Garbage collection in an uncooperative environment
Software—Practice & Experience
LFP '90 Proceedings of the 1990 ACM conference on LISP and functional programming
POPL '90 Proceedings of the 17th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Dynamic typing in a statically typed language
ACM Transactions on Programming Languages and Systems (TOPLAS)
PLDI '91 Proceedings of the ACM SIGPLAN 1991 conference on Programming language design and implementation
Adding run-time checking to the portable C compiler
Software—Practice & Experience
Global tagging optimization by type inference
LFP '92 Proceedings of the 1992 ACM conference on LISP and functional programming
A practical approach to type inference for EuLisp
Lisp and Symbolic Computation
Efficient detection of all pointer and array access errors
PLDI '94 Proceedings of the ACM SIGPLAN 1994 conference on Programming language design and implementation
Static detection of dynamic memory errors
PLDI '96 Proceedings of the ACM SIGPLAN 1996 conference on Programming language design and implementation
Olden: parallelizing programs with dynamic data structures on distributed-memory machines
Olden: parallelizing programs with dynamic data structures on distributed-memory machines
A practical soft type system for scheme
ACM Transactions on Programming Languages and Systems (TOPLAS)
Low-cost, concurrent checking of pointer and array accesses in C programs
Software—Practice & Experience
Objective ML: a simple object-oriented extension of ML
Proceedings of the 24th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Dynamic typing as staged type inference
POPL '98 Proceedings of the 25th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Aggregate structure identification and its application to program analysis
Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
A sound polymorphic type system for a dialect of C
Science of Computer Programming - Special issue on the 6th European symposium on programming
Proceedings of the 1999 ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering
ESEC/FSE-7 Proceedings of the 7th European software engineering conference held jointly with the 7th ACM SIGSOFT international symposium on Foundations of software engineering
CLU Reference Manual
Debugging via Run-Time Type Checking
FASE '01 Proceedings of the 4th International Conference on Fundamental Approaches to Software Engineering
Effective Flow Analysis for Avoiding Run-Time Checks
SAS '95 Proceedings of the Second International Symposium on Static Analysis
The SLAM project: debugging system software via static analysis
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Flow-sensitive type qualifiers
PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
Region-based memory management in cyclone
PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
Ensuring code safety without runtime checks for real-time control systems
CASES '02 Proceedings of the 2002 international conference on Compilers, architecture, and synthesis for embedded systems
Runtime verification of authorization hook placement for the linux security modules framework
Proceedings of the 9th ACM conference on Computer and communications security
Type-safe multithreading in cyclone
Proceedings of the 2003 ACM SIGPLAN international workshop on Types in languages design and implementation
ESOP '02 Proceedings of the 11th European Symposium on Programming Languages and Systems
ATEC '02 Proceedings of the General Track of the annual conference on USENIX Annual Technical Conference
Using CQUAL for Static Analysis of Authorization Hook Placement
Proceedings of the 11th USENIX Security Symposium
CIL: Intermediate Language and Tools for Analysis and Transformation of C Programs
CC '02 Proceedings of the 11th International Conference on Compiler Construction
Memory safety without runtime checks or garbage collection
Proceedings of the 2003 ACM SIGPLAN conference on Language, compiler, and tool for embedded systems
Bug isolation via remote program sampling
PLDI '03 Proceedings of the ACM SIGPLAN 2003 conference on Programming language design and implementation
PLDI '03 Proceedings of the ACM SIGPLAN 2003 conference on Programming language design and implementation
Buffer overflow and format string overflow vulnerabilities
Software—Practice & Experience - Special issue: Security software
Protecting C programs from attacks via invalid pointer dereferences
Proceedings of the 9th European software engineering conference held jointly with 11th ACM SIGSOFT international symposium on Foundations of software engineering
ARCHER: using symbolic, path-sensitive analysis to detect memory access errors
Proceedings of the 9th European software engineering conference held jointly with 11th ACM SIGSOFT international symposium on Foundations of software engineering
An effective theory of type refinements
ICFP '03 Proceedings of the eighth ACM SIGPLAN international conference on Functional programming
Capriccio: scalable threads for internet services
