CLU reference manual
Garbage collection in an uncooperative environment
Software—Practice & Experience
POPL '90 Proceedings of the 17th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Dynamic typing in a statically typed language
ACM Transactions on Programming Languages and Systems (TOPLAS)
PLDI '91 Proceedings of the ACM SIGPLAN 1991 conference on Programming language design and implementation
Adding run-time checking to the portable C compiler
Software—Practice & Experience
Global tagging optimization by type inference
LFP '92 Proceedings of the 1992 ACM conference on LISP and functional programming
A practical approach to type inference for EuLisp
Lisp and Symbolic Computation
POPL '94 Proceedings of the 21st ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Efficient detection of all pointer and array access errors
PLDI '94 Proceedings of the ACM SIGPLAN 1994 conference on Programming language design and implementation
Compiling polymorphism using intensional type analysis
POPL '95 Proceedings of the 22nd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Static detection of dynamic memory errors
PLDI '96 Proceedings of the ACM SIGPLAN 1996 conference on Programming language design and implementation
Points-to analysis in almost linear time
POPL '96 Proceedings of the 23rd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Olden: parallelizing programs with dynamic data structures on distributed-memory machines
Olden: parallelizing programs with dynamic data structures on distributed-memory machines
A practical soft type system for scheme
ACM Transactions on Programming Languages and Systems (TOPLAS)
Low-cost, concurrent checking of pointer and array accesses in C programs
Software—Practice & Experience
Objective ML: a simple object-oriented extension of ML
Proceedings of the 24th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Dynamic typing as staged type inference
POPL '98 Proceedings of the 25th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Intensional polymorphism in type-erasure semantics
ICFP '98 Proceedings of the third ACM SIGPLAN international conference on Functional programming
Aggregate structure identification and its application to program analysis
Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
A sound polymorphic type system for a dialect of C
Science of Computer Programming - Special issue on the 6th European symposium on programming
Dynamic typing for distributed programming in polymorphic languages
ACM Transactions on Programming Languages and Systems (TOPLAS)
Proceedings of the 1999 ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering
ESEC/FSE-7 Proceedings of the 7th European software engineering conference held jointly with the 7th ACM SIGSOFT international symposium on Foundations of software engineering
Unification-based pointer analysis with directional assignments
PLDI '00 Proceedings of the ACM SIGPLAN 2000 conference on Programming language design and implementation
CCured: type-safe retrofitting of legacy code
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Debugging via Run-Time Type Checking
FASE '01 Proceedings of the 4th International Conference on Fundamental Approaches to Software Engineering
ATEC '02 Proceedings of the General Track of the annual conference on USENIX Annual Technical Conference
Effective Flow Analysis for Avoiding Run-Time Checks
SAS '95 Proceedings of the Second International Symposium on Static Analysis
CIL: Intermediate Language and Tools for Analysis and Transformation of C Programs
CC '02 Proceedings of the 11th International Conference on Compiler Construction
PLDI '03 Proceedings of the ACM SIGPLAN 2003 conference on Programming language design and implementation
SAFECode: enforcing alias analysis for weakly typed languages
Proceedings of the 2006 ACM SIGPLAN conference on Programming language design and implementation
Backwards-compatible array bounds checking for C with very low overhead
Proceedings of the 28th international conference on Software engineering
System Call Monitoring Using Authenticated System Calls
IEEE Transactions on Dependable and Secure Computing
Architectural support for safe software execution on embedded processors
CODES+ISSS '06 Proceedings of the 4th international conference on Hardware/software codesign and system synthesis
Limiting trust in the storage stack
Proceedings of the second ACM workshop on Storage security and survivability
Dynamic heap type inference for program understanding and debugging
Proceedings of the 34th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Types, bytes, and separation logic
Proceedings of the 34th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Modular information hiding and type-safe linking for C
TLDI '07 Proceedings of the 2007 ACM SIGPLAN international workshop on Types in languages design and implementation
Efficient type and memory safety for tiny embedded systems
Proceedings of the 3rd workshop on Programming languages and operating systems: linguistic support for modern operating systems
ASIACCS '07 Proceedings of the 2nd ACM symposium on Information, computer and communications security
Predictive testing: amplifying the effectiveness of software testing
Proceedings of the the 6th joint meeting of the European software engineering conference and the ACM SIGSOFT symposium on The foundations of software engineering
