MemSafe: ensuring the spatial and temporal memory safety of C at runtime

Simpson, Matthew S.; Barua, Rajeev

doi:10.1002/spe.2105

Cited by 47 publications

(25 citation statements)

References 48 publications

(88 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…They include safe dialects of C, specific fail-safe C compilers and memory safety verification tools for C code. In particular, the idea to store object metadata on valid memory blocks in a separate database was previously exploited in [13,21,27,10,1] and appeared welladapted for most spatial errors (that is, accesses outside the bounds [24]). Advantages of these solutions include relative efficiency (propagation of pointer metadata at each pointer assignment is not required) and compatibility (the memory layout of objects is preserved).…”

Section: Related Workmentioning

confidence: 99%

Fast as a shadow, expressive as a tree

Jakobsson

Kosmatov

Signoles

2015

Proceedings of the 30th Annual ACM Symposium on Applied Computing

View full text Add to dashboard Cite

One classical approach to ensuring memory safety of C programs is based on storing block metadata in a tree-like datastructure. However it becomes relatively slow when the number of memory locations in the tree becomes high. Another solution, based on shadow memory, allows very fast constant-time access to metadata and led to development of several highly optimized tools for detection of memory safety errors. However, this solution appears to be insufficient for evaluation of complex memory-related properties of an expressive specification language.In this work, we address memory monitoring in the context of runtime assertion checking of C programs annotated in E-ACSL, an expressive specification language offered by the FRAMA-C framework for analysis of C code. We present an original combination of a tree-based and a shadow-memory-based techniques that reconciles both the efficiency of shadow memory with the higher expressiveness of annotations whose runtime evaluation can be ensured by a tree of metadata. Shadow memory with its instant access to stored metadata is used whenever small shadow metadata suffices to evaluate required annotations, while richer metadata stored in a compact prefix tree (Patricia trie) is used for evaluation of more complex memory annotations supported by E-ACSL. This combined monitoring technique has been implemented in the runtime assertion checking tool for E-ACSL. Our initial experiments confirm that the proposed hybrid approach leads to a significant speedup with respect to an earlier implementation based on a Patricia trie alone without any loss of precision.

show abstract

Section: Related Workmentioning

confidence: 99%

Fast as a shadow, expressive as a tree

Jakobsson

Kosmatov

Signoles

2015

Proceedings of the 30th Annual ACM Symposium on Applied Computing

View full text Add to dashboard Cite

show abstract

“…A softwarebased approach analogous to HardBound was explored in SoftBound [17]. MemSafe [25] extends this idea by using static analysis to prove memory accesses safe. ConSeq [29] identifies code locations, such as assertions or reads of key global variables.…”

Section: Related Workmentioning

confidence: 99%

Runtime checking C programs

Milewicz

Vanka

Tuck

et al. 2015

Proceedings of the 30th Annual ACM Symposium on Applied Computing

View full text Add to dashboard Cite

The C Programming Language is known for being an efficient language that can be compiled on almost any architecture and operating system. However the absence of dynamic safety checks and a relatively weak type system allows programmer oversights that are hard to spot. In this paper, we present RTC, a runtime monitoring tool that instruments unsafe code and monitors the program execution. RTC is built on top of the ROSE compiler infrastructure. RTC finds memory bugs and arithmetic overflows and underflows, and run-time type violations. Most of the instrumentations are directly added to the source file and only require a minimal runtime system. As a result, the instrumented code remains portable. In tests against known error detection benchmarks, RTC found 98% of all memory related bugs and had zero false positives. In performance tests conducted with well known algorithms, such as binary search and MD5, we determined that the unoptimized overhead rate is between a factor of 1.8 and a factor of 77 respectively.

show abstract

“…Nevertheless, there exist several efforts to protect C programs against out-of-bounds accesses [1,13,22,29,30]. These projects change the memory allocation library used by C programs using different approaches: splay trees [13], shadowing [29], size information indexed through tables [22,30], validation through alignment constraints [1], etc. Our work is complementary to this previous research.…”

Section: Related Workmentioning

confidence: 99%

Validation of memory accesses through symbolic analyses

Nazaré

Maffra

Santos

et al. 2014

Proceedings of the 2014 ACM International Conference on Object Oriented Programming Systems Languages &Amp; Applications

View full text Add to dashboard Cite

The C programming language does not prevent out-ofbounds memory accesses. There exist several techniques to secure C programs; however, these methods tend to slow down these programs substantially, because they populate the binary code with runtime checks. To deal with this problem, we have designed and tested two static analyses -symbolic region and range analysis -which we combine to remove the majority of these guards. In addition to the analyses themselves, we bring two other contributions. First, we describe live range splitting strategies that improve the efficiency and the precision of our analyses. Secondly, we show how to deal with integer overflows, a phenomenon that can compromise the correctness of static algorithms that validate memory accesses. We validate our claims by incorporating our findings into AddressSanitizer. We generate SPEC CINT 2006 code that is 17% faster and 9% more energy efficient than the code produced originally by this tool. Furthermore, our approach is 50% more effective than Pentagons, a stateof-the-art analysis to sanitize memory accesses.

show abstract

MemSafe: ensuring the spatial and temporal memory safety of C at runtime

Cited by 47 publications

References 48 publications

Fast as a shadow, expressive as a tree

Fast as a shadow, expressive as a tree

Runtime checking C programs

Validation of memory accesses through symbolic analyses

Contact Info

Product

Resources

About