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Countering code-injection attacks with instruction-set randomization
Proceedings of the 10th ACM conference on Computer and communications security
Buffer overrun detection using linear programming and static analysis
Proceedings of the 10th ACM conference on Computer and communications security
Proceedings of the 2003 ACM workshop on Rapid malcode
Declaring and checking non-null types in an object-oriented language
OOPSLA '03 Proceedings of the 18th annual ACM SIGPLAN conference on Object-oriented programing, systems, languages, and applications
A Hybrid Approach to Enhancing the Reliability of Software
Programming and Computing Software
Heap-Bounded Assembly Language
Journal of Automated Reasoning
SELF: a transparent security extension for ELF binaries
Proceedings of the 2003 workshop on New security paradigms
Securing web application code by static analysis and runtime protection
Proceedings of the 13th international conference on World Wide Web
iWatcher: Efficient Architectural Support for Software Debugging
Proceedings of the 31st annual international symposium on Computer architecture
Programming and Computing Software
Static program analysis of embedded executable assembly code
Proceedings of the 2004 international conference on Compilers, architecture, and synthesis for embedded systems
Secure program execution via dynamic information flow tracking
ASPLOS XI Proceedings of the 11th international conference on Architectural support for programming languages and operating systems
An efficient and backwards-compatible transformation to ensure memory safety of C programs
Proceedings of the 12th ACM SIGSOFT twelfth international symposium on Foundations of software engineering
Self-regenerative software components
Proceedings of the 2003 ACM workshop on Survivable and self-regenerative systems: in association with 10th ACM Conference on Computer and Communications Security
AccMon: Automatically Detecting Memory-Related Bugs via Program Counter-Based Invariants
Proceedings of the 37th annual IEEE/ACM International Symposium on Microarchitecture
Region-based shape analysis with tracked locations
Proceedings of the 32nd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Run-time Detection of Heap-based Overflows
LISA '03 Proceedings of the 17th USENIX conference on System administration
Memory safety without garbage collection for embedded applications
ACM Transactions on Embedded Computing Systems (TECS)
Randomized instruction set emulation
ACM Transactions on Information and System Security (TISSEC)
Efficient and Safe Execution of User-Level Code in the Kernel
IPDPS '05 Proceedings of the 19th IEEE International Parallel and Distributed Processing Symposium (IPDPS'05) - Workshop 10 - Volume 11
Efficient and flexible architectural support for dynamic monitoring
ACM Transactions on Architecture and Code Optimization (TACO)
Checking type safety of foreign function calls
Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation
Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation
DART: directed automated random testing
Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation
CCured: type-safe retrofitting of legacy software
ACM Transactions on Programming Languages and Systems (TOPLAS)
Programming Languages and Systems Security
IEEE Security and Privacy
Enhancing security through hardware-assisted run-time validation of program data properties
CODES+ISSS '05 Proceedings of the 3rd IEEE/ACM/IFIP international conference on Hardware/software codesign and system synthesis
Mondrix: memory isolation for linux using mondriaan memory protection
Proceedings of the twentieth ACM symposium on Operating systems principles
Vigilante: end-to-end containment of internet worms
Proceedings of the twentieth ACM symposium on Operating systems principles
Automatic detection and correction of programming faults for software applications
Journal of Systems and Software
Fast and automated generation of attack signatures: a basis for building self-protecting servers
Proceedings of the 12th ACM conference on Computer and communications security
Proceedings of the 12th ACM conference on Computer and communications security
Preventing format-string attacks via automatic and efficient dynamic checking
Proceedings of the 12th ACM conference on Computer and communications security
Using Static Analysis to Reduce Dynamic Analysis Overhead
Formal Methods in System Design
Conference record of the 33rd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Install-Time Vaccination of Windows Executables to Defend against Stack Smashing Attacks
IEEE Transactions on Dependable and Secure Computing
Gaining and maintaining confidence in operating systems security
EW 10 Proceedings of the 10th workshop on ACM SIGOPS European workshop
Quantified types in an imperative language
ACM Transactions on Programming Languages and Systems (TOPLAS)
DieHard: probabilistic memory safety for unsafe languages
Proceedings of the 2006 ACM SIGPLAN conference on Programming language design and implementation
Field-sensitive value analysis of embedded C programs with union types and pointer arithmetics
Proceedings of the 2006 ACM SIGPLAN/SIGBED conference on Language, compilers, and tool support for embedded systems
Proceedings of the 2006 workshop on Programming languages and analysis for security
HeapMon: a helper-thread approach to programmable, automatic, and low-overhead memory bug detection
IBM Journal of Research and Development
SmashGuard: A Hardware Solution to Prevent Security Attacks on the Function Return Address
IEEE Transactions on Computers
Heap protection for Java virtual machines
PPPJ '06 Proceedings of the 4th international symposium on Principles and practice of programming in Java
Proceedings of the 12th international conference on Architectural support for programming languages and operating systems
Scheduling-independent threads and exceptions in SHIM
EMSOFT '06 Proceedings of the 6th ACM & IEEE International conference on Embedded software
Software partitioning for effective automated unit testing
EMSOFT '06 Proceedings of the 6th ACM & IEEE International conference on Embedded software
Flow-insensitive type qualifiers
ACM Transactions on Programming Languages and Systems (TOPLAS)
Combined static and dynamic analysis for inferring program dependencies using a pattern language
CASCON '06 Proceedings of the 2006 conference of the Center for Advanced Studies on Collaborative research
PathExpander: Architectural Support for Increasing the Path Coverage of Dynamic Bug Detection
Proceedings of the 39th Annual IEEE/ACM International Symposium on Microarchitecture
Thorough static analysis of device drivers
Proceedings of the 1st ACM SIGOPS/EuroSys European Conference on Computer Systems 2006
SUDS: an infrastructure for dynamic software bug detection using static analysis
ACM SIGSOFT Software Engineering Notes
Harbor: software-based memory protection for sensor nodes
Proceedings of the 6th international conference on Information processing in sensor networks
Flashback: a lightweight extension for rollback and deterministic replay for software debugging
ATEC '04 Proceedings of the annual conference on USENIX Annual Technical Conference
Exterminator: automatically correcting memory errors with high probability
Proceedings of the 2007 ACM SIGPLAN conference on Programming language design and implementation
Static error detection using semantic inconsistency inference
Proceedings of the 2007 ACM SIGPLAN conference on Programming language design and implementation
Thirty years is long enough: getting beyond C
HOTOS'05 Proceedings of the 10th conference on Hot Topics in Operating Systems - Volume 10
Enhancing server availability and security through failure-oblivious computing
OSDI'04 Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation - Volume 6
PointguardTM: protecting pointers from buffer overflow vulnerabilities
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Address obfuscation: an efficient approach to combat a board range of memory error exploits
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
High coverage detection of input-related security facults
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Scrash: a system for generating secure crash information
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Finding user/kernel pointer bugs with type inference
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Non-control-data attacks are realistic threats
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Protecting against unexpected system calls
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Efficient techniques for comprehensive protection from memory error exploits
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
3D Integration for Introspection
IEEE Micro
Melange: creating a "functional" internet
Proceedings of the 2nd ACM SIGOPS/EuroSys European Conference on Computer Systems 2007
Sweeper: a lightweight end-to-end system for defending against fast worms
Proceedings of the 2nd ACM SIGOPS/EuroSys European Conference on Computer Systems 2007
A system for coarse grained memory protection in tiny embedded processors
Proceedings of the 44th annual Design Automation Conference
Ensuring secure program execution in multiprocessor embedded systems: a case study
CODES+ISSS '07 Proceedings of the 5th IEEE/ACM international conference on Hardware/software codesign and system synthesis
A fast and generic hybrid simulation approach using C virtual machine
CASES '07 Proceedings of the 2007 international conference on Compilers, architecture, and synthesis for embedded systems
Verification of device drivers and intelligent controllers: a case study
EMSOFT '07 Proceedings of the 7th ACM & IEEE international conference on Embedded software
Forma: A framework for safe automatic array reshaping
ACM Transactions on Programming Languages and Systems (TOPLAS)
Triage: diagnosing production run failures at the user's site
Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
Automated detection of persistent kernel control-flow attacks
Proceedings of the 14th ACM conference on Computer and communications security
Memsherlock: an automated debugger for unknown memory corruption vulnerabilities
Proceedings of the 14th ACM conference on Computer and communications security
Architectural support for run-time validation of program data properties
IEEE Transactions on Very Large Scale Integration (VLSI) Systems
A theory of platform-dependent low-level software
Proceedings of the 35th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Exceptional situations and program reliability
ACM Transactions on Programming Languages and Systems (TOPLAS)
Java heap protection for debugging native methods
Science of Computer Programming
Archipelago: trading address space for reliability and security
Proceedings of the 13th international conference on Architectural support for programming languages and operating systems
Learning from mistakes: a comprehensive study on real world concurrency bug characteristics
Proceedings of the 13th international conference on Architectural support for programming languages and operating systems
A practical mimicry attack against powerful system-call monitors
Proceedings of the 2008 ACM symposium on Information, computer and communications security
An efficient runtime instruction block verification for secure embedded systems
Journal of Embedded Computing - Embeded Processors and Systems: Architectural Issues and Solutions for Emerging Applications
Checking type safety of foreign function calls
ACM Transactions on Programming Languages and Systems (TOPLAS)
Dynamic inference of likely data preconditions over predicates by tree learning
ISSTA '08 Proceedings of the 2008 international symposium on Software testing and analysis
SHIELD: a software hardware design methodology for security and reliability of MPSoCs
Proceedings of the 45th annual Design Automation Conference
Exterminator: Automatically correcting memory errors with high probability
Communications of the ACM - Surviving the data deluge
The Verified Software Challenge: A Call for a Holistic Approach to Reliability
Verified Software: Theories, Tools, Experiments
Pointer Analysis, Conditional Soundness, and Proving the Absence of Errors
SAS '08 Proceedings of the 15th international symposium on Static Analysis
DIMVA '08 Proceedings of the 5th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
A Hybrid Approach for Safe Memory Management in C
AMAST 2008 Proceedings of the 12th international conference on Algebraic Methodology and Software Technology
VSTTE '08 Proceedings of the 2nd international conference on Verified Software: Theories, Tools, Experiments
Efficient software model checking of soundness of type systems
Proceedings of the 23rd ACM SIGPLAN conference on Object-oriented programming systems languages and applications
LOCS: a low overhead profiler-driven design flow for security of MPSoCs
CODES+ISSS '08 Proceedings of the 6th IEEE/ACM/IFIP international conference on Hardware/Software codesign and system synthesis
Vigilante: End-to-end containment of Internet worm epidemics
ACM Transactions on Computer Systems (TOCS)
Efficient and extensible security enforcement using dynamic data flow analysis
Proceedings of the 15th ACM conference on Computer and communications security
Static Detection of Place Locality and Elimination of Runtime Checks
APLAS '08 Proceedings of the 6th Asian Symposium on Programming Languages and Systems
An empirical security study of the native code in the JDK
SS'08 Proceedings of the 17th conference on Security symposium
Real-world buffer overflow protection for userspace & kernelspace
SS'08 Proceedings of the 17th conference on Security symposium
Instruction-level countermeasures against stack-based buffer overflow attacks
Proceedings of the 1st EuroSys Workshop on Virtualization Technology for Dependable Systems
MEDS: The Memory Error Detection System
ESSoS '09 Proceedings of the 1st International Symposium on Engineering Secure Software and Systems
Precise garbage collection for C
Proceedings of the 2009 international symposium on Memory management
Implementation of the memory-safe full ANSI-C compiler
Proceedings of the 2009 ACM SIGPLAN conference on Programming language design and implementation
An overview of programming language based security
Proceedings of the 47th Annual Southeast Regional Conference
Backward-compatible constant-time exception-protected memory
Proceedings of the the 7th joint meeting of the European software engineering conference and the ACM SIGSOFT symposium on The foundations of software engineering
Control-flow integrity principles, implementations, and applications
ACM Transactions on Information and System Security (TISSEC)
A Lightweight Buffer Overflow Protection Mechanism with Failure-Oblivious Capability
ICA3PP '09 Proceedings of the 9th International Conference on Algorithms and Architectures for Parallel Processing
Fast byte-granularity software fault isolation
Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles
Debug all your code: portable mixed-environment debugging
Proceedings of the 24th ACM SIGPLAN conference on Object oriented programming systems languages and applications
ACM Transactions on Programming Languages and Systems (TOPLAS)
Compositional may-must program analysis: unleashing the power of alternation
Proceedings of the 37th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Orthrus: efficient software integrity protection on multi-cores
Proceedings of the fifteenth edition of ASPLOS on Architectural support for programming languages and operating systems
Execution suppression: An automated iterative technique for locating memory errors
ACM Transactions on Programming Languages and Systems (TOPLAS)
PAriCheck: an efficient pointer arithmetic checker for C programs
ASIACCS '10 Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security
FMICS'06/PDMC'06 Proceedings of the 11th international workshop, FMICS 2006 and 5th international workshop, PDMC conference on Formal methods: Applications and technology
Bounds checking with taint-based analysis
HiPEAC'07 Proceedings of the 2nd international conference on High performance embedded architectures and compilers
Fail-safe ANSI-C compiler: an approach to making C programs secure
ISSS'02 Proceedings of the 2002 Mext-NSF-JSPS international conference on Software security: theories and systems
Run-time type checking for binary programs
CC'03 Proceedings of the 12th international conference on Compiler construction
The verifying compiler: a grand challenge for computing research
CC'03 Proceedings of the 12th international conference on Compiler construction
Proceedings of the 1st Workshop on Critical Automotive applications: Robustness & Safety
Low-level software security: attacks and defenses
Foundations of security analysis and design IV
Jinn: synthesizing dynamic bug detectors for foreign language interfaces
PLDI '10 Proceedings of the 2010 ACM SIGPLAN conference on Programming language design and implementation
SUDS: an infrastructure for creating dynamic software defect detection tools
Automated Software Engineering
Proceedings of the 19th international symposium on Software testing and analysis
Independence from obfuscation: A semantic framework for diversity
Journal of Computer Security
Using Pit to improve security in low-level programs
The Journal of Supercomputing
Baggy bounds checking: an efficient and backwards-compatible defense against out-of-bounds errors
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
Robusta: taming the native beast of the JVM
Proceedings of the 17th ACM conference on Computer and communications security
Proceedings of the 17th ACM conference on Computer and communications security
Architectural support for low overhead detection of memory violations
Proceedings of the Conference on Design, Automation and Test in Europe
CUFFS: an instruction count based architectural framework for security of MPSoCs
Proceedings of the Conference on Design, Automation and Test in Europe
Toward reliable and efficient message passing software through formal analysis
IPDPS'06 Proceedings of the 20th international conference on Parallel and distributed processing
Singleton: a general-purpose dependently-typed assembly language
Proceedings of the 7th ACM SIGPLAN workshop on Types in language design and implementation
IEEE Transactions on Very Large Scale Integration (VLSI) Systems
JNI light: an operational model for the core JNI
APLAS'10 Proceedings of the 8th Asian conference on Programming languages and systems
An overview of a proof-based approach to detecting C vulnerabilities
Proceedings of the 2011 ACM Symposium on Applied Computing
Generating analyses for detecting faults in path segments
Proceedings of the 2011 International Symposium on Software Testing and Analysis
Inferring data polymorphism in systems code
Proceedings of the 19th ACM SIGSOFT symposium and the 13th European conference on Foundations of software engineering
WOOT'11 Proceedings of the 5th USENIX conference on Offensive technologies
Orion: high-precision methods for static error analysis of c and c++ programs
FMCO'05 Proceedings of the 4th international conference on Formal Methods for Components and Objects
SWIPE: eager erasure of sensitive data in large scale systems software
Proceedings of the second ACM conference on Data and Application Security and Privacy
Checking memory safety with blast
FASE'05 Proceedings of the 8th international conference, held as part of the joint European Conference on Theory and Practice of Software conference on Fundamental Approaches to Software Engineering
Data slicing: separating the heap into independent regions
CC'05 Proceedings of the 14th international conference on Compiler Construction
An efficient pointer protection scheme to defend buffer overflow attacks
PARA'04 Proceedings of the 7th international conference on Applied Parallel Computing: state of the Art in Scientific Computing
Mining temporal specifications for error detection
TACAS'05 Proceedings of the 11th international conference on Tools and Algorithms for the Construction and Analysis of Systems
A dynamic mechanism for recovering from buffer overflow attacks
ISC'05 Proceedings of the 8th international conference on Information Security
Safe programming with pointers through stateful views
PADL'05 Proceedings of the 7th international conference on Practical Aspects of Declarative Languages
SafeCard: a gigabit IPS on the network card
RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection
IntFinder: automatically detecting integer bugs in x86 binary program
ICICS'09 Proceedings of the 11th international conference on Information and Communications Security
Software model checking: searching for computations in the abstract or the concrete
IFM'05 Proceedings of the 5th international conference on Integrated Formal Methods
Runtime countermeasures for code injection attacks against C and C++ programs
ACM Computing Surveys (CSUR)
Automatic parallelization of fine-grained meta-functions on a chip multiprocessor
CGO '11 Proceedings of the 9th Annual IEEE/ACM International Symposium on Code Generation and Optimization
Sound and precise analysis of parallel programs through schedule specialization
Proceedings of the 33rd ACM SIGPLAN conference on Programming Language Design and Implementation
A type system for static and dynamic checking of C++ pointers
Computer Languages, Systems and Structures
Undangle: early detection of dangling pointers in use-after-free and double-free vulnerabilities
Proceedings of the 2012 International Symposium on Software Testing and Analysis
AddressSanitizer: a fast address sanity checker
USENIX ATC'12 Proceedings of the 2012 USENIX conference on Annual Technical Conference
Learning fine-grained structured input for memory corruption detection
ISC'12 Proceedings of the 15th international conference on Information Security
Improving Memory Management Security for C and C++
International Journal of Secure Software Engineering
Monitoring Buffer Overflow Attacks: A Perennial Task
International Journal of Secure Software Engineering
Most influential papers of ICFP, OOPSLA, PLDI, and POPL
ACM SIGPLAN Notices - Supplemental issue
Unikernels: library operating systems for the cloud
Proceedings of the eighteenth international conference on Architectural support for programming languages and operating systems
Common specification language for static and dynamic analysis of C programs
Proceedings of the 28th Annual ACM Symposium on Applied Computing
CPM: Masking Code Pointers to Prevent Code Injection Attacks
ACM Transactions on Information and System Security (TISSEC)
Scalaness/nesT: type specialized staged programming for sensor networks
Proceedings of the 12th international conference on Generative programming: concepts & experiences
Annotation for automation: rapid generation of file system tools
Proceedings of the Seventh Workshop on Programming Languages and Operating Systems
Strato: a retargetable framework for low-level inlined-reference monitors
SEC'13 Proceedings of the 22nd USENIX conference on Security
Bringing java's wild native world under control
ACM Transactions on Information and System Security (TISSEC)
Automatic parallelization of fine-grained metafunctions on a chip multiprocessor
ACM Transactions on Architecture and Code Optimization (TACO)
Control-flow integrity principles, implementations, and applications
ACM Transactions on Information and System Security (TISSEC)
A distributed framework for demand-driven software vulnerability detection
Journal of Systems and Software
| Hi-index | 0.00 |
In this paper we propose a scheme that combines type inference and run-time checking to make existing C programs type safe. We describe the CCured type system, which extends that of C by separating pointer types according to their usage. This type system allows both pointers whose usage can be verified statically to be type safe, and pointers whose safety must be checked at run time. We prove a type soundness result and then we present a surprisingly simple type inference algorithm that is able to infer the appropriate pointer kinds for existing C programs.Our experience with the CCured system shows that the inference is very effective for many C programs, as it is able to infer that most or all of the pointers are statically verifiable to be type safe. The remaining pointers are instrumented with efficient run-time checks to ensure that they are used safely. The resulting performance loss due to run-time checks is 0-150%, which is several times better than comparable approaches that use only dynamic checking. Using CCured we have discovered programming bugs in established C programs such as several SPECINT95 benchmarks.