research-article

CETS: compiler enforced temporal safety for C

Authors:

Santosh Nagarakatte,

Milo M.K. Martin,

Steve ZdancewicAuthors Info & Claims

ISMM '10: Proceedings of the 2010 international symposium on Memory management

Pages 31 - 40

https://doi.org/10.1145/1806651.1806657

Published: 05 June 2010 Publication History

Abstract

Temporal memory safety errors, such as dangling pointer dereferences and double frees, are a prevalent source of software bugs in unmanaged languages such as C. Existing schemes that attempt to retrofit temporal safety for such languages have high runtime overheads and/or are incomplete, thereby limiting their effectiveness as debugging aids. This paper presents CETS, a compile-time transformation for detecting all violations of temporal safety in C programs. Inspired by existing approaches, CETS maintains a unique identifier with each object, associates this metadata with the pointers in a disjoint metadata space to retain memory layout compatibility, and checks that the object is still allocated on pointer dereferences. A formal proof shows that this is sufficient to provide temporal safety even in the presence of arbitrary casts if the program contains no spatial safety violations. Our CETS prototype employs both temporal check removal optimizations and traditional compiler optimizations to achieve a runtime overhead of just 48% on average. When combined with a spatial-checking system, the average overall overhead is 116% for complete memory safety

References

[1]

NIST SAMATE Reference Data Set. http://samate.nist.gov/SRD/.

[2]

SoftBound website. http://www.cis.upenn.edu/acg/softbound/.

[3]

M. Abadi, M. Budiu, Ú. Erlingsson, and J. Ligatti. Control-Flow Integrity. In Proceedings of the 10th ACM Conference on Computer and Communications Security, Nov. 2005.

Digital Library

[4]

P. Akritidis, C. Cadar, C. Raiciu, M. Costa, and M. Castro. Preventing Memory Error Exploits with WIT. In Proceedings of the 2008 IEEE Symposium on Security and Privacy, 2008.

Digital Library

[5]

T. M. Austin, S. E. Breach, and G. S. Sohi. Efficient Detection of All Pointer and Array Access Errors. In Proceedings of the SIGPLAN 1994 Conference on Programming Language Design and Implementation, June 1994.

Digital Library

[6]

E. D. Berger and B. G. Zorn. DieHard: Probabilistic Memory Safety for Unsafe Languages. In Proceedings of the SIGPLAN 2006 Conference on Programming Language Design and Implementation, June 2006.

Digital Library

[7]

R. Bodík, R. Gupta, and V. Sarkar. ABCD: Eliminating Array Bounds Checks on Demand. In Proceedings of the SIGPLAN 2000 Conference on Programming Language Design and Implementation, June 2000.

Digital Library

[8]

H.-J. Boehm. Space Efficient Conservative Garbage Collection. In Proceedings of the SIGPLAN 1993 Conference on Programming Language Design and Implementation, June 1993.

Digital Library

[9]

M. Castro, M. Costa, and T. Harris. Securing Software by Enforcing Data-Flow Integrity. In Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation, Nov. 2006.

Digital Library

[10]

J. Condit, M. Harren, Z. Anderson, D. Gay, and G. C. Necula. Dependent Types for Low-Level Programming. In Proceedings of the 16th European Symposium on Programming, Apr. 2007.

Digital Library

[11]

The Coq Development Team. The Coq Proof Assistant Reference Manual (Version 8.2pl1), 2009.

[12]

J. Devietti, C. Blundell, M. M. K. Martin, and S. Zdancewic. Hardbound: Architectural Support for Spatial Safety of the C Programming Language. In Proceedings of the 12th International Conference on Architectural Support for Programming Languages and Operating Systems, Mar. 2008.

Digital Library

[13]

D. Dhurjati and V. Adve. Backwards-Compatible Array Bounds Checking for C with Very Low Overhead. In Proceedings of the 28th International Conference on Software Engineering (ICSE), 2006.

Digital Library

[14]

D. Dhurjati and V. Adve. Efficiently Detecting All Dangling Pointer Uses in Production Servers. In Proceedings of the International Conference on Dependable Systems and Networks, June 2006.

Digital Library

[15]

D. Dhurjati, S. Kowshik, V. Adve, and C. Lattner. Memory Safety Without Runtime Checks or Garbage Collection. In Proceedings of the 2003 ACM SIGPLAN Conference on Language, Compiler, and Tool for Embedded Systems (LCTES), 2003.

Digital Library

[16]

D. Grossman. Safe Programming at the C Level of Abstraction. PhD thesis, Cornell University, Aug. 2003.

Digital Library

[17]

R. Gupta. A Fresh Look at Optimizing Array Bound Checking. In Proceedings of the SIGPLAN 1990 Conference on Programming Language Design and Implementation, June 1990.

Digital Library

[18]

R. Hastings and B. Joyce. Purify: Fast Detection of Memory Leaks and Access Errors. In Proc. of the Winter Usenix Conference, 1992.

