Jeremy Condit scite author profile

This article describes CCured, a program transformation system that adds type safety guarantees to existing C programs. CCured attempts to verify statically that memory errors cannot occur, and it inserts run-time checks where static verification is insufficient.CCured extends C's type system by separating pointer types according to their usage, and it uses a surprisingly simple type inference algorithm that is able to infer the appropriate pointer kinds for existing C programs. CCured uses physical subtyping to recognize and verify a large number of type casts at compile time. Additional type casts are verified using run-time type information. CCured uses two instrumentation schemes, one that is optimized for performance and one in which metadata is stored in a separate data structure whose shape mirrors that of the original user data. This latter scheme allows instrumented programs to invoke external functions directly on the program's data without the use of a wrapper function.We have used CCured on real-world security-critical network daemons to produce instrumented versions without memory-safety vulnerabilities, and we have found several bugs in these programs. The instrumented code is efficient enough to be used in day-to-day operations.

show abstract

Better I/O through byte-addressable, persistent memory

Condit

et al. 2009

View full text Add to dashboard Cite

Modern computer systems have been built around the assumption that persistent storage is accessed via a slow, block-based interface. However, new byte-addressable, persistent memory technologies such as phase change memory (PCM) offer fast, fine-grained access to persistent storage.In this paper, we present a file system and a hardware architecture that are designed around the properties of persistent, byteaddressable memory. Our file system, BPFS, uses a new technique called short-circuit shadow paging to provide atomic, fine-grained updates to persistent storage. As a result, BPFS provides strong reliability guarantees and offers better performance than traditional file systems, even when both are run on top of byte-addressable, persistent memory. Our hardware architecture enforces atomicity and ordering guarantees required by BPFS while still providing the performance benefits of the L1 and L2 caches.Since these memory technologies are not yet widely available, we evaluate BPFS on DRAM against NTFS on both a RAM disk and a traditional disk. Then, we use microarchitectural simulations to estimate the performance of BPFS on PCM. Despite providing strong safety and consistency guarantees, BPFS on DRAM is typically twice as fast as NTFS on a RAM disk and 4-10 times faster than NTFS on disk. We also show that BPFS on PCM should be significantly faster than a traditional disk-based file system.

show abstract

Dependent Types for Low-Level Programming

Condit

Harren

Anderson

et al. 2007

View full text Add to dashboard Cite

Abstract. In this paper, we describe the key principles of a dependent type system for low-level imperative languages. The major contributions of this work are (1) a sound type system that combines dependent types and mutation for variables and for heap-allocated structures in a more flexible way than before and (2) a technique for automatically inferring dependent types for local variables. We have applied these general principles to design Deputy, a dependent type system for C that allows the user to describe bounded pointers and tagged unions. Deputy has been used to annotate and check a number of real-world C programs.

show abstract

CCured in the real world

et al. 2003

View full text Add to dashboard Cite

CCured is a program transformation system that adds memory safety guarantees to C programs by verifying statically that memory errors cannot occur and by inserting run-time checks where static verification is insufficient.This paper addresses major usability issues in a previous version of CCured, in which many type casts required the use of pointers whose representation was expensive and incompatible with precompiled libraries. We have extended the CCured type inference algorithm to recognize and verify statically a large number of type casts; this goal is achieved by using physical subtyping and pointers with run-time type information to allow parametric and subtype polymorphism. In addition, we present a new instrumentation scheme that splits CCured's metadata into a separate data structure whose shape mirrors that of the original user data. This scheme allows instrumented programs to invoke external functions directly on the program's data without the use of a wrapper function.With these extensions we were able to use CCured on real-world security-critical network daemons and to produce instrumented versions without memory-safety vulnerabilities.

show abstract

The Vaccinia Virus Bifunctional Gene J3 (Nucleoside-2′-O-)-methyltransferase and Poly(A) Polymerase Stimulatory Factor Is Implicated as a Positive Transcription Elongation Factor by Two Genetic Approaches

et al. 2000

View full text Add to dashboard Cite

Vaccinia virus genes A18 and G2 affect the elongation and termination of postreplicative viral gene transcription in opposite ways. Viruses with mutations in gene A18 produce abnormally long transcripts, indicating that A18 is a negative transcription elongation factor. Viruses containing mutations in gene G2 produce transcripts that are abnormally short, truncated specifically from their 3' ends, indicating that G2 is a positive transcription elongation factor. Despite the fact that both A18 and G2 are essential genes, A18-G2 double-mutant viruses are viable, presumably because the effects of the mutations are mutually compensatory. In addition, the anti-poxviral drug isatin-beta-thiosemicarbazone (IBT) seems to enhance elongation during a vaccinia infection: IBT treatment of a wildtype vaccinia infection induces a phenotype identical to an A18 mutant infection, and G2 mutant viruses are dependent on IBT for growth, presumably because IBT restores the G2 mutant truncated transcripts to a normal length. These observations inspire two independent genetic selections that have now been used to identify an additional vaccinia gene, J3, that regulates postreplicative transcription elongation. In the first selection, a single virus that contains an extragenic suppressor of the A18 temperature-sensitive mutant, Cts23, was isolated. In the second selection, several spontaneous IBT-dependent (IBT(d)) mutant viruses were isolated and characterized genetically. Marker rescue mapping and DNA sequence analysis show that the extragenic suppressor of Cts23 contains a point mutation in the J3 gene, while each of seven new IBT(d) mutants contains null mutations in the J3 gene. The J3 protein has previously been identified as a (nucleoside-2'-O-)-methyltransferase and as a processivity subunit for the heterodimeric viral poly(A) polymerase. The nature of the two independent selections used to isolate the J3 mutants strongly suggests that the J3 protein serves as a positive postreplicative transcription elongation factor during a normal virus infection.

show abstract

Unifying type checking and property checking for low-level code

et al. 2009

View full text Add to dashboard Cite

We present a unified approach to type checking and property checking for low-level code. Type checking for low-level code is challenging because type safety often depends on complex, programspecific invariants that are difficult for traditional type checkers to express. Conversely, property checking for low-level code is challenging because it is difficult to write concise specifications that distinguish between locations in an untyped program's heap. We address both problems simultaneously by implementing a type checker for low-level code as part of our property checker. We present a low-level formalization of a C program's heap and its types that can be checked with an SMT solver, and we provide a decision procedure for checking type safety. Our type system is flexible enough to support a combination of nominal and structural subtyping for C, on a per-structure basis. We discuss several case studies that demonstrate the ability of this tool to express and check complex type invariants in low-level C code, including several small Windows device drivers.

show abstract

CCured in the real world

Condit¹,

Harren²,

McPeak³

et al. 2003

View full text Add to dashboard Cite

CCured in the real world

Condit

Harren

McPeak

et al. 2003

View full text Add to dashboard Cite

12 3

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

hi@scite.ai

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Jeremy Condit

CCured: type-safe retrofitting of legacy software

Better I/O through byte-addressable, persistent memory

Dependent Types for Low-Level Programming

CCured in the real world

The Vaccinia Virus Bifunctional Gene J3 (Nucleoside-2′-O-)-methyltransferase and Poly(A) Polymerase Stimulatory Factor Is Implicated as a Positive Transcription Elongation Factor by Two Genetic Approaches

Unifying type checking and property checking for low-level code

CCured in the real world

CCured in the real world

Contact Info

Product

Resources

About