EffectiveSan: type and memory error detection using dynamically typed C/C++-Reference-Cited by-同舟云学术

EffectiveSan: type and memory error detection using dynamically typed C/C++

Published:2018-12-02 Issue:4 Volume:53 Page:181-195
ISSN:0362-1340
Container-title:ACM SIGPLAN Notices
language:en
Short-container-title:SIGPLAN Not.

Author:

Duck Gregory J.¹,Yap Roland H. C.¹

Affiliation:

1. National University of Singapore, Singapore

Abstract

Low-level programming languages with weak/static type systems, such as C and C++, are vulnerable to errors relating to the misuse of memory at runtime, such as (sub-)object bounds overflows, (re)use-after-free, and type confusion. Such errors account for many security and other undefined behavior bugs for programs written in these languages. In this paper, we introduce the notion of dynamically typed C/C++, which aims to detect such errors by dynamically checking the "effective type" of each object before use at runtime. We also present an implementation of dynamically typed C/C++ in the form of the Effective Type Sanitizer (EffectiveSan). EffectiveSan enforces type and memory safety using a combination of low-fat pointers, type meta data and type/bounds check instrumentation. We evaluate EffectiveSan against the SPEC2006 benchmark suite and the Firefox web browser, and detect several new type and memory errors. We also show that EffectiveSan achieves high compatibility and reasonable overheads for the given error coverage. Finally, we highlight that EffectiveSan is one of only a few tools that can detect sub-object bounds errors, and uses a novel approach (dynamic type checking) to do so.

Funder

National Research Foundation

Publisher

Association for Computing Machinery (ACM)

Subject

Computer Graphics and Computer-Aided Design,Software

Link

https://dl.acm.org/doi/pdf/10.1145/3296979.3192388

Reference34 articles.

1. T. Austin S. Breach and G. Sohi. 1994. Efficient Detection of All Pointer and Array Access Errors. In Programming Language Design and Implementation. ACM. T. Austin S. Breach and G. Sohi. 1994. Efficient Detection of All Pointer and Array Access Errors. In Programming Language Design and Implementation . ACM.

2. H. Boehm and M. Weiser. 1988. Garbage Collection in an Uncooperative Environment. Software Practical Experience 18 9 (1988). H. Boehm and M. Weiser. 1988. Garbage Collection in an Uncooperative Environment. Software Practical Experience 18 9 (1988).

3. Debugging Information Format Committee. 2010. DWARF Debugging Information Format V4. Debugging Information Format Committee. 2010. DWARF Debugging Information Format V4 .

4. A. Diwan K. McKinley and J. Moss. 1998. Type-based Alias Analysis. In Programming Language Design and Implementation. ACM. A. Diwan K. McKinley and J. Moss. 1998. Type-based Alias Analysis. In Programming Language Design and Implementation . ACM.

Cited by 5 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Highly Comprehensive and Efficient Memory Safety Enforcement with Pointer Tagging;2024 54th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops (DSN-W);2024-06-24

2. SoftBound+CETS Revisited;Proceedings of the 17th European Workshop on Systems Security;2024-04-22

3. A Memory Object Sensitive Detecting Method for Use-After-Free Vulnerabilities;2023 2nd International Conference on Artificial Intelligence, Human-Computer Interaction and Robotics (AIHCIR);2023-12-08

4. Assessing the Impact of Efficiently Protecting Ten Million Stack Objects from Memory Errors Comprehensively;2023 IEEE Secure Development Conference (SecDev);2023-10-18

5. HWASanIO: Detecting C/C++ Intra-object Overflows with Memory Shading;Proceedings of the 12th ACM SIGPLAN International Workshop on the State Of the Art in Program Analysis;2023-06-06