[19]

T. Jim, G. Morrisett, D. Grossman, M. Hicks, J. Cheney, and Y. Wang. Cyclone: A Safe Dialect of C. In Proceedings of the 2002 USENIX Annual Technical Conference, June 2002.

Digital Library

[20]

R. W. M. Jones and P. H. J. Kelly. Backwards-Compatible Bounds Checking for Arrays and Pointers in C Programs. In Third International Workshop on Automated Debugging, Nov. 1997.

[21]

C. Lattner and V. Adve. LLVM: A Compilation Framework for Lifelong Program Analysis & Transformation. In Proceedings of the International Symposium on Code Generation and Optimization, 2004.

Digital Library

[22]

S. Nagarakatte, J. Zhao, M. M. K. Martin, and S. Zdancewic. SoftBound: Highly Compatible and Complete Spatial Memory Safety for C. In Proceedings of the SIGPLAN 2009 Conference on Programming Language Design and Implementation, June 2009.

Digital Library

[23]

G. C. Necula, J. Condit, M. Harren, S. McPeak, and W. Weimer. CCured: Type-Safe Retrofitting of Legacy Software. ACM Transactions on Programming Languages and Systems, 27(3), May 2005.

Digital Library

[24]

N. Nethercote and J. Seward. How to shadow every byte of memory used by a program. In Proceedings of the 4th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments, 2007.

Digital Library

[25]

N. Nethercote and J. Seward. Valgrind: A Framework for Heavyweight Dynamic Binary Instrumentation. In Proceedings of the SIGPLAN 2007 Conference on Programming Language Design and Implementation, June 2007.

Digital Library

[26]

G. Novark, E. D. Berger, and B. G. Zorn. Exterminator: Automatically Correcting Memory Errors with High Probability. In Proceedings of the SIGPLAN 2007 Conference on Programming Language Design and Implementation, June 2007.

Digital Library

[27]

H. Patil and C. N. Fischer. Low-Cost, Concurrent Checking of Pointer and Array Accesses in C Programs. Software - Practice & Experience, 27(1):87--110, 1997.

Digital Library

[28]

G. Venkataramani, B. Roemer, M. Prvulovic, and Y. Solihin. MemTracker: Efficient and Programmable Support for Memory Access Monitoring and Debugging. In Proceedings of the 13th Symposium on High-Performance Computer Architecture, Feb. 2007.

Digital Library

[29]

T. Würthinger, C. Wimmer, and H. Mössenböck. Array Bounds Check Elimination for the Java HotSpot Client Compiler. In Proceedings of the 5th International Symposium on Principles and Practice of Programming in Java, 2007.

Digital Library

[30]

W. Xu, D. C. DuVarney, and R. Sekar. An Efficient and Backwards-Compatible Transformation to Ensure Memory Safety of C Programs. In Proceedings of the 12th ACM SIGSOFT International Symposium on Foundations of Software Engineering (FSE), 2004.

Digital Library

[31]

S. H. Yong and S. Horwitz. Protecting C Programs From Attacks via Invalid Pointer Dereferences. In Proceedings of the 11th ACM SIGSOFT International Symposium on Foundations of Software Engineering (FSE), 2003.

Digital Library

Cited By

LI LZHANG QXU ZZHAO SSHI ZGUAN Y(2024)rOOM: A Rust-Based Linux Out of Memory Kernel ComponentIEICE Transactions on Information and Systems10.1587/transinf.2023MPP0001E107.D:3(245-256)Online publication date: 1-Mar-2024
https://doi.org/10.1587/transinf.2023MPP0001
Becker GEisenbarth TFederrath HFischer MLoose NOtt SPecholt JMarwedel SMeyer DStijohann JTalpur AVallentin M(2024)SOVEREIGN - Towards a Holistic Approach to Critical Infrastructure ProtectionProceedings of the 19th International Conference on Availability, Reliability and Security10.1145/3664476.3671410(1-9)Online publication date: 30-Jul-2024
https://dl.acm.org/doi/10.1145/3664476.3671410
Du YGuo YZhang YYang J(2024)RTT-UAF: Reuse Time Tracking for Use-After-Free DetectionProceedings of the 38th ACM International Conference on Supercomputing10.1145/3650200.3656606(376-387)Online publication date: 30-May-2024
https://dl.acm.org/doi/10.1145/3650200.3656606
Show More Cited By

Index Terms

CETS: compiler enforced temporal safety for C
1. Software and its engineering
  1. Software creation and management
    1. Software verification and validation
      1. Software defect analysis
        Software testing and debugging
  2. Software notations and tools
    1. Compilers

Recommendations

CETS: compiler enforced temporal safety for C
ISMM '10

Temporal memory safety errors, such as dangling pointer dereferences and double frees, are a prevalent source of software bugs in unmanaged languages such as C. Existing schemes that attempt to retrofit temporal safety for such languages have high ...
Compiling c programs into a strongly typed assembly language
ASIAN'07: Proceedings of the 12th Asian computing science conference on Advances in computer science: computer and network security

