Affiliation:
1. Massachusetts Institute of Technology, Cambridge, MA
Abstract
This article studies undefined behavior arising in systems programming languages such as C/C++. Undefined behavior bugs lead to unpredictable and subtle systems behavior, and their effects can be further amplified by compiler optimizations. Undefined behavior bugs are present in many systems, including the Linux kernel and the Postgres database. The consequences range from incorrect functionality to missing security checks. This article proposes a formal and practical approach that finds undefined behavior bugs by finding “unstable code” in terms of optimizations that leverage undefined behavior. Using this approach, we introduce a new static checker called S
tack
that precisely identifies undefined behavior bugs. Applying S
tack
to widely used systems has uncovered 161 new bugs that have been confirmed and fixed by developers.
Funder
Defense Advanced Research Projects Agency
National Science Foundation
Publisher
Association for Computing Machinery (ACM)
Cited by
9 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献