Towards optimization-safe systems: analyzing the impact of undefined behavior

@article{Wang2013TowardsOS,
  title={Towards optimization-safe systems: analyzing the impact of undefined behavior},
  author={Xi Wang and Nickolai Zeldovich and M. Frans Kaashoek and Armando Solar-Lezama},
  journal={Proceedings of the Twenty-Fourth ACM Symposium on Operating Systems Principles},
  year={2013}
}
This paper studies an emerging class of software bugs called optimization-unstable code: code that is unexpectedly discarded by compiler optimizations due to undefined behavior in the program. Unstable code is present in many systems, including the Linux kernel and the Postgres database. The consequences of unstable code range from incorrect functionality to missing security checks. To reason about unstable code, this paper proposes a novel model, which views unstable code in terms of… 
View on ACM
dl.acm.org
115 Citations
Highly Influential Citations
7
Background Citations
57
Methods Citations
15

115 Citations

Citation Type

Citation Type

A differential approach to undefined behavior detection
  • Xi Wang
  • Computer Science
    Commun. ACM
  • 2014
TLDR
A new static checker called STACK is introduced that precisely identifies undefined behavior bugs in systems programming languages such as C/C++ by finding "unstable code" in terms of optimizations that leverage undefined behavior.
Uncovering Undefined Behavior
TLDR
This paper presents a case study into the common mis-practices of many developers and has helped to develop a rule-of-thumb heuristic as to which types of bugs are more or less likely to be vulnerabilities.
Lenient Execution of C on a Java Virtual Machine: or: How I Learned to Stop Worrying and Run the Code
TLDR
This paper presents Lenient C, a C dialect that specifies semantics for behaviors left open for interpretation in the standard, and demonstrates how the dialect is implemented in Safe Sulong, aC interpreter with a dynamic compiler that runs on the JVM.
Beyond Binary Program Transformation
TLDR
It is argued that a formal model of intermediate code representation (e.g., LLVM or JVM bytecode) is the right level of abstraction to address the challenge of bloatware.
WinHeap Explorer: Efficient and Transparent Heap-Based Bug Detection in Machine Code
  • Maksim Shudrak
  • Computer Science
    2017 IEEE International Conference on Software Quality, Reliability and Security (QRS)
  • 2017
TLDR
WinHeap Explorer is proposed, a highperformance solution for heap based bug detection in machine code using an original approach called light-weight dynamic binary instrumentation, based on preliminary static analysis of code paths to highlight potentially erroneous parts, due to which the overhead is decreased.
Sulong, and Thanks for All the Bugs: Finding Errors in C Programs by Abstracting from the Native Execution Model
TLDR
A novel approach to finding bugs during the execution of a program by mapping data structures in C to those of the high-level language that performs automatic checks, which can find bugs that state-of-the-art tools overlook.
The Correctness-Security Gap in Compiler Optimization
TLDR
This paper introduces the correctness-security gap, which arises when a compiler optimization preserves the functionality of but violates a security guarantee made by source code, and shows that several standard optimizations, which have been formally proved correct, in-habit this correctness- security gap.
Detection of invalidated sanity checks caused by undefined behaviors
TLDR
An automated system to detect invalidated sanity checks by marking sanity checks in source code and checking the marks in binary code is proposed.
Is Rust Used Safely by Software Developers?
TLDR
A large-scale empirical study to explore how software developers are using Unsafe Rust in real-world Rust libraries and applications concludes that although the use of the keyword unsafe is limited, the propagation of unsafeness offers a challenge to the claim of Rust as a memory-safe language.
Taming undefined behavior in LLVM
TLDR
The current semantics of LLVM's IR fails to justify some cases of loop unswitching, global value numbering, and other important "textbook" optimizations, causing long-standing bugs.
...
1
2
3
4
5
...

References

SHOWING 1-10 OF 75 REFERENCES
Undefined behavior: what happened to my code?
TLDR
It is argued that the research community should help address the problems that arise from undefined behavior, and not dismiss them as esoteric C implementation issues, because they do happen in real-world systems.
Improving Integer Security for Systems with KINT
TLDR
KINT, a tool that uses scalable static analysis to detect integer errors in C programs, is presented and a new integer family with NaN semantics is proposed to help developers avoid integer errorsIn C programs.
Bugs as deviant behavior: a general approach to inferring errors in systems code
A major obstacle to finding program errors in a real system is knowing what correctness rules the system must obey. These rules are often undocumented or specified in an ad hoc manner. This paper
An executable formal semantics of C with applications
TLDR
The semantics is shown capable of automatically finding program errors, both statically and at runtime, and it is also used to enumerate nondeterministic behavior.
A Value Analysis for C Programs
TLDR
The value analysis of Frama-C is a plug-in based on abstract interpretation that computes and stores supersets of possible values for all the variables at each statement of the analyzed program and produces run-time-error alarms.
Defining the undefinedness of C
TLDR
It is argued that this work is the most comprehensive and complete semantic treatment of undefined behavior in C, and thus of the C language itself.
Understanding integer overflow in C/C++
TLDR
IOC, a dynamic checking tool for integer overflows, is developed and used to conduct the first detailed empirical study of the prevalence and patterns of occurrence ofinteger overflows in C and C++ code, and shows that intentional uses of wraparound behaviors are more common than is widely believed.
KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs
TLDR
A new symbolic execution tool, KLEE, capable of automatically generating tests that achieve high coverage on a diverse set of complex and environmentally-intensive programs, and significantly beat the coverage of the developers' own hand-written test suite is presented.
Threads cannot be implemented as a library
TLDR
It is illustrated that there are very simple cases in which a pure library-based approach seems incapable of expressing an efficient parallel algorithm.
Linux kernel vulnerabilities: state-of-the-art defenses and open problems
TLDR
The main findings are that techniques often protect against certain exploits of a vulnerability but leave other exploits of the same vulnerability open, and that no effective techniques exist to handle semantic vulnerabilities---violations of high-level security invariants.
...
1
2
3
4
5
...