research-article

Sulong, and Thanks for All the Bugs: Finding Errors in C Programs by Abstracting from the Native Execution Model

Authors:

Hanspeter MössenböckAuthors Info & Claims

ASPLOS '18: Proceedings of the Twenty-Third International Conference on Architectural Support for Programming Languages and Operating Systems

Pages 377 - 391

https://doi.org/10.1145/3173162.3173174

Published: 19 March 2018 Publication History

Get Access

Abstract

In C, memory errors, such as buffer overflows, are among the most dangerous software errors; as we show, they are still on the rise. Current dynamic bug-finding tools that try to detect such errors are based on the low-level execution model of the underlying machine. They insert additional checks in an ad-hoc fashion, which makes them prone to omitting checks for corner cases. To address this, we devised a novel approach to finding bugs during the execution of a program. At the core of this approach is an interpreter written in a high-level language that performs automatic checks (such as bounds, NULL, and type checks). By mapping data structures in C to those of the high-level language, accesses are automatically checked and bugs discovered. We have implemented this approach and show that our tool (called Safe Sulong) can find bugs that state-of-the-art tools overlook, such as out-of-bounds accesses to the main function arguments.

References

[1]

Matthew Arnold, Stephen Fink, David Grove, Michael Hind, and Peter F. Sweeney . 2000. Adaptive Optimization in the Jalape nO JVM. In Proceedings of the 15th ACM SIGPLAN Conference on Object-oriented Programming, Systems, Languages, and Applications (OOPSLA '00). ACM, New York, NY, USA, 47--65.

Digital Library

Google Scholar

[2]

Edd Barrett, Carl Friedrich Bolz-Tereick, Rebecca Killick, Sarah Mount, and Laurence Tratt . 2017. Virtual Machine Warmup Blows Hot and Cold. Proc. ACM Program. Lang. Vol. 1, OOPSLA, Article bibinfoarticleno52 (Oct. . 2017), 27 pages.

Digital Library

Google Scholar

[3]

Yves Younan, Wouter Joosen, and Frank Piessens. 2012. Runtime Countermeasures for Code Injection Attacks Against C and C

Google Scholar

[4]

Programs. ACM Comput. Surv. Vol. 44, 3, Article 17 (June. 2012), 28 pages. 0360-0300

Google Scholar

Cited By

View all

Kreindl JBonetta DStadler LLeopoldseder DMössenböck HKuchen HSinger J(2021)Low-overhead multi-language dynamic taint analysis on managed runtimes through speculative optimizationProceedings of the 18th ACM SIGPLAN International Conference on Managed Programming Languages and Runtimes10.1145/3475738.3480939(70-87)Online publication date: 29-Sep-2021
https://dl.acm.org/doi/10.1145/3475738.3480939
Altinay ANash JKroes TRajasekaran PZhou DDabrowski AGens DNa YVolckaert SGiuffrida CBos HFranz MBilas AMagoutis KMarkatos EKostic DSeltzer M(2020)BinRecProceedings of the Fifteenth European Conference on Computer Systems10.1145/3342195.3387550(1-16)Online publication date: 15-Apr-2020
https://dl.acm.org/doi/10.1145/3342195.3387550
Gaikwad SNisbet ALuján MHosking AFinocchi I(2019)Hosting OpenMP programs on Java virtual machinesProceedings of the 16th ACM SIGPLAN International Conference on Managed Programming Languages and Runtimes10.1145/3357390.3361031(63-71)Online publication date: 21-Oct-2019
https://dl.acm.org/doi/10.1145/3357390.3361031
Show More Cited By

Index Terms

Sulong, and Thanks for All the Bugs: Finding Errors in C Programs by Abstracting from the Native Execution Model
1. Security and privacy
  1. Systems security
    1. Operating systems security
      1. Virtualization and security
2. Software and its engineering

Recommendations

Debugging native extensions of dynamic languages
ManLang '18: Proceedings of the 15th International Conference on Managed Languages & Runtimes

Many dynamic programming languages such as Ruby and Python enable developers to use so called native extensions, code implemented in typically statically compiled languages like C and C++. However, debuggers for these dynamic languages usually lack ...
Sulong, and Thanks for All the Bugs: Finding Errors in C Programs by Abstracting from the Native Execution Model
ASPLOS '18

In C, memory errors, such as buffer overflows, are among the most dangerous software errors; as we show, they are still on the rise. Current dynamic bug-finding tools that try to detect such errors are based on the low-level execution model of the ...
Sulong, and thanks for all the fish
Programming '18: Companion Proceedings of the 2nd International Conference on the Art, Science, and Engineering of Programming

Dynamic languages rely on native extensions written in languages such as C/C++ or Fortran. To efficiently support the execution of native extensions in the multi-lingual GraalVM, we have implemented Sulong, which executes LLVM IR to support all ...

Comments

Information & Contributors

Information

Published In

ASPLOS '18: Proceedings of the Twenty-Third International Conference on Architectural Support for Programming Languages and Operating Systems

March 2018

827 pages

ISBN:9781450349116

DOI:10.1145/3173162

General Chairs:
Xipeng Shen
North Carolina State University, USA
,
James Tuck
North Carolina State University, USA
,
Program Chairs:
Ricardo Bianchini
Microsoft Research, USA
,
Vivek Sarkar
Georgia Institute of Technology, USA

ACM SIGPLAN Notices Volume 53, Issue 2
ASPLOS '18
February 2018
809 pages
ISSN:0362-1340
EISSN:1558-1160
DOI:10.1145/3296957
Editor:
Matthew Fluet
Rodchester Institude of Technology
Issue’s Table of Contents

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

In-Cooperation

SIGBED: ACM Special Interest Group on Embedded Systems

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 19 March 2018

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

ASPLOS '18

Sponsor:

ASPLOS '18: Architectural Support for Programming Languages and Operating Systems

March 24 - 28, 2018

VA, Williamsburg, USA

Acceptance Rates

ASPLOS '18 Paper Acceptance Rate 56 of 319 submissions, 18%;

Overall Acceptance Rate 535 of 2,713 submissions, 20%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

12
Total Citations
View Citations
580
Total Downloads

Downloads (Last 12 months)37
Downloads (Last 6 weeks)1

Reflects downloads up to 10 Aug 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Kreindl JBonetta DStadler LLeopoldseder DMössenböck HKuchen HSinger J(2021)Low-overhead multi-language dynamic taint analysis on managed runtimes through speculative optimizationProceedings of the 18th ACM SIGPLAN International Conference on Managed Programming Languages and Runtimes10.1145/3475738.3480939(70-87)Online publication date: 29-Sep-2021
https://dl.acm.org/doi/10.1145/3475738.3480939
Altinay ANash JKroes TRajasekaran PZhou DDabrowski AGens DNa YVolckaert SGiuffrida CBos HFranz MBilas AMagoutis KMarkatos EKostic DSeltzer M(2020)BinRecProceedings of the Fifteenth European Conference on Computer Systems10.1145/3342195.3387550(1-16)Online publication date: 15-Apr-2020
https://dl.acm.org/doi/10.1145/3342195.3387550
Gaikwad SNisbet ALuján MHosking AFinocchi I(2019)Hosting OpenMP programs on Java virtual machinesProceedings of the 16th ACM SIGPLAN International Conference on Managed Programming Languages and Runtimes10.1145/3357390.3361031(63-71)Online publication date: 21-Oct-2019
https://dl.acm.org/doi/10.1145/3357390.3361031
Mosaner RLeopoldseder DRigger MSchatz RMössenböck HHosking AFinocchi I(2019)Supporting on-stack replacement in unstructured languages by loop reconstruction and extractionProceedings of the 16th ACM SIGPLAN International Conference on Managed Programming Languages and Runtimes10.1145/3357390.3361030(1-13)Online publication date: 21-Oct-2019
https://dl.acm.org/doi/10.1145/3357390.3361030
Rigger MMarr SAdams BMössenböck HDumas MPfahl DApel SRusso A(2019)Understanding GCC builtins to develop better toolsProceedings of the 2019 27th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering10.1145/3338906.3338907(74-85)Online publication date: 12-Aug-2019
https://dl.acm.org/doi/10.1145/3338906.3338907
Rigger MMarr SKell SLeopoldseder DMössenböck H(2018)An Analysis of x86-64 Inline Assembly in C ProgramsACM SIGPLAN Notices10.1145/3296975.318641853:3(84-99)Online publication date: 25-Mar-2018
https://dl.acm.org/doi/10.1145/3296975.3186418
Kreindl JRigger MMössenböck HTilevich EMössenböck H(2018)Debugging native extensions of dynamic languagesProceedings of the 15th International Conference on Managed Languages & Runtimes10.1145/3237009.3237017(1-7)Online publication date: 12-Sep-2018
https://dl.acm.org/doi/10.1145/3237009.3237017
Rigger MMarr SSartor J(2018)Sandboxed execution of C and other unsafe languages on the Java virtual machineCompanion Proceedings of the 2nd International Conference on the Art, Science, and Engineering of Programming10.1145/3191697.3213795(227-229)Online publication date: 9-Apr-2018
https://dl.acm.org/doi/10.1145/3191697.3213795
Rigger MSchatz RKreindl JHäubl CMössenböck HMarr SSartor J(2018)Sulong, and thanks for all the fishCompanion Proceedings of the 2nd International Conference on the Art, Science, and Engineering of Programming10.1145/3191697.3191726(58-60)Online publication date: 9-Apr-2018
https://dl.acm.org/doi/10.1145/3191697.3191726
Rigger MMarr SKell SLeopoldseder DMössenböck H(2018)An Analysis of x86-64 Inline Assembly in C ProgramsProceedings of the 14th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments10.1145/3186411.3186418(84-99)Online publication date: 25-Mar-2018
https://dl.acm.org/doi/10.1145/3186411.3186418
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

Debugging native extensions of dynamic languages

Sulong, and Thanks for All the Bugs: Finding Errors in C Programs by Abstracting from the Native Execution Model

Sulong, and thanks for all the fish