research-article

Runtime detection of memory errors with smart status

Authors:

Jingling XueAuthors Info & Claims

ISSTA 2021: Proceedings of the 30th ACM SIGSOFT International Symposium on Software Testing and Analysis

Pages 296 - 308

https://doi.org/10.1145/3460319.3464807

Published: 11 July 2021 Publication History

Abstract

C is a dominant language for implementing system software. Unfortunately, its support for low-level control of memory often leads to memory errors. Dynamic analysis tools, which have been widely used for detecting memory errors at runtime, are not yet satisfactory as they cannot deterministically and completely detect some types of memory errors, e.g., segment confusion errors, sub-object overflows, use-after-frees, and memory leaks.

We propose Smatus, short for smart status, a new dynamic analysis approach that supports comprehensive runtime detection of memory errors. The key innovation is to create and maintain a small status node for each memory object. Our approach tracks not only the bounds of each pointer’s referent but also the status and reference count of the referent in its status node, where the status represents the liveness and segment type of the referent. A status node is smart as it is automatically destroyed when it becomes useless. To the best of our knowledge, Smatus represents the most comprehensive approach of its kind. In terms of effectiveness (for detecting more kinds of errors), Smatus outperforms state-of-the-art tools, Google’s AddressSanitizer, SoftBoundCETS and Valgrind. In terms of performance, Smatus outperforms SoftBoundCETS and Valgrind in terms of both time and memory overheads incurred, and is on par with AddressSanitizer in terms of the time and memory overheads tradeoff (with much lower memory overhead incurred).

References

[1]

Periklis Akritidis, Manuel Costa, Miguel Castro, and Steven Hand. 2009. Baggy Bounds Checking: An Efficient and Backwards-Compatible Defense against Out-of-Bounds Errors. In Proceedings of the 18th USENIX Security Symposium. USENIX Association, 51–66.

[2]

Derek Bruening and Qin Zhao. 2011. Practical memory checking with Dr. Memory. In Proceedings of the 9th International Symposium on Code Generation and Optimization, CGO 2011. IEEE Computer Society, 213–223.

[3]

Nathan Burow, Derrick McKee, Scott A. Carr, and Mathias Payer. 2018. CUP: Comprehensive User-Space Protection for C/C++. In Proceedings of the 2018 on Asia Conference on Computer and Communications Security, AsiaCCS 2018. ACM, 381–392.

Digital Library

[4]

Zhe Chen. 2021. Movec-MSBench: A Memory Safety Benchmark Suite, Version 2.0.0. https://github.com/drzchen/movec-msbench

[5]

Zhe Chen, Yi Gu, Zhiqiu Huang, Jun Zheng, Chang Liu, and Ziyi Liu. 2015. Model Checking Aircraft Controller Software: A Case Study. Software-Practice & Experience, 45, 7 (2015), 989–1017.

Digital Library

[6]

Zhe Chen, Chuanqi Tao, Zhiyi Zhang, and Zhibin Yang. 2018. Beyond spatial and temporal memory safety. In Proceedings of the 40th International Conference on Software Engineering (ICSE 2018), Companion Volume. ACM, 189–190.

Digital Library

[7]

Zhe Chen, Zhemin Wang, Yunlong Zhu, Hongwei Xi, and Zhibin Yang. 2016. Parametric Runtime Verification of C Programs. In Proceedings of the 22nd International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS 2016) (Lecture Notes in Computer Science, Vol. 9636). Springer, 299–315.

Digital Library

[8]

Zhe Chen, Junqi Yan, Shuanglong Kan, Ju Qian, and Jingling Xue. 2019. Detecting Memory Errors at Runtime with Source-Level Instrumentation. In Proceedings of the 28th ACM SIGSOFT International Symposium on Software Testing and Analysis, ISSTA 2019, Beijing, China, July 15-19, 2019. ACM, 341–351.

Digital Library

[9]

Zhe Chen, Junqi Yan, Wenming Li, Ju Qian, and Zhiqiu Huang. 2018. Runtime verification of memory safety via source transformation. In Proceedings of the 40th International Conference on Software Engineering (ICSE 2018), Companion Volume. ACM, 264–265.

Digital Library

[10]

The MITRE Corporation. 2009-05-08. CWE-762: Mismatched Memory Management Routines. https://cwe.mitre.org/data/definitions/762.html

[11]

The MITRE Corporation. 2020-02-24. CWE-590: Free of Memory not on the Heap. https://cwe.mitre.org/data/definitions/590.html

[12]

Christian DeLozier, Richard A. Eisenberg, Santosh Nagarakatte, Peter-Michael Osera, Milo M. K. Martin, and Steve Zdancewic. 2013. Ironclad C++: a library-augmented type-safe subset of c++. In Proceedings of the 2013 ACM SIGPLAN International Conference on Object Oriented Programming Systems Languages & Applications, OOPSLA 2013. ACM, 287–304.

