skip to main content
10.1145/3293882.3330581acmconferencesArticle/Chapter ViewAbstractPublication PagesisstaConference Proceedingsconference-collections
research-article

Detecting memory errors at runtime with source-level instrumentation

Published: 10 July 2019 Publication History

Abstract

The unsafe language features of C, such as low-level control of memory, often lead to memory errors, which can result in silent data corruption, security vulnerabilities, and program crashes. Dynamic analysis tools, which have been widely used for detecting memory errors at runtime, usually perform instrumentation at the IR-level or binary-level. However, their underlying non-source-level instrumentation techniques have three inherent limitations: optimization sensitivity, platform dependence and DO-178C non-compliance. Due to optimization sensitivity, these tools are used to trade either performance for effectiveness by compiling the program at -O0 or effectiveness for performance by compiling the program at a higher optimization level, say, -O3.
In this paper, we overcome these three limitations by proposing a new source-level instrumentation technique and implementing it in a new dynamic analysis tool, called MOVEC, in a pointer-based instrumentation framework. Validation against a set of 86 microbenchmarks (with ground truth) and a set of 10 MiBench benchmarks shows that MOVEC outperforms state-of-the-art tools, SoftBoundCETS, Google's AddressSanitizer and Valgrind, in terms of both effectiveness and performance considered together.

