Efficient detection of all pointer and array access errors
PLDI '94 Proceedings of the ACM SIGPLAN 1994 conference on Programming language design and implementation
CCured: type-safe retrofitting of legacy code
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Adoption and focus: practical linear types for imperative programming
PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
Region-based memory management in cyclone
PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
A Memory Allocation Profiler for C and Lisp Programs
A Memory Allocation Profiler for C and Lisp Programs
Integrating Static and Dynamic Analysis for Detecting Vulnerabilities
COMPSAC '06 Proceedings of the 30th Annual International Computer Software and Applications Conference - Volume 01
Using Valgrind to detect undefined value errors with bit-precision
ATEC '05 Proceedings of the annual conference on USENIX Annual Technical Conference
Team Edit Automata for Testing Security Property
IAS '07 Proceedings of the Third International Symposium on Information Assurance and Security
Type and Effect Annotations for Safe Memory Access in C
ARES '08 Proceedings of the 2008 Third International Conference on Availability, Reliability and Security
Hi-index | 0.00 |
In this paper, we present a novel approach that establishes a synergy between static and dynamic analyses for detecting memory errors in Ccode. We extend the standard Ctype system with effect, region, and host annotations that are relevant to memory management. We define static memory checks to detect memory errors using these annotations. The statically undecidable checks are delegated to dynamic code instrumentation to secure program executions. The static analysis guides its dynamic counterpart by locating instrumentation points and their execution paths. Our dynamic analysis instruments programs with in-lined monitors that observe program executions and ensure safe-fail when encountering memory errors. We prototype our approach by extending the GCC compiler with our type system, a dynamic monitoring library, and code instrumentation capabilities.