论文信息 - MemorySanitizer: Fast detector of uninitialized memory use in C++

MemorySanitizer: Fast detector of uninitialized memory use in C++

This paper presents MemorySanitizer, a dynamic tool that detects uses of uninitialized memory in C and C++. The tool is based on compile time instrumentation and relies on bit-precise shadow memory at run-time. Shadow propagation technique is used to avoid false positive reports on copying of uninitialized memory. MemorySanitizer finds bugs at a modest cost of 2.5× in execution time and 2× in memory usage; the tool has an optional origin tracking mode that provides better reports with moderate extra overhead. The reports with origins are more detailed compared to reports from other similar tools; such reports contain names of local variables and the entire history of the uninitialized memory including intermediate stores. In this paper we share our experience in deploying the tool at a large scale and demonstrate the benefits of compile-time instrumentation over dynamic binary instrumentation.

Konstantin Serebryany | Evgeniy Stepanov | Evgeniy Stepanov | Kostya Serebryany | E. Stepanov

[1] S. Tucker Taft,et al. Information technology — Programming Languages — Ada , 2001 .

[2] Derek Bruening,et al. Efficient, transparent, and comprehensive runtime code manipulation , 2004 .

[3] Nicholas Nethercote,et al. Using Valgrind to Detect Undefined Value Errors with Bit-Precision , 2005, USENIX Annual Technical Conference, General Track.

[4] Harish Patil,et al. Pin: building customized program analysis tools with dynamic instrumentation , 2005, PLDI '05.

[5] Emery D. Berger,et al. DieHard: probabilistic memory safety for unsafe languages , 2006, PLDI '06.

[6] Nicholas Nethercote,et al. Valgrind: a framework for heavyweight dynamic binary instrumentation , 2007, PLDI '07.

[7] Michael D. Bond,et al. Tracking bad apples: reporting the origin of null and undefined value errors , 2007, OOPSLA.

[8] Emery D. Berger,et al. DieHarder: securing the heap , 2010, CCS '10.

[9] Qin Zhao,et al. Practical memory checking with Dr. Memory , 2011, International Symposium on Code Generation and Optimization (CGO 2011).

[10] Derek Bruening,et al. AddressSanitizer: A Fast Address Sanity Checker , 2012, USENIX Annual Technical Conference.

[11] Timur Iskhodzhanov,et al. Combining compile-time and run-time instrumentation for testing tools , 2013 .

[12] Jingling Xue,et al. Accelerating Dynamic Detection of Uses of Undefined Values with Static Value-Flow Analysis , 2014, CGO '14.