References

[1]
Periklis Akritidis, Manuel Costa, Miguel Castro, and Steven Hand. 2009. Baggy Bounds Checking: An Efficient and Backwards-Compatible Defense against Outof-Bounds Errors. In Proceedings of the 18th USENIX Security Symposium. USENIX Association, 51–66.
[2]
Zhe Chen. 2019. Movec-MSBench: A Memory Safety Benchmark Suite, Version 1.0.0. https://github.com/drzchen/movec-msbench
[3]
Zhe Chen, Yi Gu, Zhiqiu Huang, Jun Zheng, Chang Liu, and Ziyi Liu. 2015. Model Checking Aircraft Controller Software: A Case Study. Software-Practice & Experience 45, 7 (2015), 989–1017.
[4]
Zhe Chen, Chuanqi Tao, Zhiyi Zhang, and Zhibin Yang. 2018. Beyond spatial and temporal memory safety. In Proceedings of the 40th International Conference on Software Engineering (ICSE 2018), Companion Volume. ACM, 189–190.
[5]
Zhe Chen, Zhemin Wang, Yunlong Zhu, Hongwei Xi, and Zhibin Yang. 2016. Parametric Runtime Verification of C Programs. In Proceedings of the 22nd International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS 2016) (Lecture Notes in Computer Science), Vol. 9636. Springer, 299–315.
[6]
Zhe Chen, Junqi Yan, Wenming Li, Ju Qian, and Zhiqiu Huang. 2018. Runtime verification of memory safety via source transformation. In Proceedings of the 40th International Conference on Software Engineering (ICSE 2018), Companion Volume. ACM, 264–265.
[7]
Dinakar Dhurjati and Vikram S. Adve. 2006. Backwards-compatible array bounds checking for C with very low overhead. In Proceedings of the 28th International Conference on Software Engineering (ICSE 2006). ACM, 162–171.
[8]
Thomas Dillig, Isil Dillig, and Swarat Chaudhuri. 2014. Optimal Guard Synthesis for Memory Safety. In Proceedings of the 26th International Conference on Computer Aided Verification, CAV 2014 (Lecture Notes in Computer Science), Armin Biere and Roderick Bloem (Eds.), Vol. 8559. Springer, 491–507.
[9]
RTCA DO-178C. December 2011. Software Considerations in Airborne Systems and Equipment Certification. RTCA, Inc.
[10]
I. A. Dudina and A. A. Belevantsev. 2017. Using static symbolic execution to detect buffer overflows. Programming and Computer Software 43, 5 (2017), 277–288.
[11]
Matthew R. Guthaus, Jeffrey S. Ringenberg, Dan Ernst, Todd M. Austin, Trevor Mudge, and Richard B. Brown. 2001. MiBench: A free, commercially representative embedded benchmark suite. In Proceedings of the IEEE 4th Annual Workshop on Workload Characterization. IEEE, 3–14.
[12]
Niranjan Hasabnis, Ashish Misra, and R. Sekar. 2012. Light-weight bounds checking. In 10th Annual IEEE/ACM International Symposium on Code Generation and Optimization, CGO 2012. ACM, 135–144.
[13]
Reed Hastings and Bob Joyce. 1992. Purify: Fast detection of memory leaks and access errors. In In Proceedings of the Winter 1992 USENIX Conference. 125–138.
[14]
Richard W. M. Jones and Paul H. J. Kelly. 1997. Backwards-Compatible Bounds Checking for Arrays and Pointers in C Programs. In Proceedings of the 3rd International Workshop on Automated Debugging, AADEBUG 1997. 13–26.
[15]
Lian Li, Cristina Cifuentes, and Nathan Keynes. 2010. Practical and effective symbolic analysis for buffer overflow detection. In Proceedings of the 18th ACM SIGSOFT International Symposium on Foundations of Software Engineering, FSE 2010. ACM, 317–326.
[16]
Tongping Liu, Charlie Curtsinger, and Emery D. Berger. 2016. DoubleTake: fast and precise error detection via evidence-based dynamic analysis. In Proceedings of the 38th International Conference on Software Engineering, ICSE 2016, Laura K. Dillon, Willem Visser, and Laurie Williams (Eds.). ACM, 911–922.
[17]
Alexey Loginov, Suan Hsi Yong, Susan Horwitz, and Thomas W. Reps. 2001. Debugging via Run-Time Type Checking. In Proceedings of the 4th International Conference on Fundamental Approaches to Software Engineering, FASE 2001 (Lecture Notes in Computer Science), Vol. 2029. Springer, 217–232.
[18]
Santosh Nagarakatte, Milo M. K. Martin, and Steve Zdancewic. 2012. Watchdog: Hardware for safe and secure manual memory management and full memory safety. In 39th International Symposium on Computer Architecture (ISCA 2012). IEEE Computer Society, 189–200.
[19]
Santosh Nagarakatte, Milo M. K. Martin, and Steve Zdancewic. 2014. WatchdogLite: Hardware-Accelerated Compiler-Based Pointer Checking. In 12th Annual IEEE/ACM International Symposium on Code Generation and Optimization, CGO 2014. ACM, 175–184.
[20]
Santosh Nagarakatte, Milo M. K. Martin, and Steve Zdancewic. 2015. Everything You Want to Know About Pointer-Based Checking. In 1st Summit on Advances in Programming Languages, SNAPL 2015 (LIPIcs), Vol. 32. Schloss Dagstuhl - Leibniz-Zentrum fuer Informatik, 190–208.
