CCured in the real world

CCured is a program transformation system that adds memory safety guarantees to C programs by verifying statically that memory errors cannot occur and by inserting run-time checks where static verification is insufficient.This paper addresses major usability issues in a previous version of CCured, in which many type casts required the use of pointers whose representation was expensive and incompatible with precompiled libraries. We have extended the CCured type inference algorithm to recognize and verify statically a large number of type casts; this goal is achieved by using physical subtyping and pointers with run-time type information to allow parametric and subtype polymorphism. In addition, we present a new instrumentation scheme that splits CCured's metadata into a separate data structure whose shape mirrors that of the original user data. This scheme allows instrumented programs to invoke external functions directly on the program's data without the use of a wrapper function.With these extensions we were able to use CCured on real-world security-critical network daemons and to produce instrumented versions without memory-safety vulnerabilities.

[1]  Westley Weimer The ccured type system and type inference , 2002 .

[2]  Robert Cartwright,et al.  Soft typing , 2004, SIGP.

[3]  Martín Abadi,et al.  Dynamic typing in a statically-typed language , 1989, POPL '89.

[4]  Simon L. Peyton Jones,et al.  Dynamic typing as staged type inference , 1998, POPL '98.

[5]  Andreas Kind,et al.  A practical approach to type inference for EuLisp , 1993, LISP Symb. Comput..

[6]  James Cheney,et al.  Cyclone: A Safe Dialect of C , 2002, USENIX Annual Technical Conference, General Track.

[7]  Susan Horwitz,et al.  Debugging via Run-Time Type Checking , 2001, FASE.

[8]  Satish Chandra,et al.  Coping with type casts in C , 1999, ESEC/FSE-7.

[9]  S SohiGurindar,et al.  Efficient detection of all pointer and array access errors , 1994 .

[10]  George C. Necula,et al.  CCured: type-safe retrofitting of legacy code , 2002, POPL '02.

[11]  Satish Chandra,et al.  Physical type checking for C , 1999, PASTE '99.

[12]  David A. Wagner,et al.  A First Step Towards Automated Detection of Buffer Overrun Vulnerabilities , 2000, NDSS.

[13]  Paul H. J. Kelly,et al.  Backwards-Compatible Bounds Checking for Arrays and Pointers in C Programs , 1997, AADEBUG.

[14]  Harish Patil,et al.  Efficient Run-time Monitoring Using Shadow Processing , 1995, AADEBUG.

[15]  Robert Cartwright,et al.  A practical soft type system for scheme , 1997, TOPL.

[16]  Harish Patil,et al.  Low-Cost, Concurrent Checking of Pointer and Array Accesses in C Programs , 1997, Softw. Pract. Exp..

[17]  Alexander Aiken,et al.  A theory of type qualifiers , 1999, PLDI '99.

[18]  Frank Tip,et al.  Aggregate structure identification and its application to program analysis , 1999, POPL '99.

[19]  Fritz Henglein,et al.  Global tagging optimization by type inference , 1992, LFP '92.

[20]  Satish R. Thatte Quasi-static typing , 1989, POPL '90.

[21]  Geoffrey Smith,et al.  A Sound Polymorphic Type System for a Dialect of C , 1998, Sci. Comput. Program..

[22]  Martin C. Carlisle,et al.  Olden: parallelizing programs with dynamic data structures on distributed-memory machines , 1996 .

[23]  Robert O. Hastings,et al.  Fast detection of memory leaks and access errors , 1991 .

[24]  Todd M. Austin,et al.  Efficient detection of all pointer and array access errors , 1994, PLDI '94.