A Hybrid Approach for Safe Memory Management in C

Tlili, Syrine; Yang, Zhenrong; Ling, Hai Zhou; Debbabi, Mourad

doi:10.1007/978-3-540-79980-1_28

Syrine Tlili¹,
Zhenrong Yang¹,
Hai Zhou Ling¹ &
…
Mourad Debbabi¹

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 5140))

Included in the following conference series:

International Conference on Algebraic Methodology and Software Technology

395 Accesses
1 Citations

Abstract

In this paper, we present a novel approach that establishes a synergy between static and dynamic analyses for detecting memory errors in C code. We extend the standard C type system with effect, region, and host annotations that are relevant to memory management. We define static memory checks to detect memory errors using these annotations. The statically undecidable checks are delegated to dynamic code instrumentation to secure program executions. The static analysis guides its dynamic counterpart by locating instrumentation points and their execution paths. Our dynamic analysis instruments programs with in-lined monitors that observe program executions and ensure safe-fail when encountering memory errors. We prototype our approach by extending the GCC compiler with our type system, a dynamic monitoring library, and code instrumentation capabilities.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Necula, G.C., McPeak, S., Weimer, W.: CCured: Type-Safe Retrofitting of Legacy Code. In: Symposium on Principles of Programming Languages, pp. 128–139 (2002)
Google Scholar
Austin, T.M., Breach, S.E., Sohi, G.S.: Efficient Detection of all Pointer and Array Access Errors. In: PLDI 1994: Proceedings of the ACM SIGPLAN 1994 conference on Programming language design and implementation, pp. 290–301. ACM Press, New York (1994)
Chapter Google Scholar
Grossman, D., Morrisett, G., Jim, T., Hicks, M., Wang, Y., Cheney, J.: Region-based Memory Management in Cyclone. In: PLDI 2002: Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation, pp. 282–293. ACM Press, New York (2002)
Chapter Google Scholar
Yang, Z., Hanna, A., Debbabi, M.: Team Edit Automata for Testing Security Property. In: The Third International Symposium onInformation Assurance and Security, 2007. IAS 2007, pp. 235–240 (2007)
Google Scholar
Ligatti, J., Bauer, L., Walker, D.: Edit Automata: Enforcement Mechanisms for Run-time Security Policies. Int. J. Inf. Sec. 4(1-2), 2–16 (2005)
Article Google Scholar
Debbabi, M., Aidoud, Z., Faour, A.: On the Inference of Structured Recursive Effects with Subtyping. Journal of Functional and Logic Programming 1997(5) (1997)
Google Scholar
Tlili, S., Debbabi, M.: Type and Effect Annotations for Safe Memory Access in C. In: Proceedings of the The Third International Conference on Availability, Reliability and Security, ARES 2008, Technical University of Catalonia, Barcelona, Spain, March 4-7, 2008, pp. 302–309. IEEE Computer Society Press, Los Alamitos (2008)
Chapter Google Scholar
Watson, G.: Dmalloc - Debug Malloc Library, http://dmalloc.com/
Hasting, R., Joyce, B.: Purify: Fast Detection of Memory Leaks and Access Errors. In: Proceedings of the Winter USENIX Conference, pp. 125–136 (January 2002)
Google Scholar
Seward, J., Nethercote, N.: Using Valgrind to Detect Undefined Value Errors with Bit-Precision. In: Proceedings of the USENIX 2005 Annual Technical Conference, Anaheim, California, USA, pp. 17–30 (April 2005)
Google Scholar
Zorn, B.G., Hilfinger, P.N.: A Memory Allocation Profiler for C and Lisp Programs. Technical report, Berkeley, CA, USA (1988)
Google Scholar
Aggarwal, A., Jalote, P.: Integrating Static and Dynamic Analysis for Detecting Vulnerabilities. In: Proceedings of the 30th Annual International Computer Software and Applications Conference (COMPSAC 2006), Washington, DC, USA, pp. 343–350. IEEE Computer Society Press, Los Alamitos (2006)
Chapter Google Scholar
Fahndrich, M., DeLine, R.: Adoption and Focus: Practical Linear Types for Imperative Programming. In: PLDI 2002: Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation, pp. 13–24. ACM Press, New York (2002)
Chapter Google Scholar

Download references

Author information

Authors and Affiliations

Computer Security Laboratory (CSL) Concordia Institute for Information Systems Engineering, Concordia University, Montreal, Quebec, Canada
Syrine Tlili, Zhenrong Yang, Hai Zhou Ling & Mourad Debbabi

Authors

Syrine Tlili
View author publications
You can also search for this author in PubMed Google Scholar
Zhenrong Yang
View author publications
You can also search for this author in PubMed Google Scholar
Hai Zhou Ling
View author publications
You can also search for this author in PubMed Google Scholar
Mourad Debbabi
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

José Meseguer Grigore Roşu

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Tlili, S., Yang, Z., Ling, H.Z., Debbabi, M. (2008). A Hybrid Approach for Safe Memory Management in C. In: Meseguer, J., Roşu, G. (eds) Algebraic Methodology and Software Technology. AMAST 2008. Lecture Notes in Computer Science, vol 5140. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-79980-1_28

Download citation

DOI: https://doi.org/10.1007/978-3-540-79980-1_28
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-79979-5
Online ISBN: 978-3-540-79980-1
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics