skip to main content
10.1145/2695664.2695815acmconferencesArticle/Chapter ViewAbstractPublication PagessacConference Proceedingsconference-collections
research-article

Fast as a shadow, expressive as a tree: hybrid memory monitoring for C

Published: 13 April 2015 Publication History

Abstract

One classical approach to ensuring memory safety of C programs is based on storing block metadata in a tree-like datastructure. However it becomes relatively slow when the number of memory locations in the tree becomes high. Another solution, based on shadow memory, allows very fast constant-time access to metadata and led to development of several highly optimized tools for detection of memory safety errors. However, this solution appears to be insufficient for evaluation of complex memory-related properties of an expressive specification language.
In this work, we address memory monitoring in the context of runtime assertion checking of C programs annotated in E-ACSL, an expressive specification language offered by the FRAMA-C framework for analysis of C code. We present an original combination of a tree-based and a shadow-memory-based techniques that reconciles both the efficiency of shadow memory with the higher expressiveness of annotations whose runtime evaluation can be ensured by a tree of metadata. Shadow memory with its instant access to stored metadata is used whenever small shadow metadata suffices to evaluate required annotations, while richer metadata stored in a compact prefix tree (Patricia trie) is used for evaluation of more complex memory annotations supported by E-ACSL. This combined monitoring technique has been implemented in the runtime assertion checking tool for E-ACSL. Our initial experiments confirm that the proposed hybrid approach leads to a significant speedup with respect to an earlier implementation based on a Patricia trie alone without any loss of precision.

References

[1]
P. Akritidis, M. Costa, M. Castro, and S. Hand. Baggy bounds checking: An efficient and backwards-compatible defense against out-of-bounds errors. In USENIX 2009, pages 51--66. USENIX Association, 2009.
[2]
T. M. Austin, S. E. Breach, and G. S. Sohi. Efficient detection of all pointer and array access errors. In PLDI 1994, pages 290--301. ACM, 1994.
[3]
M. Barnett, K. R. M. Leino, and W. Schulte. The Spec# programming system: An overview. In the Construction and Analysis of Safe, Secure, and Interoperable Smart Devices, Int. Workshop (CASSIS 2004), volume 3362 of LNCS, pages 49--69. Springer, 2004.
[4]
P. Baudin, J. C. Filliâtre, T. Hubert, C. Marché, B. Monate, Y. Moy, and V. Prevosto. ACSL: ANSI/ISO C Specification Language. URL: http://frama-c.com/acsl.html.
[5]
P. Baudin, A. Pacalet, J. Raguideau, D. Schoen, and N. Williams. CAVEAT: a tool for software validation. In DSN 2002, page 537. IEEE Computer Society, 2002.
[6]
Y. Cheon. A Runtime Assertion Checker for the Java Modeling Language. Iowa State Univ., 2003.
[7]
L. A. Clarke and D. S. Rosenblum. A historical perspective on runtime assertion checking in software development. ACM SIGSOFT Software Engineering Notes, 31(3):25--37, 2006.
[8]
P. Cuoq, F. Kirchner, N. Kosmatov, V. Prevosto, J. Signoles, and B. Yakobowski. Frama-C, a program analysis perspective. In SEFM 2012, volume 7504 of LNCS, pages 233--247. Springer, 2012.
[9]
M. Delahaye, N. Kosmatov, and J. Signoles. Common specification language for static and dynamic analysis of C programs. In SAC 2013, pages 1230--1235. ACM, 2013.
[10]
D. Dhurjati and V. S. Adve. Backwards-compatible array bounds checking for C with very low overhead. In ICSE 2006, pages 162--171, 2006.
[11]
M. Fähndrich, M. Barnett, and F. Logozzo. Embedded contract languages. In SAC 2010, pages 2103--2110. ACM, 2010.
[12]
J.-C. Filliâtre and C. Marché. The Why/Krakatoa/Caduceus platform for deductive program verification. In CAV 2007, volume 4590 of LNCS, pages 173--177. Springer, 2007.
[13]
R. W. M. Jones and P. H. J. Kelly. Backwards-compatible bounds checking for arrays and pointers in c programs. In the Third International Workshop on Automatic Debugging (AADEBUG 1997), pages 13--26, 1997.
[14]
N. Kosmatov, G. Petiot, and J. Signoles. An optimized memory monitoring for runtime assertion checking of c programs. In RV 2013, volume 8174 of LNCS, pages 167--182. Springer, 2013.
[15]
G. T. Leavens, Y. Cheon, C. Clifton, C. Ruby, and D. R. Cok. How the design of JML accomodates both runtime assertion checking and formal verification. In FMCO 2002, volume 2852 of LNCS, pages 262--284. Springer, 2002.
[16]
M. Leucker and C. Schallhart. A brief account of runtime verification. J. Log. Algebr. Program., 78(5):293--303, 2009.
[17]
B. Meyer. Object-Oriented Software Construction. Prentice-Hall, Inc., 1988.
[18]
G. C. Necula, J. Condit, M. Harren, S. McPeak, and W. Weimer. CCured: type-safe retrofitting of legacy software. ACM Trans. Program. Lang. Syst., 27(3):477--526, 2005.
[19]
N. Nethercote and J. Seward. How to shadow every byte of memory used by a program. In VEE 2007, pages 65--74. ACM, 2007.
[20]
Y. Oiwa. Implementation of the memory-safe full ANSI-C compiler. In PLDI 2009, pages 259--269. ACM, 2009.
[21]
O. Ruwase and M. S. Lam. A practical dynamic buffer overflow detector. In NDSS 2004, pages 159--169, 2004.
[22]
K. Serebryany, D. Bruening, A. Potapenko, and D. Vyukov. AddressSanitizer: a fast address sanity checker. In the 2012 USENIX Annual Technical Conference (USENIX ATC 2012), pages 309--318. USENIX Association, 2012.
[23]
J. Signoles. E-ACSL: Executable ANSI/ISO C Specification Language. URL: http://frama-c.com/download/e-acsl/e-acsl.pdf.
[24]
M. S. Simpson and R. Barua. MemSafe: ensuring the spatial and temporal memory safety of C at runtime. Softw., Pract. Exper., 43(1):93--128, 2013.
[25]
M. Sullivan and R. Chillarege. Software defects and their impact on system availability: A study of field failures in operating systems. In FTCS 1991, pages 2--9. IEEE Computer Society, 1991.
[26]
W. Szpankowski. Patricia tries again revisited. J. ACM, 37(4):691--711, Oct. 1990.
[27]
W. Xu, D. C. DuVarney, and R. Sekar. An efficient and backwards-compatible transformation to ensure memory safety of C programs. In FSE 2004, pages 117--126. ACM, 2004.
[28]
J. Yuan and R. Johnson. CAWDOR: compiler assisted worm defense. In SCAM 2012, pages 54--63. IEEE Computer Society, 2012.

Cited By

View all
  • (2019)First international Competition on Runtime VerificationInternational Journal on Software Tools for Technology Transfer (STTT)10.1007/s10009-017-0454-521:1(31-70)Online publication date: 1-Feb-2019
  • (2018)How testing helps to diagnose proof failuresFormal Aspects of Computing10.1007/s00165-018-0456-430:6(629-657)Online publication date: 12-Jun-2018
  • (2017)Shadow state encoding for efficient monitoring of block-level propertiesACM SIGPLAN Notices10.1145/3156685.309226952:9(47-58)Online publication date: 18-Jun-2017
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
SAC '15: Proceedings of the 30th Annual ACM Symposium on Applied Computing
April 2015
2418 pages
ISBN:9781450331968
DOI:10.1145/2695664
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 13 April 2015

Permissions

Request permissions for this article.

Check for updates

Qualifiers

  • Research-article

Conference

SAC 2015
Sponsor:
SAC 2015: Symposium on Applied Computing
April 13 - 17, 2015
Salamanca, Spain

Acceptance Rates

SAC '15 Paper Acceptance Rate 291 of 1,211 submissions, 24%;
Overall Acceptance Rate 1,650 of 6,669 submissions, 25%

Upcoming Conference

SAC '25
The 40th ACM/SIGAPP Symposium on Applied Computing
March 31 - April 4, 2025
Catania , Italy

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)1
  • Downloads (Last 6 weeks)0
Reflects downloads up to 19 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2019)First international Competition on Runtime VerificationInternational Journal on Software Tools for Technology Transfer (STTT)10.1007/s10009-017-0454-521:1(31-70)Online publication date: 1-Feb-2019
  • (2018)How testing helps to diagnose proof failuresFormal Aspects of Computing10.1007/s00165-018-0456-430:6(629-657)Online publication date: 12-Jun-2018
  • (2017)Shadow state encoding for efficient monitoring of block-level propertiesACM SIGPLAN Notices10.1145/3156685.309226952:9(47-58)Online publication date: 18-Jun-2017
  • (2017)Shadow state encoding for efficient monitoring of block-level propertiesProceedings of the 2017 ACM SIGPLAN International Symposium on Memory Management10.1145/3092255.3092269(47-58)Online publication date: 18-Jun-2017
  • (2016)Fast as a shadow, expressive as a treeScience of Computer Programming10.1016/j.scico.2016.09.003132:P2(226-246)Online publication date: 15-Dec-2016
  • (2016)Lightweight runtime checking of C programs with RTCComputer Languages, Systems and Structures10.1016/j.cl.2016.01.00145:C(191-203)Online publication date: 1-Apr-2016
  • (2016)Your Proof Fails? Testing Helps to Find the ReasonTests and Proofs10.1007/978-3-319-41135-4_8(130-150)Online publication date: 21-Jun-2016

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media