Skip to main content
SpringerLink
Log in
Book cover

International Conference on Verification, Model Checking, and Abstract Interpretation

VMCAI 2017: Verification, Model Checking, and Abstract Interpretation pp 14–33Cite as

Detecting Strict Aliasing Violations in the Wild

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 10145))

Abstract

Type-based alias analyses allow C compilers to infer that memory locations of distinct types do not alias. Idiomatic reliance on pointers on the one hand, and separate compilation on the other hand, together make it impossible to get this aliasing information any other way. As a consequence, most modern optimizing C compilers implement some sort of type-based alias analysis. Unfortunately, pointer conversions, another pervasive idiom to achieve code reuse in C, can interact badly with type-based alias analyses. This article investigate the fine line between the allowable uses of low-level constructs (pointer conversions, unions) that should never cause the predictions of a standard-compliant type-based alias analysis to be wrong, and the dangerous uses that can result in bugs in the generated binary. A sound and precise analyzer for “strict aliasing” violations is briefly described.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    See http://blog.regehr.org/archives/213.

  2. 2.

    See https://gist.github.com/rygorous/e0f055bfb74e3d5f0af20690759de5a7.

  3. 3.

    C89 Rationale, http://std.dkuug.dk/jtc1/sc22/wg14/docs/rationale/c89/rationale.ps.gz.

  4. 4.

    http://open-std.org/jtc1/sc22/wg14/www/docs/n640.ps.

  5. 5.

    http://open-std.org/jtc1/sc22/wg14/3406.

  6. 6.

    http://open-std.org/jtc1/sc22/wg14/www/docs/n1409.htm.

  7. 7.

    http://open-std.org/jtc1/sc22/wg14/www/docs/n1520.htm.

  8. 8.

    https://godbolt.org/g/ggZzQo.

  9. 9.

    Example y.c in http://std.dkuug.dk/jtc1/sc22/wg14/docs/c9x/misc/tag-compat.txt.gz.

  10. 10.

    https://gcc.gnu.org/ml/gcc/2010-01/msg00013.html.

  11. 11.

    https://www.cl.cam.ac.uk/~pes20/cerberus/notes30.pdf, Draft, Revision 1571, 2016-03-17.

  12. 12.

    https://gcc.gnu.org/ml/gcc/2016-11/msg00111.html.

  13. 13.

    See https://gcc.gnu.org/bugzilla/show_bug.cgi?id=71598.

  14. 14.

    DR283, http://www.open-std.org/jtc1/sc22/wg14/www/docs/dr_283.htm.

  15. 15.

    See for instance https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65892#c9 or the words “GCC doesn’t implement C99 aliasing as written in the standard regarding unions. We don’t do so because we determined that this can’t possibly have been the intent of the standard as it makes type-based aliasing relatively useless” in https://gcc.gnu.org/ml/gcc/2010-01/msg00263.html.

  16. 16.

    Documentation at https://gcc.gnu.org/onlinedocs/gcc-6.2.0/gcc/Optimize-Options.html.

  17. 17.

    https://gcc.gnu.org/onlinedocs/gcc-4.0.2/gcc/Type-Attributes.html.

  18. 18.

    See discussion at https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66110.

  19. 19.

    https://sourceforge.net/p/expat/bugs/538/.

  20. 20.

    https://github.com/madler/zlib/commit/e08118c401d5434b7b3a57039263f4fa9b1f 7d1a.

  21. 21.

    https://github.com/pascal-cuoq/zlib-fork/commit/d7cde11e0b44f4e97cc1fd5250d8 26967841e614.

  22. 22.

    https://codesearch.debian.net.

  23. 23.

    https://sources.debian.net.