Secure virtual architecture: a safe execution environment for commodity operating systems
Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
Predictive testing: amplifying the effectiveness of software testing
The 6th Joint Meeting on European software engineering conference and the ACM SIGSOFT symposium on the foundations of software engineering: companion papers
Proceedings of the 6th international symposium on Memory management
SafeDrive: safe and recoverable extensions using language-based techniques
OSDI '06 Proceedings of the 7th symposium on Operating systems design and implementation
Securing software by enforcing data-flow integrity
OSDI '06 Proceedings of the 7th symposium on Operating systems design and implementation
Memsherlock: an automated debugger for unknown memory corruption vulnerabilities
Proceedings of the 14th ACM conference on Computer and communications security
Context-aware statistical debugging: from bug predictors to faulty control flow paths
Proceedings of the twenty-second IEEE/ACM international conference on Automated software engineering
Effective memory protection using dynamic tainting
Proceedings of the twenty-second IEEE/ACM international conference on Automated software engineering
Efficient memory safety for TinyOS
Proceedings of the 5th international conference on Embedded networked sensor systems
A theory of platform-dependent low-level software
Proceedings of the 35th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Hardbound: architectural support for spatial safety of the C programming language
Proceedings of the 13th international conference on Architectural support for programming languages and operating systems
Samurai: protecting critical data in unsafe languages
Proceedings of the 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems 2008
Beyond bug-finding: sound program analysis for Linux
HOTOS'07 Proceedings of the 11th USENIX workshop on Hot topics in operating systems
EIO: error handling is occasionally correct
FAST'08 Proceedings of the 6th USENIX Conference on File and Storage Technologies
SharC: checking data sharing strategies for multithreaded c
Proceedings of the 2008 ACM SIGPLAN conference on Programming language design and implementation
Concurrency, Graphs and Models
Unifying type checking and property checking for low-level code
Proceedings of the 36th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Security benchmarking using partial verification
HOTSEC'08 Proceedings of the 3rd conference on Hot topics in security
Recovery domains: an organizing principle for recoverable operating systems
Proceedings of the 14th international conference on Architectural support for programming languages and operating systems
Interprocedural and Flow-Sensitive Type Analysis for Memory and Type Safety of C Code
Journal of Automated Reasoning
SoftBound: highly compatible and complete spatial memory safety for c
Proceedings of the 2009 ACM SIGPLAN conference on Programming language design and implementation
Writing an OS Kernel in a Strictly and Statically Typed Language
Formal to Practical Security
Robustly secure computer systems: a new security paradigm of system discontinuity
NSPW '07 Proceedings of the 2007 Workshop on New Security Paradigms
Finding bugs in exceptional situations of JNI programs
Proceedings of the 16th ACM conference on Computer and communications security
Operating system development with ATS: work in progress
Proceedings of the 4th ACM SIGPLAN workshop on Programming languages meets program verification
Race-free and memory-safe multithreading: design and implementation in cyclone
Proceedings of the 5th ACM SIGPLAN workshop on Types in language design and implementation
Serializing C intermediate representations for efficient and portable parsing
Software—Practice & Experience
Defeating return-oriented rootkits with "Return-Less" kernels
Proceedings of the 5th European conference on Computer systems
Multi-language synchronization
ESOP'07 Proceedings of the 16th European conference on Programming
Dependent types for low-level programming
ESOP'07 Proceedings of the 16th European conference on Programming
State of the union: type inference via Craig interpolation
TACAS'07 Proceedings of the 13th international conference on Tools and algorithms for the construction and analysis of systems
Compiling c programs into a strongly typed assembly language
ASIAN'07 Proceedings of the 12th Asian computing science conference on Advances in computer science: computer and network security
Automatic transformation of bit-level C code to support multiple equivalent data layouts
CC'08/ETAPS'08 Proceedings of the Joint European Conferences on Theory and Practice of Software 17th international conference on Compiler construction
CETS: compiler enforced temporal safety for C
Proceedings of the 2010 international symposium on Memory management
MemMON: run-time off-chip detection for memory access violation in embedded systems
Proceedings of the 2010 Symposium on Information and Communication Technology
Leveraging legacy code to deploy desktop applications on the web
OSDI'08 Proceedings of the 8th USENIX conference on Operating systems design and implementation