[21]
Santosh Nagarakatte, Jianzhou Zhao, Milo M. K. Martin, and Steve Zdancewic. 2009. SoftBound: highly compatible and complete spatial memory safety for C. In Proceedings of the 2009 ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2009. ACM, 245–258.
[22]
Santosh Nagarakatte, Jianzhou Zhao, Milo M. K. Martin, and Steve Zdancewic. 2010. CETS: compiler enforced temporal safety for C. In Proceedings of the 9th International Symposium on Memory Management, ISMM 2010. ACM, 31–40.
[23]
George C. Necula, Jeremy Condit, Matthew Harren, Scott McPeak, and Westley Weimer. 2005. CCured: type-safe retrofitting of legacy software. ACM Trans. Program. Lang. Syst. 27, 3 (2005), 477–526.
[24]
George C. Necula, Scott McPeak, and Westley Weimer. 2002. CCured: type-safe retrofitting of legacy code. In Proceedings of the 29th SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL 2002), John Launchbury and John C. Mitchell (Eds.). ACM, 128–139.
[25]
Nicholas Nethercote and Julian Seward. 2007. How to shadow every byte of memory used by a program. In Proceedings of the 3rd International Conference on Virtual Execution Environments, VEE 2007. ACM, 65–74.
[26]
Nicholas Nethercote and Julian Seward. 2007. Valgrind: a framework for heavyweight dynamic binary instrumentation. In Proceedings of the ACM SIGPLAN 2007 Conference on Programming Language Design and Implementation, PLDI 2007. ACM, 89–100.
[27]
Harish Patil and Charles N. Fischer. 1997. Low-Cost, Concurrent Checking of Pointer and Array Accesses in C Programs. Software - Practice and Experience 27, 1 (1997), 87–110.
[28]
Grigore Rosu, Wolfram Schulte, and Traian-Florin Serbanuta. 2009. Runtime Verification of C Memory Safety. In Proceedings of the 9th International Workshop on Runtime Verification, RV 2009 (Lecture Notes in Computer Science), Vol. 5779.
[29]
Springer, 132–151.
[30]
Olatunji Ruwase and Monica S. Lam. 2004. A Practical Dynamic Buffer Overflow Detector. In Proceedings of the Network and Distributed System Security Symposium, NDSS 2004. The Internet Society, 159–169.
[31]
Konstantin Serebryany, Derek Bruening, Alexander Potapenko, and Dmitriy Vyukov. 2012. AddressSanitizer: A Fast Address Sanity Checker. In 2012 USENIX Annual Technical Conference, Boston, MA, USA. USENIX Association, 309–318.
[32]
Julian Seward and Nicholas Nethercote. 2005. Using Valgrind to Detect Undefined Value Errors with Bit-Precision. In Proceedings of the 2005 USENIX Annual Technical Conference. USENIX, 17–30.
[33]
Matthew S. Simpson and Rajeev Barua. 2010. MemSafe: Ensuring the Spatial and Temporal Memory Safety of C at Runtime. In 10th IEEE International Working Conference on Source Code Analysis and Manipulation, SCAM 2010. IEEE Computer Society, 199–208.
[34]
Matthew S. Simpson and Rajeev Barua. 2013. MemSafe: ensuring the spatial and temporal memory safety of C at runtime. Software - Practice and Experience 43, 1 (2013), 93–128.
[35]
Yulei Sui, Ding Ye, and Jingling Xue. 2012. Static memory leak detection using full-sparse value-flow analysis. In International Symposium on Software Testing and Analysis, ISSTA 2012. ACM, 254–264.
[36]
Yulei Sui, Ding Ye, and Jingling Xue. 2014. Detecting Memory Leaks Statically with Full-Sparse Value-Flow Analysis. IEEE Trans. Software Eng. 40, 2 (2014), 107–122.
[37]
Kostyantyn Vorobyov, Julien Signoles, and Nikolai Kosmatov. 2017. Shadow state encoding for efficient monitoring of block-level properties. In Proceedings of the 2017 ACM SIGPLAN International Symposium on Memory Management, ISMM 2017. ACM, 47–58.
[38]
Wei Xu, Daniel C. DuVarney, and R. Sekar. 2004. An efficient and backwardscompatible transformation to ensure memory safety of C programs. In Proceedings of the 12th ACM SIGSOFT International Symposium on Foundations of Software Engineering (FSE 2004). ACM, 117–126.
[39]
Ding Ye, Yu Su, Yulei Sui, and Jingling Xue. 2014. WPBOUND: Enforcing Spatial Memory Safety Efficiently at Runtime with Weakest Preconditions. In 25th IEEE International Symposium on Software Reliability Engineering, ISSRE 2014. IEEE Computer Society, 88–99.
[40]
Suan Hsi Yong and Susan Horwitz. 2003. Protecting C programs from attacks via invalid pointer dereferences. In Proceedings of the 11th ACM SIGSOFT Symposium on Foundations of Software Engineering and the 9th European Software Engineering Conference, ESEC/FSE 2003, Jukka Paakki and Paola Inverardi (Eds.). ACM, 307– 316.
[41]
Qiang Zeng, Dinghao Wu, and Peng Liu. 2011. Cruiser: concurrent heap buffer overflow monitoring using lock-free data structures. In Proceedings of the 32nd ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2011. ACM, 367–377.