Digital Library

[13]

Dinakar Dhurjati and Vikram S. Adve. 2006. Backwards-compatible array bounds checking for C with very low overhead. In Proceedings of the 28th International Conference on Software Engineering (ICSE 2006). ACM, 162–171.

Digital Library

[14]

Thomas Dillig, Isil Dillig, and Swarat Chaudhuri. 2014. Optimal Guard Synthesis for Memory Safety. In Proceedings of the 26th International Conference on Computer Aided Verification, CAV 2014, Armin Biere and Roderick Bloem (Eds.) (Lecture Notes in Computer Science, Vol. 8559). Springer, 491–507.

Digital Library

[15]

Gregory J. Duck and Roland H. C. Yap. 2016. Heap bounds protection with low fat pointers. In Proceedings of the 25th International Conference on Compiler Construction, CC 2016. ACM, 132–142.

[16]

I. A. Dudina and A. A. Belevantsev. 2017. Using static symbolic execution to detect buffer overflows. Programming and Computer Software, 43, 5 (2017), 277–288.

Digital Library

[17]

A. S. Elliott, A. Ruef, M. Hicks, and D. Tarditi. 2018. Checked C: Making C Safe by Extension. In Proceedings of the 2018 IEEE Cybersecurity Development Conference, SecDev’18. IEEE, 53–60.

[18]

Matthew R. Guthaus, Jeffrey S. Ringenberg, Dan Ernst, Todd M. Austin, Trevor Mudge, and Richard B. Brown. 2001. MiBench: A free, commercially representative embedded benchmark suite. In Proceedings of the IEEE 4th Annual Workshop on Workload Characterization. IEEE, 3–14.

Digital Library

[19]

Niranjan Hasabnis, Ashish Misra, and R. Sekar. 2012. Light-weight bounds checking. In 10th Annual IEEE/ACM International Symposium on Code Generation and Optimization, CGO 2012. ACM, 135–144.

[20]

Reed Hastings and Bob Joyce. 1992. Purify: Fast detection of memory leaks and access errors. In In Proceedings of the Winter 1992 USENIX Conference. 125–138.

[21]

Trevor Jim, J. Gregory Morrisett, Dan Grossman, Michael W. Hicks, James Cheney, and Yanling Wang. 2002. Cyclone: A Safe Dialect of C. In Proceedings of the 2002 USENIX Annual Technical Conference. USENIX, 275–288.

[22]

Richard W. M. Jones and Paul H. J. Kelly. 1997. Backwards-Compatible Bounds Checking for Arrays and Pointers in C Programs. In Proceedings of the 3rd International Workshop on Automated Debugging, AADEBUG 1997. 13–26.

[23]

Taddeus Kroes, Koen Koning, Erik van der Kouwe, Herbert Bos, and Cristiano Giuffrida. 2018. Delta pointers: buffer overflow checks without the checks. In Proceedings of the 13th EuroSys Conference, EuroSys 2018. ACM, 22:1–22:14.

[24]

Tongping Liu, Charlie Curtsinger, and Emery D. Berger. 2016. DoubleTake: fast and precise error detection via evidence-based dynamic analysis. In Proceedings of the 38th International Conference on Software Engineering, ICSE 2016, Laura K. Dillon, Willem Visser, and Laurie Williams (Eds.). ACM, 911–922.

[25]

Alexey Loginov, Suan Hsi Yong, Susan Horwitz, and Thomas W. Reps. 2001. Debugging via Run-Time Type Checking. In Proceedings of the 4th International Conference on Fundamental Approaches to Software Engineering, FASE 2001 (Lecture Notes in Computer Science, Vol. 2029). Springer, 217–232.

[26]

Santosh Nagarakatte, Milo M. K. Martin, and Steve Zdancewic. 2015. Everything You Want to Know About Pointer-Based Checking. In 1st Summit on Advances in Programming Languages, SNAPL 2015 (LIPIcs, Vol. 32). Schloss Dagstuhl - Leibniz-Zentrum fuer Informatik, 190–208.

[27]

Santosh Nagarakatte, Jianzhou Zhao, Milo M. K. Martin, and Steve Zdancewic. 2009. SoftBound: highly compatible and complete spatial memory safety for C. In Proceedings of the 2009 ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2009. ACM, 245–258.

