Taming C Pointers

We present the sound CCured type system for C programs that classifies pointers according to their usage and instructs a source-to-source translator to extend the program with run-time checks in order to guarantee memory safety. CCured can be used on existing C programs thanks to a simple pointer-kind inferencer which on many programs discovers that over 80% of the pointers are type-safe. Among the obstacles that we had to overcome in the design of CCured was a notion of physical subtyping that is expressive enough to capture common C programming paradigms, is sound in the presence of pointer arithmetic and is suited for simple type inference. We present experimental evidence that such a combination of static analysis and run-time checking for C can make system software like Apache modules, Linux device drivers, and network server software memory-safe with a reasonable performance cost and can find programming errors in instances where some existing tools like Purify cannot.

[1]  Martín Abadi,et al.  Dynamic typing in a statically-typed language , 1989, POPL '89.

[2]  Geoffrey Smith,et al.  A Sound Polymorphic Type System for a Dialect of C , 1998, Sci. Comput. Program..

[3]  Satish Chandra,et al.  Physical type checking for C , 1999, PASTE '99.

[4]  Robert O. Hastings,et al.  Fast detection of memory leaks and access errors , 1991 .

[5]  Simon L. Peyton Jones,et al.  Dynamic typing as staged type inference , 1998, POPL '98.

[6]  David A. Wagner,et al.  A First Step Towards Automated Detection of Buffer Overrun Vulnerabilities , 2000, NDSS.

[7]  Robert Cartwright,et al.  A practical soft type system for scheme , 1997, TOPL.

[8]  Harish Patil,et al.  Efficient Run-time Monitoring Using Shadow Processing , 1995, AADEBUG.

[9]  Robert Cartwright,et al.  Soft typing , 2004, SIGP.

[10]  Todd M. Austin,et al.  Efficient detection of all pointer and array access errors , 1994, PLDI '94.

[11]  Susan Horwitz,et al.  Debugging via Run-Time Type Checking , 2001, FASE.

[12]  George C. Necula,et al.  A certifying compiler for Java , 2000, PLDI '00.

[13]  Satish R. Thatte Quasi-static typing , 1989, POPL '90.

[14]  Paul H. J. Kelly,et al.  Backwards-Compatible Bounds Checking for Arrays and Pointers in C Programs , 1997, AADEBUG.

[15]  George C. Necula,et al.  CCured: type-safe retrofitting of legacy code , 2002, POPL '02.

[16]  Harish Patil,et al.  Low‐cost, Concurrent Checking of Pointer and Array Accesses in C Programs , 1997 .

[17]  Martin C. Carlisle,et al.  Olden: parallelizing programs with dynamic data structures on distributed-memory machines , 1996 .

[18]  Frank Tip,et al.  Aggregate structure identification and its application to program analysis , 1999, POPL '99.

[19]  Andreas Kind,et al.  A practical approach to type inference for EuLisp , 1993, LISP Symb. Comput..

[20]  Satish Chandra,et al.  Coping with type casts in C , 1999, ESEC/FSE-7.

[21]  Fritz Henglein,et al.  Global tagging optimization by type inference , 1992, LFP '92.