Cited By

View all
  • (2024)Design and Implementation of an Aspect-Oriented C Programming LanguageProceedings of the ACM on Programming Languages10.1145/36498348:OOPSLA1(642-669)Online publication date: 29-Apr-2024
  • (2024)Formally understanding Rust’s ownership and borrowing system at the memory levelFormal Methods in System Design10.1007/s10703-024-00460-364:1(200-236)Online publication date: 1-Dec-2024
  • (2023)A Smart Status Based Monitoring Algorithm for the Dynamic Analysis of Memory SafetyACM Transactions on Software Engineering and Methodology10.1145/363722733:4(1-47)Online publication date: 11-Dec-2023
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
ISSTA 2019: Proceedings of the 28th ACM SIGSOFT International Symposium on Software Testing and Analysis
July 2019
451 pages
ISBN:9781450362245
DOI:10.1145/3293882
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 10 July 2019

Permissions

Request permissions for this article.

Check for updates

Badges

  • Distinguished Paper

Author Tags

  1. compiler optimization
  2. dynamic analysis
  3. memory errors
  4. source-level instrumentation

Qualifiers

  • Research-article

Funding Sources

  • National Natural Science Foundation of China

Conference

ISSTA '19
Sponsor:

Acceptance Rates

Overall Acceptance Rate 58 of 213 submissions, 27%

Upcoming Conference

ISSTA '25

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)40
  • Downloads (Last 6 weeks)2
Reflects downloads up to 17 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2024)Design and Implementation of an Aspect-Oriented C Programming LanguageProceedings of the ACM on Programming Languages10.1145/36498348:OOPSLA1(642-669)Online publication date: 29-Apr-2024
  • (2024)Formally understanding Rust’s ownership and borrowing system at the memory levelFormal Methods in System Design10.1007/s10703-024-00460-364:1(200-236)Online publication date: 1-Dec-2024
  • (2023)A Smart Status Based Monitoring Algorithm for the Dynamic Analysis of Memory SafetyACM Transactions on Software Engineering and Methodology10.1145/363722733:4(1-47)Online publication date: 11-Dec-2023
  • (2023)Catamaran: Low-Overhead Memory Safety Enforcement via Parallel AccelerationProceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis10.1145/3597926.3598098(816-828)Online publication date: 12-Jul-2023
  • (2023)A Source-Level Instrumentation Framework for the Dynamic Analysis of Memory SafetyIEEE Transactions on Software Engineering10.1109/TSE.2022.321058049:4(2107-2127)Online publication date: 1-Apr-2023
  • (2023)Vicious Cycles in Distributed Software Systems2023 38th IEEE/ACM International Conference on Automated Software Engineering (ASE)10.1109/ASE56229.2023.00032(91-103)Online publication date: 11-Sep-2023
  • (2023)A Memory Object Sensitive Detecting Method for Use-After-Free Vulnerabilities2023 2nd International Conference on Artificial Intelligence, Human-Computer Interaction and Robotics (AIHCIR)10.1109/AIHCIR61661.2023.00096(543-547)Online publication date: 8-Dec-2023
  • (2023)Modeling imperative programs operations on memory in terms of Petri netsE3S Web of Conferences10.1051/e3sconf/202346004029460(04029)Online publication date: 11-Dec-2023
  • (2023)CCMOP: A Runtime Verification Tool for C/C++ ProgramsRuntime Verification10.1007/978-3-031-44267-4_18(339-350)Online publication date: 1-Oct-2023
  • (2022)A dynamic analysis tool for memory safety based on smart status and source-level instrumentationProceedings of the ACM/IEEE 44th International Conference on Software Engineering: Companion Proceedings10.1145/3510454.3516872(6-10)Online publication date: 21-May-2022
  • Show More Cited By

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media