Memory safety for low-level software/hardware interactions
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
PoliMakE: a policy making engine for secure embedded software execution on chip-multiprocessors
WESS '10 Proceedings of the 5th Workshop on Embedded Systems Security
Fast and practical instruction-set randomization for commodity systems
Proceedings of the 26th Annual Computer Security Applications Conference
Proceedings of the sixth conference on Computer systems
How do programs become more concurrent: a story of program transformations
Proceedings of the 4th International Workshop on Multicore Software Engineering
Cruiser: concurrent heap buffer overflow monitoring using lock-free data structures
Proceedings of the 32nd ACM SIGPLAN conference on Programming language design and implementation
Evolving patches for software repair
Proceedings of the 13th annual conference on Genetic and evolutionary computation
Static analysis of string manipulations in critical embedded c programs
SAS'06 Proceedings of the 13th international conference on Static Analysis
A unified memory model for pointers
LPAR'05 Proceedings of the 12th international conference on Logic for Programming, Artificial Intelligence, and Reasoning
Defining code-injection attacks
POPL '12 Proceedings of the 39th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
An overview of ciao and its design philosophy
Theory and Practice of Logic Programming - Prolog Systems
Using dependent types to certify the safety of assembly code
SAS'05 Proceedings of the 12th international conference on Static Analysis
The potential of sampling for dynamic analysis
Proceedings of the ACM SIGPLAN 6th Workshop on Programming Languages and Analysis for Security
Automating security mediation placement
ESOP'10 Proceedings of the 19th European conference on Programming Languages and Systems
Efficient and effective buffer overflow protection on ARM processors
WISTP'10 Proceedings of the 4th IFIP WG 11.2 international conference on Information Security Theory and Practices: security and Privacy of Pervasive Systems and Smart Devices
Proceedings of the Tenth International Symposium on Code Generation and Optimization
Watchdog: hardware for safe and secure manual memory management and full memory safety
Proceedings of the 39th Annual International Symposium on Computer Architecture
Recent developments in low-level software security
WISTP'12 Proceedings of the 6th IFIP WG 11.2 international conference on Information Security Theory and Practice: security, privacy and trust in computing systems and ambient intelligent ecosystems
Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering
Memory errors: the past, the present, and the future
RAID'12 Proceedings of the 15th international conference on Research in Attacks, Intrusions, and Defenses
MemSafe: ensuring the spatial and temporal memory safety of C at runtime
Software—Practice & Experience
Marple: Detecting faults in path segments using automatically generated analyses
ACM Transactions on Software Engineering and Methodology (TOSEM) - In memoriam, fault detection and localization, formal methods, modeling and design
JNICodejail: native code isolation for Java programs
Proceedings of the 2013 International Conference on Principles and Practices of Programming on the Java Platform: Virtual Machines, Languages, and Tools
Ironclad C++: a library-augmented type-safe subset of c++
Proceedings of the 2013 ACM SIGPLAN international conference on Object oriented programming systems languages & applications
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
WatchdogLite: Hardware-Accelerated Compiler-Based Pointer Checking
Proceedings of Annual IEEE/ACM International Symposium on Code Generation and Optimization
Accelerating Dynamic Detection of Uses of Undefined Values with Static Value-Flow Analysis
Proceedings of Annual IEEE/ACM International Symposium on Code Generation and Optimization
Static safety guarantees for a low-level multithreaded language with regions
Science of Computer Programming
Hi-index | 0.00 |
This article describes CCured, a program transformation system that adds type safety guarantees to existing C programs. CCured attempts to verify statically that memory errors cannot occur, and it inserts run-time checks where static verification is insufficient.CCured extends C's type system by separating pointer types according to their usage, and it uses a surprisingly simple type inference algorithm that is able to infer the appropriate pointer kinds for existing C programs. CCured uses physical subtyping to recognize and verify a large number of type casts at compile time. Additional type casts are verified using run-time type information. CCured uses two instrumentation schemes, one that is optimized for performance and one in which metadata is stored in a separate data structure whose shape mirrors that of the original user data. This latter scheme allows instrumented programs to invoke external functions directly on the program's data without the use of a wrapper function.We have used CCured on real-world security-critical network daemons to produce instrumented versions without memory-safety vulnerabilities, and we have found several bugs in these programs. The instrumented code is efficient enough to be used in day-to-day operations.