Abstract
In this paper, we present a novel approach that establishes a synergy between static and dynamic analyses for detecting memory errors in C code. We extend the standard C type system with effect, region, and host annotations that are relevant to memory management. We define static memory checks to detect memory errors using these annotations. The statically undecidable checks are delegated to dynamic code instrumentation to secure program executions. The static analysis guides its dynamic counterpart by locating instrumentation points and their execution paths. Our dynamic analysis instruments programs with in-lined monitors that observe program executions and ensure safe-fail when encountering memory errors. We prototype our approach by extending the GCC compiler with our type system, a dynamic monitoring library, and code instrumentation capabilities.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Necula, G.C., McPeak, S., Weimer, W.: CCured: Type-Safe Retrofitting of Legacy Code. In: Symposium on Principles of Programming Languages, pp. 128–139 (2002)
Austin, T.M., Breach, S.E., Sohi, G.S.: Efficient Detection of all Pointer and Array Access Errors. In: PLDI 1994: Proceedings of the ACM SIGPLAN 1994 conference on Programming language design and implementation, pp. 290–301. ACM Press, New York (1994)
Grossman, D., Morrisett, G., Jim, T., Hicks, M., Wang, Y., Cheney, J.: Region-based Memory Management in Cyclone. In: PLDI 2002: Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation, pp. 282–293. ACM Press, New York (2002)
Yang, Z., Hanna, A., Debbabi, M.: Team Edit Automata for Testing Security Property. In: The Third International Symposium onInformation Assurance and Security, 2007. IAS 2007, pp. 235–240 (2007)
Ligatti, J., Bauer, L., Walker, D.: Edit Automata: Enforcement Mechanisms for Run-time Security Policies. Int. J. Inf. Sec. 4(1-2), 2–16 (2005)
Debbabi, M., Aidoud, Z., Faour, A.: On the Inference of Structured Recursive Effects with Subtyping. Journal of Functional and Logic Programming 1997(5) (1997)
Tlili, S., Debbabi, M.: Type and Effect Annotations for Safe Memory Access in C. In: Proceedings of the The Third International Conference on Availability, Reliability and Security, ARES 2008, Technical University of Catalonia, Barcelona, Spain, March 4-7, 2008, pp. 302–309. IEEE Computer Society Press, Los Alamitos (2008)
Watson, G.: Dmalloc - Debug Malloc Library, http://dmalloc.com/
Hasting, R., Joyce, B.: Purify: Fast Detection of Memory Leaks and Access Errors. In: Proceedings of the Winter USENIX Conference, pp. 125–136 (January 2002)
Seward, J., Nethercote, N.: Using Valgrind to Detect Undefined Value Errors with Bit-Precision. In: Proceedings of the USENIX 2005 Annual Technical Conference, Anaheim, California, USA, pp. 17–30 (April 2005)
Zorn, B.G., Hilfinger, P.N.: A Memory Allocation Profiler for C and Lisp Programs. Technical report, Berkeley, CA, USA (1988)
Aggarwal, A., Jalote, P.: Integrating Static and Dynamic Analysis for Detecting Vulnerabilities. In: Proceedings of the 30th Annual International Computer Software and Applications Conference (COMPSAC 2006), Washington, DC, USA, pp. 343–350. IEEE Computer Society Press, Los Alamitos (2006)
Fahndrich, M., DeLine, R.: Adoption and Focus: Practical Linear Types for Imperative Programming. In: PLDI 2002: Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation, pp. 13–24. ACM Press, New York (2002)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Tlili, S., Yang, Z., Ling, H.Z., Debbabi, M. (2008). A Hybrid Approach for Safe Memory Management in C. In: Meseguer, J., RoÅŸu, G. (eds) Algebraic Methodology and Software Technology. AMAST 2008. Lecture Notes in Computer Science, vol 5140. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-79980-1_28
Download citation
DOI: https://doi.org/10.1007/978-3-540-79980-1_28
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-79979-5
Online ISBN: 978-3-540-79980-1
eBook Packages: Computer ScienceComputer Science (R0)