CETS: compiler enforced temporal safety for C

Authors:
Santosh Nagarakatte;Jianzhou Zhao;Milo M.K. Martin;Steve Zdancewic
Affiliations:
University of Pennsylvania, Philadelphia, PA, USA;University of Pennsylvania, Philadelphia, PA, USA;University of Pennsylvania, Philadelphia, PA, USA;University of Pennsylvania, Philadelphia, PA, USA
Venue:
Proceedings of the 2010 international symposium on Memory management
Year:
2010

Citing 26
Cited 11

A fresh look at optimizing array bound checking

PLDI '90 Proceedings of the ACM SIGPLAN 1990 conference on Programming language design and implementation
Space efficient conservative garbage collection

PLDI '93 Proceedings of the ACM SIGPLAN 1993 conference on Programming language design and implementation
Efficient detection of all pointer and array access errors

PLDI '94 Proceedings of the ACM SIGPLAN 1994 conference on Programming language design and implementation
Low-cost, concurrent checking of pointer and array accesses in C programs

Software—Practice & Experience
ABCD: eliminating array bounds checks on demand

PLDI '00 Proceedings of the ACM SIGPLAN 2000 conference on Programming language design and implementation
Cyclone: A Safe Dialect of C

ATEC '02 Proceedings of the General Track of the annual conference on USENIX Annual Technical Conference
Memory safety without runtime checks or garbage collection

Proceedings of the 2003 ACM SIGPLAN conference on Language, compiler, and tool for embedded systems
Protecting C programs from attacks via invalid pointer dereferences

Proceedings of the 9th European software engineering conference held jointly with 11th ACM SIGSOFT international symposium on Foundations of software engineering
LLVM: A Compilation Framework for Lifelong Program Analysis & Transformation

Proceedings of the international symposium on Code generation and optimization: feedback-directed and runtime optimization
Safe programming at the c level of abstraction

Safe programming at the c level of abstraction
An efficient and backwards-compatible transformation to ensure memory safety of C programs

Proceedings of the 12th ACM SIGSOFT twelfth international symposium on Foundations of software engineering
CCured: type-safe retrofitting of legacy software

ACM Transactions on Programming Languages and Systems (TOPLAS)
Control-flow integrity

Proceedings of the 12th ACM conference on Computer and communications security
DieHard: probabilistic memory safety for unsafe languages

Proceedings of the 2006 ACM SIGPLAN conference on Programming language design and implementation
Backwards-compatible array bounds checking for C with very low overhead

Proceedings of the 28th international conference on Software engineering
Efficiently Detecting All Dangling Pointer Uses in Production Servers

DSN '06 Proceedings of the International Conference on Dependable Systems and Networks
Exterminator: automatically correcting memory errors with high probability

Proceedings of the 2007 ACM SIGPLAN conference on Programming language design and implementation
Valgrind: a framework for heavyweight dynamic binary instrumentation

Proceedings of the 2007 ACM SIGPLAN conference on Programming language design and implementation
How to shadow every byte of memory used by a program

Proceedings of the 3rd international conference on Virtual execution environments
Securing software by enforcing data-flow integrity

OSDI '06 Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation - Volume 7
Array bounds check elimination for the Java HotSpot™ client compiler

Proceedings of the 5th international symposium on Principles and practice of programming in Java
MemTracker: Efficient and Programmable Support for Memory Access Monitoring and Debugging

HPCA '07 Proceedings of the 2007 IEEE 13th International Symposium on High Performance Computer Architecture
Hardbound: architectural support for spatial safety of the C programming language

Proceedings of the 13th international conference on Architectural support for programming languages and operating systems
Preventing Memory Error Exploits with WIT

SP '08 Proceedings of the 2008 IEEE Symposium on Security and Privacy
SoftBound: highly compatible and complete spatial memory safety for c

Proceedings of the 2009 ACM SIGPLAN conference on Programming language design and implementation
Dependent types for low-level programming

ESOP'07 Proceedings of the 16th European conference on Programming

Runtime countermeasures for code injection attacks against C and C++ programs

ACM Computing Surveys (CSUR)
Light-weight bounds checking

Proceedings of the Tenth International Symposium on Code Generation and Optimization
Undangle: early detection of dangling pointers in use-after-free and double-free vulnerabilities

Proceedings of the 2012 International Symposium on Software Testing and Analysis
Watchdog: hardware for safe and secure manual memory management and full memory safety

Proceedings of the 39th Annual International Symposium on Computer Architecture
Understanding programming bugs in ANSI-C software using bounded model checking counter-examples

IFM'12 Proceedings of the 9th international conference on Integrated Formal Methods
MemSafe: ensuring the spatial and temporal memory safety of C at runtime

Software—Practice & Experience
Towards hinted collection: annotations for decreasing garbage collector pause times

Proceedings of the 2013 international symposium on memory management
Ironclad C++: a library-augmented type-safe subset of c++

Proceedings of the 2013 ACM SIGPLAN international conference on Object oriented programming systems languages & applications
Low-fat pointers: compact encoding and efficient gate-level implementation of fat pointers for spatial safety and capability-based security

Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Automatic parallelization of fine-grained metafunctions on a chip multiprocessor

ACM Transactions on Architecture and Code Optimization (TACO)
WatchdogLite: Hardware-Accelerated Compiler-Based Pointer Checking

Proceedings of Annual IEEE/ACM International Symposium on Code Generation and Optimization

Quantified Score

Hi-index	0.00

Visualization

Abstract

Temporal memory safety errors, such as dangling pointer dereferences and double frees, are a prevalent source of software bugs in unmanaged languages such as C. Existing schemes that attempt to retrofit temporal safety for such languages have high runtime overheads and/or are incomplete, thereby limiting their effectiveness as debugging aids. This paper presents CETS, a compile-time transformation for detecting all violations of temporal safety in C programs. Inspired by existing approaches, CETS maintains a unique identifier with each object, associates this metadata with the pointers in a disjoint metadata space to retain memory layout compatibility, and checks that the object is still allocated on pointer dereferences. A formal proof shows that this is sufficient to provide temporal safety even in the presence of arbitrary casts if the program contains no spatial safety violations. Our CETS prototype employs both temporal check removal optimizations and traditional compiler optimizations to achieve a runtime overhead of just 48% on average. When combined with a spatial-checking system, the average overall overhead is 116% for complete memory safety