Abstract
Ever increasing software security requirements, the growing size of software projects, and the desire to reduce the time of software development and release require tools for the dynamic analysis that would detect vulnerabilities in С and С++ programs and prevent their exploitation. Two types of dynamic analysis tools implemented in the gcc and clang compilers are considered; these tools are called sanitizers. The sanitizers of the first type can detect memory access bugs, data type mismatch bugs, and other vulnerabilities that often remain unnoticed under conventional testing. A combination of sanitizers with testing on automatically generated random data help detect vulnerabilities more effectively. The sanitizers of the other type serve for preventing security threats for programs executed in production mode. These tools have low overheads; and they are designed for maintaining the integrity of the program control flow. The use of sanitizers to a large extent compensates for some drawbacks of С and С++, such as unsecure memory operation, unsecure work with data types, and others. However, a number of issues that are briefly discussed in the last section remain unresolved.
Similar content being viewed by others
REFERENCES
Lattner, C., What every C programmer should know about undefined behavior, http://blog.llvm.org/2011/05/ what-every-c-programmer-should-know_14.html
Dudina, I.A. and Belevantsev, A.A., Using static symbolic execution to detect buffer overflows, Program. Comput. Software, 2017, vol. 43, no. 5, pp. 277–288.
Glenn, R.Luecke, Coyle, J., Hoekstra, J., Kraeva, M., Li, Y., Taborskaia, O., and Yanmei Wang., A survey of systems for detecting serial run-time errors, in Concurrency and Computation:Practice and Experience, 2006, pp. 1885–1907.
Rigger, M., Pekarek, D., and Mossenbock, H., Context-aware failure-oblivious computing as a means of preventing buffer overflows, Proc. of the 12th International Conference, NSS, 2018, pp. 376–390.
Serebryany, K., Bruening, D., Potapenko, A., and Vyukov, D., AddressSanitizer: A fast address sanity checker, Proc. of the 2012 USENIX Annual Technical Conference, Berkeley, CA, 2012, pp. 309–318.
AddressSanitizerComparisonOfMemoryTools. https://github.com/google/sanitizers/wiki /AddressSanitizerComparisonOfMemoryTools
Stepanov, E., and Serebryany, K., MemorySanitizer: Fast detector of uninitialized memory use in C++, Proc. of the 2015 IEEE/ACM International Symposium on Code Generation and Optimization (CGO), 2015, pp. 46–55.
ThreadSanitizerCppManual. https://github.com/google/sanitizers/wiki/ThreadSanitizerCppManual
ThreadSanitizerPopularDataRaces. https://github.com/google/sanitizers/wiki/ThreadSanitizerPopularDataRaces
Dietz, W., Li, P., and Regehr, J., Understanding integer overflow in C/C++. http://www.cs.utah.edu/ regehr/papers/tosem15.pdf
Christey, S., Martin, R. A., Brown, M., Paller, A., and Kirby, D., 2011 CWE/SANS Top 25 Most Dangerous Software Errors. http://cwe.mitre.org/top25/
Alizar, A., A universal fuzzer combining 15 different fuzzing applications developed, 2011. https://xakep.ru/2011/04/25/55501/
Man‘es, V.J.M., Han, H., Han, C., Cha, S.K., Egele, M., Schwartz, E.J., and Woo, M., The Art, science, and engineering of fuzzing: A Survey. https://arxiv.org/pdf/1812.00140.pdf
Sutton, M., Green, A., and Amini, P., Fuzzing, Brute Force Vulnerability Discovery, Pearson Education, 2007.
V'yukov, D.S., C++ Russia 2017: Fuzzing: The new unit testing. https://www.youtube.com/watch?vэ30Qzd6ylk
Csmith. https://embed.cs.utah.edu/csmith/
American fuzzy lop. http://lcamtuf.coredump.cx/afl
OSS-Fuzz – Continuous fuzzing of open source software. https://github.com/google/oss-fuzz
libFuzzer – A library for coverage-guided fuzz testing. http://llvm.org/docs/LibFuzzer.html
PEACH Fuzzer. https://www.peach.tech/products/ peach-fuzzer/
Gofuzz. https://github.com/google/gofuzz
Abadi, M., Budiu, M., Erlingsson, U., and Ligatt,i J., Control-flow integrity principles, implementations, and applications, ACM Conf. on Computer and Communication Security (CCS), 2005, pp. 340–353.
Kuznetsov, V., Szekeres, L., Payer, M., Candea, G., Sekar, R., and Song, D., Code-pointer integrity, Proc. of the 11th USENIX Symposium on Operating Systems Design and Implementation (OSDI), 2014, pp. 147–163.
Tice, C., Roeder, T., Collingbourne, P., Checkoway, S., Erlingsson, U., Lozano, L., and Pike, G., Enforcing forward-edge control-flow integrity in GCC & LLVM, Proc. of the 23rd USENIX Conference on Security Symposium, SEC’14, 2014, pp. 941–955.
Let’s talk about CFI: Clang edition. https://blog.trailofbits.com/2016/10/17/lets-talk-about-cfi-clang-edition/
Getafix: How Facebook tools learn to fix bugs automatically. https://engineering.fb.com/developer-tools/getafix-how-facebook-tools-learn-to-fix-bugs-automatically/
Nurmukhametov, A., Kurmangaleev, Sh., Kaushan, V., and Gaissaryan, S., Application of compiler transformations against software vulnerabilities exploitation, Trudy ISP RAN, 2014, vol. 26, no. 3, pp. 113–126.
Cheptsov, V. and Khoroshilov, A., Dynamic analysis of ARINC 653 RTOS with LLVM, Ivannikov Inst. for System Programming Open Conference, Moscow, 2018, pp. 9–15.
Lee, W., Address Sanitizer on Myriad. https://docs.google.com/document/d/1oxmk0xUo jybDaQDAuTEVpHVMi5xQX74cJPyMJbaSaRM
UB-2017. Part 1. https://habr.com/ru/post/341694/
Song, D., Lettner, J., Rajasekaran, P., Na, Y., Volckaert, S., Larsen, P., and Franz, M., SoK: Sanitizing for security, 2019. https://oaklandsok.github.io/papers/song2019.pdf
Updated field experience with Annex K – Bounds checking interfaces. http://www.open-std.org/jtc1/sc22/wg14/www/docs/n1969.htm
Serebryany, K., Stepanov, E., Shlyapnikov, A., Tsyrklevich, V., and Vyukov, D., Memory tagging and how it improves C/C++ memory safety, Google, February 2018. https://arxiv.org/pdf/1802.09517.pdf
Hardware-assisted AddressSanitizer design documentation. http://clang.llvm.org/docs/HardwareAssistedAddressSanitizerDesign.html
Horgan, P., Understanding C/C++ strict aliasing. http://dbp-consulting.com/tutorials/StrictAliasing.html
Funding
The research was carried out in the scope of SRISA RAS State assignment (fundamental scientific research 47 GP), topic № 0065-2019-0002 “Research and implementation of programming platform for perspective multicore processors” (reg. № АААА-А19-119012290074-2).
Author information
Authors and Affiliations
Corresponding authors
Additional information
Translated by A. Klimontovich
Rights and permissions
About this article
Cite this article
V’yukova, N.I., Galatenko, V.A. & Samborskii, S.V. Dynamic Program Analysis Tools in GCC and CLANG Compilers. Program Comput Soft 46, 281–296 (2020). https://doi.org/10.1134/S0361768820010089
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1134/S0361768820010089