verification Tools (RV-CuBES). EasyChair, 2017.Google ScholarGoogle Scholar
  24. Matthew S. Simpson and Rajeev Barua. MemSafe: ensuring the spatial and temporal memory safety of C at runtime. Software: Practice and Experience, 43, 2013.Google ScholarGoogle Scholar
  25. Dokyung Song, Julian Lettner, Prabhu Rajasekaran, Yeoul Na, Stijn Volckaert, Per Larsen, and Michael Franz. SoK: sanitizing for security. In Security and Privacy (S&P). IEEE, 2019. to appear.Google ScholarGoogle Scholar
  26. Mark Sullivan and Ram Chillarege. Software defects and their impact on system availability: a study of field failures in operating systems. In Fault Tolerant Computing (FTCS). IEEE, 1991.Google ScholarGoogle Scholar
  27. Victor van der Veen, Nitish dutt Sharma, Lorenzo Cavallaro, and Herbert Bos. Memory errors: the past, the present, and the future. In Research in Attacks, Intrusions, and Defenses (RAID). Springer, 2012.Google ScholarGoogle Scholar
  28. Kostyantyn Vorobyov, Julien Signoles, and Nikolai Kosmatov. Shadow state encoding for efficient monitoring of block-level properties. In Memory Management (ISMM). ACM, 2017.Google ScholarGoogle Scholar
  29. Kostyantyn Vorobyov, Nikolai Kosmatov, and Julien Signoles. Detection of security vulnerabilities in C code using runtime verification: an experience report. In Tests and Proofs (TAP). Springer, 2018.Google ScholarGoogle Scholar
  30. Jun Yuan and Rob Johnson. CAWDOR: compiler assisted worm defense. In Source Code Analysis and Manipulation (SCAM). IEEE, 2012.Google ScholarGoogle Scholar

Index Terms

(auto-classified)
  1. Soundness of a Dataflow Analysis for Memory Monitoring

      Recommendations

      Comments

      Login options

      Check if you have access through your login credentials or your institution to get full access on this article.

      Sign in

      Full Access

      • Published in

        cover image ACM SIGAda Ada Letters
        ACM SIGAda Ada Letters  Volume 38, Issue 2
        December 2018
        106 pages
        ISSN:1094-3641
        DOI:10.1145/3375408
        • Editor:
        • Alok Srivastava
        Issue’s Table of Contents

        Copyright © 2019 Copyright is held by the owner/author(s)

        Publisher

        Association for Computing Machinery

        New York, NY, United States

        Publication History

        • Published: 6 December 2019

        Check for updates

        Qualifiers

        • research-article

      PDF Format

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader
      About Cookies On This Site

      We use cookies to ensure that we give you the best experience on our website.

      Learn more

      Got it!