SAFECode: enforcing alias analysis for weakly typed languages

@inproceedings{Dhurjati2006SAFECodeEA,
  title={SAFECode: enforcing alias analysis for weakly typed languages},
  author={D. Dhurjati and S. Kowshik and V. Adve},
  booktitle={PLDI '06},
  year={2006}
}
Static analysis of programs in weakly typed languages such as C and C++ is generally not sound because of possible memory errors due to dangling pointer references, uninitialized pointers, and array bounds overflow. We describe a compilation strategy for standard C programs that guarantees that aggressive interprocedural pointer analysis (or less precise ones), a call graph, and type information for a subset of memory, are never invalidated by any possible memory errors. We formalize our… Expand
Safecode: a platform for developing reliable software in unsafe languages
TLDR
This thesis presents a new compiler and a run-time system called SAFECode (Static Analysis For safe Execution of Code), which guarantees memory safety for programs in unsafe languages with very low overhead and can detect some of the hard-to detect memory errors with low overhead. Expand
Hardbound: architectural support for spatial safety of the C programming language
TLDR
A hardware bounded pointer architectural primitive that supports cooperative hardware/software enforcement of spatial memory safety for C programs is proposed, which is a new hardware primitive datatype for pointers that leaves the standard C pointer representation intact, but augments it with bounds information maintained separately and invisibly by the hardware. Expand
SafeType: detecting type violations for type‐basedalias analysis of C
TLDR
SafeType is presented, a purely static approach to detection of violations of the C standard's restrictions on memory accesses, and an implementation of SafeType in the IBM XL C compiler is described, showing that it scales to programs with hundreds of thousands of lines of code. Expand
A Sound Points-to Analysis for C: From Assumptions to Assertions
TLDR
This work presents a new approach to sound pointsto analysis that can handle C programs using the unsafe features of C and assumes that only valid pointers in an input program be dereferenced. Expand
Bounds Check Hoisting for AddressSanitizer
TLDR
This work consists in hoisting checks out of loops in such a way that AddressSanitizer’s semantics are maintained, but, by providing increased locality of access and by increasing the stride of bounds checks, it makes said checks notably cheaper. Expand
Practical low-overhead enforcement of memory safety for c programs
TLDR
This dissertation demonstrates the compatibility of a pointer-based approach to provide comprehensive memory safety that works with mostly unmodified C code with a low performance overhead by hardening legacy C/C++ code with minimal source code changes and shows the effectiveness of the approach by detecting new memory safety errors and previously knownMemory safety errors in large code bases. Expand
Runtime Enforcement of Memory Safety for the C Programming Language
TLDR
Experimental results indicate that MemSafe is capable of detecting memory safety violations in real-world programs with lower runtime overhead than previous methods, and its average runtime overhead for one common benchmark suite is a fraction of that associated with the previous technique that had the lowest overhead. Expand
Backwards-compatible array bounds checking for C with very low overhead
TLDR
A collection of techniques are described that dramatically reduce the overhead of this approach, by exploiting a fine-grain partitioning of memory called Automatic Pool Allocation, and shows that the memory partitioning is key to bringing down this overhead. Expand
Sulong, and Thanks for All the Bugs: Finding Errors in C Programs by Abstracting from the Native Execution Model
TLDR
A novel approach to finding bugs during the execution of a program by mapping data structures in C to those of the high-level language that performs automatic checks, which can find bugs that state-of-the-art tools overlook. Expand
SoftBound: highly compatible and complete spatial memory safety for c
TLDR
Inspired by HardBound, a previously proposed hardware-assisted approach, SoftBound similarly records base and bound information for every pointer as disjoint metadata, which enables SoftBound to provide spatial safety without requiring changes to C source code. Expand
...
1
2
3
4
5
...

References

SHOWING 1-10 OF 42 REFERENCES
Enforcing Alias Analysis for Weakly Typed Languages
TLDR
A compilation strategy for standard C programs that guarantees sound semantics for an aggressive interprocedural pointer analysis, a call graph, and type information for a subset of memory and shows that the sound analysis information enables static checking techniques that reliably eliminate many run-time checks. Expand
Memory safety without garbage collection for embedded applications
TLDR
A compiler technique is described that ensures that dereferencing dangling pointers to freed memory does not violate memory safety, without annotations, run-time checks, or garbage collection, and works for arbitrary type-safe C programs. Expand
Memory safety without runtime checks or garbage collection
TLDR
A compiler technique is created that ensures memory safety of dynamically allocated memory without programmer annotations, runtime checks, or garbage collection, and works for a large subclass of type-safe C programs. Expand
Efficient detection of all pointer and array access errors
TLDR
This work presents a pointer and array access checking technique that provides complete error coverage through a simple set of program transformations, and is the first technique that detects all spatial and temporal access errors. Expand
Backwards-Compatible Bounds Checking for Arrays and Pointers in C Programs
TLDR
A method of bounds checking C programs that ful lls the following criteria Backwards compatibility the ability to mix checked code and unchecked libraries for which the source may be proprietary or otherwise unavailable Works with all common C programming styles. Expand
ABCD: eliminating array bounds checks on demand
TLDR
ABCD is a light-weight algorithm for elimination of Array Bounds Checks on Demand that can be applied to a set of frequently executed (hot) bounds checks, which makes it suitable for the dynamic-compilation setting, in which compile-time cost is constrained but hot statements are known. Expand
Backwards-compatible array bounds checking for C with very low overhead
TLDR
A collection of techniques are described that dramatically reduce the overhead of this approach, by exploiting a fine-grain partitioning of memory called Automatic Pool Allocation, and shows that the memory partitioning is key to bringing down this overhead. Expand
CCured: type-safe retrofitting of legacy software
TLDR
CCured extends C's type system by separating pointer types according to their usage, and it uses a surprisingly simple type inference algorithm that is able to infer the appropriate pointer kinds for existing C programs. Expand
ARCHER: using symbolic, path-sensitive analysis to detect memory access errors
TLDR
ARCHER uses statistical code analysis to automatically infer the set of functions that it should track --- this inference serves as a robust guard against omissions, especially in large systems which can have hundreds of such functions. Expand
Ownership types for safe region-based memory management in real-time Java
TLDR
The experience indicates that the type system presented is sufficiently expressive and requires little programming overhead, and that eliminating the RTSJ runtime checks using a static type system can significantly decrease the execution time of real-time programs. Expand
...
1
2
3
4
5
...