References

  1. Canet, G., Cuoq, P., Monate, B.: A value analysis for C programs. In: Proceedings of the 2009 Ninth IEEE International Working Conference on Source Code Analysis and Manipulation, SCAM 2009, pp. 123–124. IEEE Computer Society, Washington, DC (2009). http://dx.doi.org/10.1109/SCAM.2009.22

  2. Cousot, P., Cousot, R.: Abstract interpretation: A unified lattice model for static analysis of programs by construction or approximation of fixpoints. In: Proceedings of the 4th ACM SIGACT-SIGPLAN Symposium on Principles of Programming Languages, POPL 1977, pp. 238–252. ACM, New York (1977). http://doi.acm.org/10.1145/512950.512973

  3. Cuoq, P., Kirchner, F., Kosmatov, N., Prevosto, V., Signoles, J., Yakobowski, B.: Frama-C. In: Eleftherakis, G., Hinchey, M., Holcombe, M. (eds.) SEFM 2012. LNCS, vol. 7504, pp. 233–247. Springer, Heidelberg (2012). doi:10.1007/978-3-642-33826-7_16

    Chapter  Google Scholar 

  4. Cuoq, P., Rieu-Helft, R.: Result graphs for an abstract interpretation-based static analyzer. To appear

    Google Scholar 

  5. Ireland, I.: SafeType: Detecting type violations for type-based alias analysis of C. Ph.D. thesis, University of Alberta (2013)

    Google Scholar 

  6. ISO: ISO/IEC 9899:2011 Information technology – Programming languages – C, December 2011. http://www.iso.org/iso/iso_catalogue/catalogue_tc/catalogue_detail.htm?csnumber=57853

  7. Kell, S.: Dynamically diagnosing type errors in unsafe code. In: Proceedings of the 2016 ACM SIGPLAN International Conference on Object-Oriented Programming, Systems, Languages, and Applications, OOPSLA 2016, pp. 800–819. ACM, New York (2016). http://doi.acm.org/10.1145/2983990.2983998

  8. Krebbers, R.: The C standard formalized in Coq. Ph.D. thesis, Radboud University, December 2015

    Google Scholar 

  9. Miné, A.: Field-sensitive value analysis of embedded c programs with union types and pointer arithmetics. SIGPLAN Not. 41(7), 54–63 (2006). http://doi.acm.org/10.1145/1159974.1134659

    Article  Google Scholar 

  10. Siff, M., Chandra, S., Ball, T., Kunchithapadam, K., Reps, T.: Coping with type casts in C. In: Nierstrasz, O., Lemoine, M. (eds.) ESEC/SIGSOFT FSE -1999. LNCS, vol. 1687, pp. 180–198. Springer, Berlin (1999). doi:10.1007/3-540-48166-4_12

    Google Scholar 

  11. Yong, S.H., Horwitz, S., Reps, T.: Pointer analysis for programs with structures and casting. SIGPLAN Not. 34(5), 91–103 (1999). http://doi.acm.org/10.1145/301631.301647

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. TrustInSoft, Paris, France

    Pascal Cuoq & Loïc Runarvot

  2. Openwall, Moscow, Russia

    Alexander Cherepanov

  3. National Research University Higher School of Economics, Moscow, Russia

    Alexander Cherepanov

Authors
  1. Pascal Cuoq
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Loïc Runarvot
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Alexander Cherepanov
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Pascal Cuoq .

Editor information

Editors and Affiliations

  1. IRIF, Université Paris Diderot, Paris, France

    Ahmed Bouajjani

  2. VERIMAG, CNRS & Université Grenoble Alpes, Grenoble, France

    David Monniaux

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Cuoq, P., Runarvot, L., Cherepanov, A. (2017). Detecting Strict Aliasing Violations in the Wild. In: Bouajjani, A., Monniaux, D. (eds) Verification, Model Checking, and Abstract Interpretation. VMCAI 2017. Lecture Notes in Computer Science(), vol 10145. Springer, Cham. https://doi.org/10.1007/978-3-319-52234-0_2

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-52234-0_2

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-52233-3

  • Online ISBN: 978-3-319-52234-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation