Compilers: principles, techniques, and tools
Compilers: principles, techniques, and tools
Integral-C—a practical environment for C programming
SDE 2 Proceedings of the second ACM SIGSOFT/SIGPLAN software engineering symposium on Practical software development environments
Garbage collection in an uncooperative environment
Software—Practice & Experience
A fresh look at optimizing array bound checking
PLDI '90 Proceedings of the ACM SIGPLAN 1990 conference on Programming language design and implementation
An empirical study of the reliability of UNIX utilities
Communications of the ACM
Topics in advanced language implementation
Topics in advanced language implementation
Adding run-time checking to the portable C compiler
Software—Practice & Experience
Space efficient conservative garbage collection
PLDI '93 Proceedings of the ACM SIGPLAN 1993 conference on Programming language design and implementation
Computer
Optimizing sparse representations for dataflow analysis
IR '95 Papers from the 1995 ACM SIGPLAN workshop on Intermediate representations
A Practical Approach to Programming With Assertions
IEEE Transactions on Software Engineering
Context-insensitive alias analysis reconsidered
PLDI '95 Proceedings of the ACM SIGPLAN 1995 conference on Programming language design and implementation
Simple garbage-collector-safety
PLDI '96 Proceedings of the ACM SIGPLAN 1996 conference on Programming language design and implementation
Points-to analysis in almost linear time
POPL '96 Proceedings of the 23rd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Concurrent Detection of Software and Hardware Data-Access Faults
IEEE Transactions on Computers
Fast and accurate flow-insensitive points-to analysis
Proceedings of the 24th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Putting pointer analysis to work
POPL '98 Proceedings of the 25th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Pointer analysis for programs with structures and casting
Proceedings of the ACM SIGPLAN 1999 conference on Programming language design and implementation
Semantics-preserving procedure extraction
Proceedings of the 27th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Symbolic pointer analysis for detecting memory leaks
PEPM '00 Proceedings of the 2000 ACM SIGPLAN workshop on Partial evaluation and semantics-based program manipulation
Hardware-only stream prefetching and dynamic access ordering
Proceedings of the 14th international conference on Supercomputing
PASTE '01 Proceedings of the 2001 ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering
CCured: type-safe retrofitting of legacy code
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Region-based memory management in cyclone
PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
Ensuring code safety without runtime checks for real-time control systems
CASES '02 Proceedings of the 2002 international conference on Compilers, architecture, and synthesis for embedded systems
C++ in safety critical systems
Annals of Software Engineering
Computational Divided Differencing and Divided-Difference Arithmetics
Higher-Order and Symbolic Computation
Debugging via Run-Time Type Checking
FASE '01 Proceedings of the 4th International Conference on Fundamental Approaches to Software Engineering
ESOP '02 Proceedings of the 11th European Symposium on Programming Languages and Systems
Encoding Function Pointers and Memory Arrangement Checking against Buffer Overflow Attack
ICICS '02 Proceedings of the 4th International Conference on Information and Communications Security
ATEC '02 Proceedings of the General Track of the annual conference on USENIX Annual Technical Conference
Cleanness Checking of String Manipulations in C Programs via Integer Analysis
SAS '01 Proceedings of the 8th International Symposium on Static Analysis
Type-Assisted Dynamic Buffer Overflow Detection
Proceedings of the 11th USENIX Security Symposium
Performance Evaluation of Exception Handling in I/O Libraries
DSN '01 Proceedings of the 2001 International Conference on Dependable Systems and Networks (formerly: FTCS)
Compiler-directed run-time monitoring of program data access
Proceedings of the 2002 workshop on Memory system performance
Memory safety without runtime checks or garbage collection
Proceedings of the 2003 ACM SIGPLAN conference on Language, compiler, and tool for embedded systems
CSSV: towards a realistic tool for statically detecting all buffer overflows in C
PLDI '03 Proceedings of the ACM SIGPLAN 2003 conference on Programming language design and implementation
PLDI '03 Proceedings of the ACM SIGPLAN 2003 conference on Programming language design and implementation
Buffer overflow and format string overflow vulnerabilities
Software—Practice & Experience - Special issue: Security software
Ensuring integrity and service availability in a web-based control laboratory
Real-time system security
Protecting C programs from attacks via invalid pointer dereferences
Proceedings of the 9th European software engineering conference held jointly with 11th ACM SIGSOFT international symposium on Foundations of software engineering
A Hybrid Approach to Enhancing the Reliability of Software
Programming and Computing Software
Protection against Indirect Overflow Attacks on Pointers
IWIA '04 Proceedings of the Second IEEE International Information Assurance Workshop (IWIA'04)
SELF: a transparent security extension for ELF binaries
Proceedings of the 2003 workshop on New security paradigms
iWatcher: Efficient Architectural Support for Software Debugging
Proceedings of the 31st annual international symposium on Computer architecture
An efficient and backwards-compatible transformation to ensure memory safety of C programs
Proceedings of the 12th ACM SIGSOFT twelfth international symposium on Foundations of software engineering
AccMon: Automatically Detecting Memory-Related Bugs via Program Counter-Based Invariants
Proceedings of the 37th annual IEEE/ACM International Symposium on Microarchitecture
Memory safety without garbage collection for embedded applications
ACM Transactions on Embedded Computing Systems (TECS)
Symbolic bounds analysis of pointers, array indices, and accessed memory regions
ACM Transactions on Programming Languages and Systems (TOPLAS)
Efficient and flexible architectural support for dynamic monitoring
ACM Transactions on Architecture and Code Optimization (TACO)
CCured: type-safe retrofitting of legacy software
ACM Transactions on Programming Languages and Systems (TOPLAS)
Efficient and effective array bound checking
ACM Transactions on Programming Languages and Systems (TOPLAS)
Enhancing security through hardware-assisted run-time validation of program data properties
CODES+ISSS '05 Proceedings of the 3rd IEEE/ACM/IFIP international conference on Hardware/software codesign and system synthesis
Segment protection for embedded systems using run-time checks
Proceedings of the 2005 international conference on Compilers, architectures and synthesis for embedded systems
Preventing format-string attacks via automatic and efficient dynamic checking
Proceedings of the 12th ACM conference on Computer and communications security
Using Static Analysis to Reduce Dynamic Analysis Overhead
Formal Methods in System Design
IEEE Transactions on Computers
Quantified types in an imperative language
ACM Transactions on Programming Languages and Systems (TOPLAS)
Artemis: practical runtime monitoring of applications for execution anomalies
Proceedings of the 2006 ACM SIGPLAN conference on Programming language design and implementation
SAFECode: enforcing alias analysis for weakly typed languages
Proceedings of the 2006 ACM SIGPLAN conference on Programming language design and implementation
DieHard: probabilistic memory safety for unsafe languages
Proceedings of the 2006 ACM SIGPLAN conference on Programming language design and implementation
Backwards-compatible array bounds checking for C with very low overhead
Proceedings of the 28th international conference on Software engineering
HeapMon: a helper-thread approach to programmable, automatic, and low-overhead memory bug detection
IBM Journal of Research and Development
Design space exploration for 3D architectures
ACM Journal on Emerging Technologies in Computing Systems (JETC)
Heap protection for Java virtual machines
PPPJ '06 Proceedings of the 4th international symposium on Principles and practice of programming in Java
Architectural support for safe software execution on embedded processors
CODES+ISSS '06 Proceedings of the 4th international conference on Hardware/software codesign and system synthesis
Modern features for systems programming languages
Proceedings of the 44th annual Southeast regional conference
Dynamic heap type inference for program understanding and debugging
Proceedings of the 34th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
PathExpander: Architectural Support for Increasing the Path Coverage of Dynamic Bug Detection
Proceedings of the 39th Annual IEEE/ACM International Symposium on Microarchitecture
Fire-and-Forget: Load/Store Scheduling with No Store Queue at All
Proceedings of the 39th Annual IEEE/ACM International Symposium on Microarchitecture
Adaptive Caches: Effective Shaping of Cache Behavior to Workloads
Proceedings of the 39th Annual IEEE/ACM International Symposium on Microarchitecture
Which pointer errors do students make?
Proceedings of the 38th SIGCSE technical symposium on Computer science education
Hardware/software optimization for array & pointer boundary checking against buffer overflow attacks
Journal of Parallel and Distributed Computing - Special issue: Security in grid and distributed systems
Exterminator: automatically correcting memory errors with high probability
Proceedings of the 2007 ACM SIGPLAN conference on Programming language design and implementation
Enhancing server availability and security through failure-oblivious computing
OSDI'04 Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation - Volume 6
Detecting format string vulnerabilities with type qualifiers
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
TIED, LibsafePlus: tools for runtime buffer overflow protection
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Efficient techniques for comprehensive protection from memory error exploits
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Detecting format string vulnerabilities with type qualifiers
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Secure virtual architecture: a safe execution environment for commodity operating systems
Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
Proceedings of the 6th international symposium on Memory management
Architectural support for run-time validation of program data properties
IEEE Transactions on Very Large Scale Integration (VLSI) Systems
Java heap protection for debugging native methods
Science of Computer Programming
Hardbound: architectural support for spatial safety of the C programming language
Proceedings of the 13th international conference on Architectural support for programming languages and operating systems
Archipelago: trading address space for reliability and security
Proceedings of the 13th international conference on Architectural support for programming languages and operating systems
Beyond bug-finding: sound program analysis for Linux
HOTOS'07 Proceedings of the 11th USENIX workshop on Hot topics in operating systems
Exterminator: Automatically correcting memory errors with high probability
Communications of the ACM - Surviving the data deluge
DIMVA '08 Proceedings of the 5th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
A Hybrid Approach for Safe Memory Management in C
AMAST 2008 Proceedings of the 12th international conference on Algebraic Methodology and Software Technology
Abstracting access patterns of dynamic memory using regular expressions
ACM Transactions on Architecture and Code Optimization (TACO)
PFetch: software prefetching exploiting temporal predictability of memory access streams
Proceedings of the 9th workshop on MEmory performance: DEaling with Applications, systems and architecture
Interprocedural and Flow-Sensitive Type Analysis for Memory and Type Safety of C Code
Journal of Automated Reasoning
SoftBound: highly compatible and complete spatial memory safety for c
Proceedings of the 2009 ACM SIGPLAN conference on Programming language design and implementation
Implementation of the memory-safe full ANSI-C compiler
Proceedings of the 2009 ACM SIGPLAN conference on Programming language design and implementation
An overview of programming language based security
Proceedings of the 47th Annual Southeast Regional Conference
Backward-compatible constant-time exception-protected memory
Proceedings of the the 7th joint meeting of the European software engineering conference and the ACM SIGSOFT symposium on The foundations of software engineering
Design and optimization of the store vectors memory dependence predictor
ACM Transactions on Architecture and Code Optimization (TACO)
Demand-driven memory leak detection based on flow- and context-sensitive pointer analysis
Journal of Computer Science and Technology
Race-free and memory-safe multithreading: design and implementation in cyclone
Proceedings of the 5th ACM SIGPLAN workshop on Types in language design and implementation
PAriCheck: an efficient pointer arithmetic checker for C programs
ASIACCS '10 Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security
Layout transformations for heap objects using static access patterns
CC'07 Proceedings of the 16th international conference on Compiler construction
Bounds checking with taint-based analysis
HiPEAC'07 Proceedings of the 2nd international conference on High performance embedded architectures and compilers
Dependent types for low-level programming
ESOP'07 Proceedings of the 16th European conference on Programming
Fail-safe ANSI-C compiler: an approach to making C programs secure
ISSS'02 Proceedings of the 2002 Mext-NSF-JSPS international conference on Software security: theories and systems
Run-time type checking for binary programs
CC'03 Proceedings of the 12th international conference on Compiler construction
Advanced symbolic analysis for compilers: new techniques and algorithms for symbolic program analysis and optimization
CETS: compiler enforced temporal safety for C
Proceedings of the 2010 international symposium on Memory management
SUDS: an infrastructure for creating dynamic software defect detection tools
Automated Software Engineering
Using Pit to improve security in low-level programs
The Journal of Supercomputing
Baggy bounds checking: an efficient and backwards-compatible defense against out-of-bounds errors
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
Architectural support for low overhead detection of memory violations
Proceedings of the Conference on Design, Automation and Test in Europe
Cling: A memory allocator to mitigate dangling pointers
USENIX Security'10 Proceedings of the 19th USENIX conference on Security
ValueGuard: protection of native applications against data-only buffer overflows
ICISS'10 Proceedings of the 6th international conference on Information systems security
IEEE Transactions on Very Large Scale Integration (VLSI) Systems
Making the common case the only case with anticipatory memory allocation
FAST'11 Proceedings of the 9th USENIX conference on File and stroage technologies
Cruiser: concurrent heap buffer overflow monitoring using lock-free data structures
Proceedings of the 32nd ACM SIGPLAN conference on Programming language design and implementation
Making the common case the only case with anticipatory memory allocation
ACM Transactions on Storage (TOS)
Efficient protection against heap-based buffer overflows without resorting to magic
ICICS'06 Proceedings of the 8th international conference on Information and Communications Security
SWIPE: eager erasure of sensitive data in large scale systems software
Proceedings of the second ACM conference on Data and Application Security and Privacy
Checking memory safety with blast
FASE'05 Proceedings of the 8th international conference, held as part of the joint European Conference on Theory and Practice of Software conference on Fundamental Approaches to Software Engineering
Data slicing: separating the heap into independent regions
CC'05 Proceedings of the 14th international conference on Compiler Construction
Argus: online statistical bug detection
FASE'06 Proceedings of the 9th international conference on Fundamental Approaches to Software Engineering
SARA: combining stack allocation and register allocation
CC'06 Proceedings of the 15th international conference on Compiler Construction
Mitigating program security vulnerabilities: Approaches and challenges
ACM Computing Surveys (CSUR)
Runtime countermeasures for code injection attacks against C and C++ programs
ACM Computing Surveys (CSUR)
Automatic parallelization of fine-grained meta-functions on a chip multiprocessor
CGO '11 Proceedings of the 9th Annual IEEE/ACM International Symposium on Code Generation and Optimization
Proceedings of the Tenth International Symposium on Code Generation and Optimization
A type system for static and dynamic checking of C++ pointers
Computer Languages, Systems and Structures
Undangle: early detection of dangling pointers in use-after-free and double-free vulnerabilities
Proceedings of the 2012 International Symposium on Software Testing and Analysis
Watchdog: hardware for safe and secure manual memory management and full memory safety
Proceedings of the 39th Annual International Symposium on Computer Architecture
A framework for end-to-end verification and evaluation of register allocators
SAS'07 Proceedings of the 14th international conference on Static Analysis
There is safety in numbers: preventing control-flow hijacking by duplication
NordSec'12 Proceedings of the 17th Nordic conference on Secure IT Systems
MemSafe: ensuring the spatial and temporal memory safety of C at runtime
Software—Practice & Experience
CPM: Masking Code Pointers to Prevent Code Injection Attacks
ACM Transactions on Information and System Security (TISSEC)
Buffer overflow patching for C and C++ programs: rule-based approach
ACM SIGAPP Applied Computing Review
Ironclad C++: a library-augmented type-safe subset of c++
Proceedings of the 2013 ACM SIGPLAN international conference on Object oriented programming systems languages & applications
Automatic parallelization of fine-grained metafunctions on a chip multiprocessor
ACM Transactions on Architecture and Code Optimization (TACO)
WatchdogLite: Hardware-Accelerated Compiler-Based Pointer Checking
Proceedings of Annual IEEE/ACM International Symposium on Code Generation and Optimization
Static safety guarantees for a low-level multithreaded language with regions
Science of Computer Programming
| Hi-index | 0.01 |
We present a pointer and array access checking technique that provides complete error coverage through a simple set of program transformations. Our technique, based on an extended safe pointer representation, has a number of novel aspects. Foremost, it is the first technique that detects all spatial and temporal access errors. Its use is not limited by the expressiveness of the language; that is, it can be applied successfully to compiled or interpreted languages with subscripted and mutable pointers, local references, and explicit and typeless dynamic storage management, e.g., C. Because it is a source level transformation, it is amenable to both compile- and run-time optimization. Finally, its performance, even without compile-time optimization, is quite good. We implemented a prototype translator for the C language and analyzed the checking overheads of six non-trivial, pointer intensive programs. Execution overheads range from 130% to 540%; with text and data size overheads typically below 100%.