Affiliation:
1. University of Cambridge, Cambridge, United Kingdom
2. SRI International, Menlo Park, USA
Abstract
We propose a new memory-safe interpretation of the C abstract machine that provides stronger protection to benefit security and debugging. Despite ambiguities in the specification intended to provide implementation flexibility, contemporary implementations of C have converged on a memory model similar to the PDP-11, the original target for C. This model lacks support for memory safety despite well-documented impacts on security and reliability.
Attempts to change this model are often hampered by assumptions embedded in a large body of existing C code, dating back to the memory model exposed by the original C compiler for the PDP-11. Our experience with attempting to implement a memory-safe variant of C on the CHERI experimental microprocessor led us to identify a number of problematic idioms. We describe these as well as their interaction with existing memory safety schemes and the assumptions that they make beyond the requirements of the C specification. Finally, we refine the CHERI ISA and abstract model for C, by combining elements of the CHERI capability model and fat pointers, and present a softcore CPU that implements a C abstract machine that can run legacy C code with strong memory protection guarantees.
Funder
Defense Advanced Research Projects Agency
Publisher
Association for Computing Machinery (ACM)
Reference35 articles.
1. Is address space 1 reserved? URL http://lists.cs.uiuc.edu/pipermail/llvmdev/2015-January/080288.html. Is address space 1 reserved? URL http://lists.cs.uiuc.edu/pipermail/llvmdev/2015-January/080288.html.
2. Smashing the stack for fun and profit;One Alelph;Phrack Magazine,1996
3. A few billion lines of code later
4. Garbage collection in an uncooperative environment
Cited by
7 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献