Digital Library

[28]

Santosh Nagarakatte, Jianzhou Zhao, Milo M. K. Martin, and Steve Zdancewic. 2010. CETS: compiler enforced temporal safety for C. In Proceedings of the 9th International Symposium on Memory Management, ISMM 2010. ACM, 31–40.

Digital Library

[29]

George C. Necula, Jeremy Condit, Matthew Harren, Scott McPeak, and Westley Weimer. 2005. CCured: type-safe retrofitting of legacy software. ACM Trans. Program. Lang. Syst., 27, 3 (2005), 477–526.

Digital Library

[30]

George C. Necula, Scott McPeak, and Westley Weimer. 2002. CCured: type-safe retrofitting of legacy code. In Proceedings of the 29th SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL 2002), John Launchbury and John C. Mitchell (Eds.). ACM, 128–139.

Digital Library

[31]

Nicholas Nethercote and Julian Seward. 2007. How to shadow every byte of memory used by a program. In Proceedings of the 3rd International Conference on Virtual Execution Environments, VEE 2007. ACM, 65–74.

Digital Library

[32]

Nicholas Nethercote and Julian Seward. 2007. Valgrind: a framework for heavyweight dynamic binary instrumentation. In Proceedings of the ACM SIGPLAN 2007 Conference on Programming Language Design and Implementation, PLDI 2007. ACM, 89–100.

Digital Library

[33]

Yutaka Oiwa. 2009. Implementation of the memory-safe full ANSI-C compiler. In Proceedings of the 2009 ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2009. ACM, 259–269.

Digital Library

[34]

Harish Patil and Charles N. Fischer. 1997. Low-Cost, Concurrent Checking of Pointer and Array Accesses in C Programs. Software - Practice and Experience, 27, 1 (1997), 87–110.

Digital Library

[35]

Andrew Ruef, Leonidas Lampropoulos, Ian Sweet, David Tarditi, and Michael Hicks. 2019. Achieving Safety Incrementally with Checked C. In Proceedings of the 8th International Conference on Principles of Security and Trust, POST 2019, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2019 (Lecture Notes in Computer Science, Vol. 11426). Springer, 76–98.

[36]

Olatunji Ruwase and Monica S. Lam. 2004. A Practical Dynamic Buffer Overflow Detector. In Proceedings of the Network and Distributed System Security Symposium, NDSS 2004. The Internet Society, 159–169.

[37]

Kostya Serebryany. 2019. ARM Memory Tagging Extension and How It Improves C/C++ Memory Safety. The Usenix Magazine, 44, 2 (2019), 12–16.

[38]

Konstantin Serebryany, Derek Bruening, Alexander Potapenko, and Dmitriy Vyukov. 2012. AddressSanitizer: A Fast Address Sanity Checker. In 2012 USENIX Annual Technical Conference, Boston, MA, USA. USENIX Association, 309–318.

Digital Library

[39]

Julian Seward and Nicholas Nethercote. 2005. Using Valgrind to Detect Undefined Value Errors with Bit-Precision. In Proceedings of the 2005 USENIX Annual Technical Conference. USENIX, 17–30.

Digital Library

[40]

Matthew S. Simpson and Rajeev Barua. 2010. MemSafe: Ensuring the Spatial and Temporal Memory Safety of C at Runtime. In 10th IEEE International Working Conference on Source Code Analysis and Manipulation, SCAM 2010. IEEE Computer Society, 199–208.

[41]

Matthew S. Simpson and Rajeev Barua. 2013. MemSafe: ensuring the spatial and temporal memory safety of C at runtime. Software - Practice and Experience, 43, 1 (2013), 93–128.

Digital Library

[42]

Yulei Sui, Ding Ye, and Jingling Xue. 2012. Static memory leak detection using full-sparse value-flow analysis. In International Symposium on Software Testing and Analysis, ISSTA 2012. ACM, 254–264.

Digital Library

[43]

Yulei Sui, Ding Ye, and Jingling Xue. 2014. Detecting Memory Leaks Statically with Full-Sparse Value-Flow Analysis. IEEE Trans. Software Eng., 40, 2 (2014), 107–122.

Digital Library

[44]

Laszlo Szekeres, Mathias Payer, Tao Wei, and Dawn Song. 2013. SoK: Eternal War in Memory. In 2013 IEEE Symposium on Security and Privacy, SP 2013. IEEE Computer Society, 48–62.