C is one of the most popular languages in system programming, though its unsafe nature often causes security vulnerabilities. In the face of this situation, many tools are developed to ensure safety properties of C programs. However, most of them work ...
MESH: A Memory-Efficient Safe Heap for C/C++
ARES '21: Proceedings of the 16th International Conference on Availability, Reliability and Security

While memory corruption bugs stemming from the use of unsafe programming languages are an old and well-researched problem, the resulting vulnerabilities still dominate real-world exploitation today. Various mitigations have been proposed to alleviate ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

ISMM '10: Proceedings of the 2010 international symposium on Memory management

June 2010

140 pages

ISBN:9781450300544

DOI:10.1145/1806651

General Chair:
Jan Vitek
Purdue University
,
Program Chair:
Doug Lea
State University of New York at Oswego

ACM SIGPLAN Notices Volume 45, Issue 8
ISMM '10
August 2010
129 pages
ISSN:0362-1340
EISSN:1558-1160
DOI:10.1145/1837855
Issue’s Table of Contents

Copyright © 2010 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGPLAN: ACM Special Interest Group on Programming Languages

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 05 June 2010

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

ISMM '10

Sponsor:

SIGPLAN

ISMM '10: International Symposium on Memory Management

June 5 - 6, 2010

Ontario, Toronto, Canada

Acceptance Rates

Overall Acceptance Rate 72 of 156 submissions, 46%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

244
Total Citations
View Citations
1,085
Total Downloads

Downloads (Last 12 months)125
Downloads (Last 6 weeks)20

Reflects downloads up to 15 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

LI LZHANG QXU ZZHAO SSHI ZGUAN Y(2024)rOOM: A Rust-Based Linux Out of Memory Kernel ComponentIEICE Transactions on Information and Systems10.1587/transinf.2023MPP0001E107.D:3(245-256)Online publication date: 1-Mar-2024
https://doi.org/10.1587/transinf.2023MPP0001
Becker GEisenbarth TFederrath HFischer MLoose NOtt SPecholt JMarwedel SMeyer DStijohann JTalpur AVallentin M(2024)SOVEREIGN - Towards a Holistic Approach to Critical Infrastructure ProtectionProceedings of the 19th International Conference on Availability, Reliability and Security10.1145/3664476.3671410(1-9)Online publication date: 30-Jul-2024
https://dl.acm.org/doi/10.1145/3664476.3671410
Du YGuo YZhang YYang J(2024)RTT-UAF: Reuse Time Tracking for Use-After-Free DetectionProceedings of the 38th ACM International Conference on Supercomputing10.1145/3650200.3656606(376-387)Online publication date: 30-May-2024
https://dl.acm.org/doi/10.1145/3650200.3656606
Orthen BBraunsdorf OZieris PHorsch J(2024)SoftBound+CETS RevisitedProceedings of the 17th European Workshop on Systems Security10.1145/3642974.3652285(22-28)Online publication date: 22-Apr-2024
https://dl.acm.org/doi/10.1145/3642974.3652285
Khan SChatterjee BPande STsafrir DMusuvathi MGupta RAbu-Ghazaleh N(2024)Pythia: Compiler-Guided Defense Against Non-Control Data AttacksProceedings of the 29th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Volume 310.1145/3620666.3651343(850-866)Online publication date: 27-Apr-2024
https://dl.acm.org/doi/10.1145/3620666.3651343
Tu HJiang LHong JDing XJiang H(2024)Concretely Mapped Symbolic Memory Locations for Memory Error DetectionIEEE Transactions on Software Engineering10.1109/TSE.2024.3395412(1-21)Online publication date: 2024
https://doi.org/10.1109/TSE.2024.3395412
Yang YTu JShen WZhu SChang RZhou Y(2024)kCPA: Towards Sensitive Pointer Full Life Cycle Authentication for OS KernelsIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2023.333426821:4(3768-3784)Online publication date: Jul-2024
https://doi.org/10.1109/TDSC.2023.3334268
Nagarakatte S(2024)Full Spatial and Temporal Memory Safety for CIEEE Security and Privacy10.1109/MSEC.2024.336314222:4(30-39)Online publication date: 1-Jul-2024
https://dl.acm.org/doi/10.1109/MSEC.2024.3363142
Schrammel DUnterguggenberger MLamster LSultana SGrewal KLeMay MDurham DMangard S(2024)Memory Tagging using Cryptographic Integrity on Commodity x86 CPUs2024 IEEE 9th European Symposium on Security and Privacy (EuroS&P)10.1109/EuroSP60621.2024.00024(311-326)Online publication date: 8-Jul-2024
https://doi.org/10.1109/EuroSP60621.2024.00024
Stavrakakis DPanfil ANam MBhatotia P(2024)SPP: Safe Persistent Pointers for Memory Safety2024 54th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)10.1109/DSN58291.2024.00019(37-52)Online publication date: 24-Jun-2024
https://doi.org/10.1109/DSN58291.2024.00019
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents