论文信息 - CETS: compiler enforced temporal safety for C

CETS: compiler enforced temporal safety for C

Temporal memory safety errors, such as dangling pointer dereferences and double frees, are a prevalent source of software bugs in unmanaged languages such as C. Existing schemes that attempt to retrofit temporal safety for such languages have high runtime overheads and/or are incomplete, thereby limiting their effectiveness as debugging aids. This paper presents CETS, a compile-time transformation for detecting all violations of temporal safety in C programs. Inspired by existing approaches, CETS maintains a unique identifier with each object, associates this metadata with the pointers in a disjoint metadata space to retain memory layout compatibility, and checks that the object is still allocated on pointer dereferences. A formal proof shows that this is sufficient to provide temporal safety even in the presence of arbitrary casts if the program contains no spatial safety violations. Our CETS prototype employs both temporal check removal optimizations and traditional compiler optimizations to achieve a runtime overhead of just 48% on average. When combined with a spatial-checking system, the average overall overhead is 116% for complete memory safety

[1] Rajiv Gupta. A fresh look at optimizing array bound checking , 1990, PLDI '90.

[2] Robert O. Hastings,et al. Fast detection of memory leaks and access errors , 1991 .

[3] Hans-Juergen Boehm. Space efficient conservative garbage collection , 2004, SIGP.

[4] Todd M. Austin,et al. Efficient detection of all pointer and array access errors , 1994, PLDI '94.

[5] Paul H. J. Kelly,et al. Backwards-Compatible Bounds Checking for Arrays and Pointers in C Programs , 1997, AADEBUG.

[6] Harish Patil,et al. Low‐cost, Concurrent Checking of Pointer and Array Accesses in C Programs , 1997 .

[7] Hugo Herbelin,et al. The Coq proof assistant : reference manual, version 6.1 , 1997 .

[8] Vivek Sarkar,et al. ABCD: eliminating array bounds checks on demand , 2000, PLDI '00.

[9] James Cheney,et al. Cyclone: A Safe Dialect of C , 2002, USENIX Annual Technical Conference, General Track.

[10] Dan Grossman,et al. Safe Programming at the C Level of Abstraction , 2003 .

[11] Dinakar Dhurjati,et al. Memory safety without runtime checks or garbage collection , 2003 .

[12] Susan Horwitz,et al. Protecting C programs from attacks via invalid pointer dereferences , 2003, ESEC/FSE-11.

[13] Wei Xu,et al. An efficient and backwards-compatible transformation to ensure memory safety of C programs , 2004, SIGSOFT '04/FSE-12.

[14] Vikram S. Adve,et al. LLVM: a compilation framework for lifelong program analysis & transformation , 2004, International Symposium on Code Generation and Optimization, 2004. CGO 2004..

[15] Martín Abadi,et al. Control-flow integrity , 2005, CCS '05.

[16] George C. Necula,et al. CCured: type-safe retrofitting of legacy software , 2005, TOPL.

[17] Dinakar Dhurjati,et al. Efficiently Detecting All Dangling Pointer Uses in Production Servers , 2006, International Conference on Dependable Systems and Networks (DSN'06).

[18] Miguel Castro,et al. Securing software by enforcing data-flow integrity , 2006, OSDI '06.

[19] Emery D. Berger,et al. DieHard: probabilistic memory safety for unsafe languages , 2006, PLDI '06.

[20] Dinakar Dhurjati,et al. Backwards-compatible array bounds checking for C with very low overhead , 2006, ICSE.

[21] Nicholas Nethercote,et al. Valgrind: a framework for heavyweight dynamic binary instrumentation , 2007, PLDI '07.

[22] Hanspeter Mössenböck,et al. Array bounds check elimination for the Java HotSpot#8482; client compiler , 2007, PPPJ.

[23] Guru Venkataramani,et al. MemTracker: Efficient and Programmable Support for Memory Access Monitoring and Debugging , 2007, 2007 IEEE 13th International Symposium on High Performance Computer Architecture.

[24] Nicholas Nethercote,et al. How to shadow every byte of memory used by a program , 2007, VEE '07.

[25] George C. Necula,et al. Dependent Types for Low-Level Programming , 2007, ESOP.

[26] Emery D. Berger,et al. Exterminator: automatically correcting memory errors with high probability , 2007, PLDI '07.

[27] Milo M. K. Martin,et al. Hardbound: architectural support for spatial safety of the C programming language , 2008, ASPLOS.

[28] Miguel Castro,et al. Preventing Memory Error Exploits with WIT , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[29] Milo M. K. Martin,et al. SoftBound: highly compatible and complete spatial memory safety for c , 2009, PLDI '09.