[45]

Kostyantyn Vorobyov, Nikolai Kosmatov, Julien Signoles, and Arvid Jakobsson. 2017. Runtime Detection of Temporal Memory Errors. In Proceedings of the 17th International Conference on Runtime Verification, RV 2017 (Lecture Notes in Computer Science, Vol. 10548). Springer, 294–311.

[46]

Kostyantyn Vorobyov, Julien Signoles, and Nikolai Kosmatov. 2017. Shadow state encoding for efficient monitoring of block-level properties. In Proceedings of the 2017 ACM SIGPLAN International Symposium on Memory Management, ISMM 2017. ACM, 47–58.

Digital Library

[47]

Wei Xu, Daniel C. DuVarney, and R. Sekar. 2004. An efficient and backwards-compatible transformation to ensure memory safety of C programs. In Proceedings of the 12th ACM SIGSOFT International Symposium on Foundations of Software Engineering (FSE 2004). ACM, 117–126.

[48]

Ding Ye, Yu Su, Yulei Sui, and Jingling Xue. 2014. WPBOUND: Enforcing Spatial Memory Safety Efficiently at Runtime with Weakest Preconditions. In 25th IEEE International Symposium on Software Reliability Engineering, ISSRE 2014. IEEE Computer Society, 88–99.

Digital Library

[49]

Suan Hsi Yong and Susan Horwitz. 2003. Protecting C programs from attacks via invalid pointer dereferences. In Proceedings of the 11th ACM SIGSOFT Symposium on Foundations of Software Engineering and the 9th European Software Engineering Conference, ESEC/FSE 2003, Jukka Paakki and Paola Inverardi (Eds.). ACM, 307–316.

Digital Library

[50]

Qiang Zeng, Dinghao Wu, and Peng Liu. 2011. Cruiser: concurrent heap buffer overflow monitoring using lock-free data structures. In Proceedings of the 32nd ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2011. ACM, 367–377.

Digital Library

[51]

Jianzhou Zhao, Santosh Nagarakatte, Milo M. K. Martin, and Steve Zdancewic. 2012. Formalizing the LLVM intermediate representation for verified program transformations. In Proceedings of the 39th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2012. ACM, 427–440.

Digital Library

Cited By

Chen ZZhu YWang Z(2024)Design and Implementation of an Aspect-Oriented C Programming LanguageProceedings of the ACM on Programming Languages10.1145/36498348:OOPSLA1(642-669)Online publication date: 29-Apr-2024
https://dl.acm.org/doi/10.1145/3649834
Chen ZYan RMa YSui YXue J(2024)A Smart Status Based Monitoring Algorithm for the Dynamic Analysis of Memory SafetyACM Transactions on Software Engineering and Methodology10.1145/363722733:4(1-47)Online publication date: 17-Apr-2024
https://dl.acm.org/doi/10.1145/3637227
Tu HJiang LHong JDing XJiang H(2024)Concretely Mapped Symbolic Memory Locations for Memory Error DetectionIEEE Transactions on Software Engineering10.1109/TSE.2024.3395412(1-21)Online publication date: 2024
https://doi.org/10.1109/TSE.2024.3395412
Show More Cited By

Index Terms

Runtime detection of memory errors with smart status
1. Security and privacy
  1. Software and application security
2. Software and its engineering
  1. Software creation and management
    1. Software verification and validation
      1. Software defect analysis
        Software testing and debugging
  2. Software organization and properties
    1. Extra-functional properties
      1. Software reliability
      2. Software safety
    2. Software functional properties
      1. Formal methods
        Dynamic analysis

Recommendations

A Smart Status Based Monitoring Algorithm for the Dynamic Analysis of Memory Safety
C is a dominant programming language for implementing system and low-level embedded software. Unfortunately, the unsafe nature of its low-level control of memory often leads to memory errors. Dynamic analysis has been widely used to detect memory errors ...
Detecting memory errors at runtime with source-level instrumentation
ISSTA 2019: Proceedings of the 28th ACM SIGSOFT International Symposium on Software Testing and Analysis

The unsafe language features of C, such as low-level control of memory, often lead to memory errors, which can result in silent data corruption, security vulnerabilities, and program crashes. Dynamic analysis tools, which have been widely used for ...
A dynamic analysis tool for memory safety based on smart status and source-level instrumentation
ICSE '22: Proceedings of the ACM/IEEE 44th International Conference on Software Engineering: Companion Proceedings

Memory errors may lead to program crashes and security vulnerabilities. In this paper, we present Movec, a dynamic analysis tool that can automatically detect memory errors at runtime. To address the three major challenges faced by existing tools in ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

ISSTA 2021: Proceedings of the 30th ACM SIGSOFT International Symposium on Software Testing and Analysis

July 2021

685 pages

ISBN:9781450384599

DOI:10.1145/3460319

General Chair:
Cristian Cadar
Imperial College London, UK
,
Program Chair:
Xiangyu Zhang
Purdue University, USA

Copyright © 2021 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGSOFT: ACM Special Interest Group on Software Engineering

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 11 July 2021

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Badges

Author Tags

Qualifiers

Research-article

Conference

ISSTA '21

Sponsor:

SIGSOFT

ISSTA '21: 30th ACM SIGSOFT International Symposium on Software Testing and Analysis

July 11 - 17, 2021

Virtual, Denmark

Acceptance Rates

Overall Acceptance Rate 58 of 213 submissions, 27%

Upcoming Conference

ISSTA '25

Sponsor:
sigsoft

34th ACM SIGSOFT International Symposium on Software Testing and Analysis

June 25 - 28, 2025

Trondheim , Norway

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

11
Total Citations
View Citations
411
Total Downloads

Downloads (Last 12 months)64
Downloads (Last 6 weeks)6

Reflects downloads up to 18 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Chen ZZhu YWang Z(2024)Design and Implementation of an Aspect-Oriented C Programming LanguageProceedings of the ACM on Programming Languages10.1145/36498348:OOPSLA1(642-669)Online publication date: 29-Apr-2024
https://dl.acm.org/doi/10.1145/3649834
Chen ZYan RMa YSui YXue J(2024)A Smart Status Based Monitoring Algorithm for the Dynamic Analysis of Memory SafetyACM Transactions on Software Engineering and Methodology10.1145/363722733:4(1-47)Online publication date: 17-Apr-2024
https://dl.acm.org/doi/10.1145/3637227
Tu HJiang LHong JDing XJiang H(2024)Concretely Mapped Symbolic Memory Locations for Memory Error DetectionIEEE Transactions on Software Engineering10.1109/TSE.2024.3395412(1-21)Online publication date: 2024
https://doi.org/10.1109/TSE.2024.3395412
Cao SSun XBo LWu RLi BWu XTao CZhang TLiu W(2023)Learning to Detect Memory-related VulnerabilitiesACM Transactions on Software Engineering and Methodology10.1145/362474433:2(1-35)Online publication date: 23-Dec-2023
https://dl.acm.org/doi/10.1145/3624744
Chen ZZhang QWu JYan JXue J(2023)A Source-Level Instrumentation Framework for the Dynamic Analysis of Memory SafetyIEEE Transactions on Software Engineering10.1109/TSE.2022.321058049:4(2107-2127)Online publication date: 1-Apr-2023
https://dl.acm.org/doi/10.1109/TSE.2022.3210580
Truc Tran LNguyen NDuc HViet HTung LTran HHung P(2023)A Method for Detecting and Generating Test Data for Runtime Errors in C/C++ Project Units2023 RIVF International Conference on Computing and Communication Technologies (RIVF)10.1109/RIVF60135.2023.10471836(412-417)Online publication date: 23-Dec-2023
https://doi.org/10.1109/RIVF60135.2023.10471836
Qian SFan WTan LZhang Y(2023)Vicious Cycles in Distributed Software Systems2023 38th IEEE/ACM International Conference on Automated Software Engineering (ASE)10.1109/ASE56229.2023.00032(91-103)Online publication date: 11-Sep-2023
https://doi.org/10.1109/ASE56229.2023.00032
Chen HChen J(2022)Coverage-based Greybox Fuzzing with Pointer Monitoring for C ProgramsProceedings of the 37th IEEE/ACM International Conference on Automated Software Engineering10.1145/3551349.3559566(1-4)Online publication date: 10-Oct-2022
https://dl.acm.org/doi/10.1145/3551349.3559566
Cao SSun XBo LWu RLi BTao CDwyer MDamian DZeller A(2022)MVDProceedings of the 44th International Conference on Software Engineering10.1145/3510003.3510219(1456-1468)Online publication date: 21-May-2022
https://dl.acm.org/doi/10.1145/3510003.3510219
Chen ZWu JZhang QXue J(2022)A Dynamic Analysis Tool for Memory Safety Based on Smart Status and Source-Level Instrumentation2022 IEEE/ACM 44th International Conference on Software Engineering: Companion Proceedings (ICSE-Companion)10.1109/ICSE-Companion55297.2022.9793834(6-10)Online publication date: May-2022
https://doi.org/10.1109/ICSE-Companion55297.2022.9793834
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents