A dynamic analysis tool for memory safety based on smart status and source-level instrumentation
Authors: 
Zhe Chen, 
Jun Wu, Qi Zhang, 
Jingling XueAuthors Info & Claims
Zhe Chen, Jun Wu, Qi Zhang, Jingling XueAuthors Info & ClaimsPages 6 - 10
Abstract
Memory errors may lead to program crashes and security vulnerabilities. In this paper, we present Movec, a dynamic analysis tool that can automatically detect memory errors at runtime. To address the three major challenges faced by existing tools in detecting memory errors, low effectiveness, optimization sensitivity and platform dependence, Movec leverages a smart-status-based monitoring algorithm and performs its intrumentation at the source-level. Our extensive evaluation shows that Movec is capable of finding a wide range of memory errors with moderate and competitive overheads.
Demo video link: https://youtu.be/V8H2MroNxSM, also available at https://www.bilibili.com/video/BV1H34y117tA
Movec website: https://drzchen.github.io/projects/movec
Movec download link: https://github.com/drzchen/movec
References
[1]
Zhe Chen. 2021. The MiBench and SPEC Benchmark Suites. https://github.com/drzchen/movec-benchmarks
[2]
Zhe Chen. 2021. Movec: A Tool for the Monitoring and Verification of C Programs. https://github.com/drzchen/movec
[3]
Zhe Chen. 2021. Movec-MSBench: A Memory Safety Benchmark Suite, Version 2.0.1. https://github.com/drzchen/movec-msbench
[4]
Zhe Chen, Chuanqi Tao, Zhiyi Zhang, and Zhibin Yang. 2018. Beyond spatial and temporal memory safety. In Proceedings of the 40th International Conference on Software Engineering (ICSE 2018), Companion Volume. ACM, 189--190.
[5]
Zhe Chen, Chong Wang, Junqi Yan, Yulei Sui, and Jingling Xue. 2021. Runtime Detection of Memory Errors with Smart Status. In Proceedings of the 30th ACM SIGSOFT International Symposium on Software Testing and Analysis, ISSTA 2021, Virtual, Denmark, July 11--17, 2021. ACM, 296--308.
[6]
Zhe Chen, Junqi Yan, Shuanglong Kan, Ju Qian, and Jingling Xue. 2019. Detecting Memory Errors at Runtime with Source-Level Instrumentation. In Proceedings of the 28th ACM SIGSOFT International Symposium on Software Testing and Analysis, ISSTA 2019, Beijing, China, July 15--19, 2019. ACM, 341--351.
[7]
Zhe Chen, Junqi Yan, Wenming Li, Ju Qian, and Zhiqiu Huang. 2018. Runtime verification of memory safety via source transformation. In Proceedings of the 40th International Conference on Software Engineering (ICSE 2018), Companion Volume. ACM, 264--265.
[8]
Christian DeLozier, Richard A. Eisenberg, Santosh Nagarakatte, Peter-Michael Osera, Milo M. K. Martin, and Steve Zdancewic. 2013. Ironclad C++: a library-augmented type-safe subset of c++. In Proceedings of the 2013 ACM SIGPLAN International Conference on Object Oriented Programming Systems Languages & Applications, OOPSLA 2013. ACM, 287--304.
[9]
Gregory J. Duck and Roland H. C. Yap. 2016. Heap bounds protection with low fat pointers. In Proceedings of the 25th International Conference on Compiler Construction, CC 2016. ACM, 132--142.
[10]
Matthew R. Guthaus, Jeffrey S. Ringenberg, Dan Ernst, Todd M. Austin, Trevor Mudge, and Richard B. Brown. 2001. MiBench: A free, commercially representative embedded benchmark suite. In Proceedings of the IEEE 4th Annual Workshop on Workload Characterization. IEEE, 3--14.
[11]
Taddeus Kroes, Koen Koning, Erik van der Kouwe, Herbert Bos, and Cristiano Giuffrida. 2018. Delta pointers: buffer overflow checks without the checks. In Proceedings of the 13th EuroSys Conference, EuroSys 2018. ACM, 22:1--22:14.
[12]
Tongping Liu, Charlie Curtsinger, and Emery D. Berger. 2016. DoubleTake: fast and precise error detection via evidence-based dynamic analysis. In Proceedings of the 38th International Conference on Software Engineering, ICSE 2016, Laura K. Dillon, Willem Visser, and Laurie Williams (Eds.). ACM, 911--922.
[13]
Santosh Nagarakatte, Jianzhou Zhao, Milo M. K. Martin, and Steve Zdancewic. 2009. SoftBound: highly compatible and complete spatial memory safety for C. In Proceedings of the 2009 ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2009. ACM, 245--258.
[14]
Santosh Nagarakatte, Jianzhou Zhao, Milo M. K. Martin, and Steve Zdancewic. 2010. CETS: compiler enforced temporal safety for C. In Proceedings of the 9th International Symposium on Memory Management, ISMM 2010. ACM, 31--40.
[15]
Nicholas Nethercote and Julian Seward. 2007. How to shadow every byte of memory used by a program. In Proceedings of the 3rd International Conference on Virtual Execution Environments, VEE 2007. ACM, 65--74.
[16]
Nicholas Nethercote and Julian Seward. 2007. Valgrind: a framework for heavyweight dynamic binary instrumentation. In Proceedings of the ACM SIGPLAN 2007 Conference on Programming Language Design and Implementation, PLDI 2007. ACM, 89--100.
[17]
Andrew Ruef, Leonidas Lampropoulos, Ian Sweet, David Tarditi, and Michael Hicks. 2019. Achieving Safety Incrementally with Checked C. In Proceedings of the 8th International Conference on Principles of Security and Trust, POST 2019, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2019 (Lecture Notes in Computer Science, Vol. 11426). Springer, 76--98.
[18]
Kostya Serebryany. 2019. ARM Memory Tagging Extension and How It Improves C/C++ Memory Safety. The Usenix Magazine 44, 2 (2019), 12--16.
[19]
Konstantin Serebryany, Derek Bruening, Alexander Potapenko, and Dmitriy Vyukov. 2012. AddressSanitizer: A Fast Address Sanity Checker. In 2012 USENIX Annual Technical Conference, Boston, MA, USA. USENIX Association, 309--318.
[20]
Matthew S. Simpson and Rajeev Barua. 2013. MemSafe: ensuring the spatial and temporal memory safety of C at runtime. Software - Practice and Experience 43, 1 (2013), 93--128.
[21]
Laszlo Szekeres, Mathias Payer, Tao Wei, and Dawn Song. 2013. SoK: Eternal War in Memory. In 2013 IEEE Symposium on Security and Privacy, SP 2013. IEEE Computer Society, 48--62.
[22]
The MITRE Corporation. 2009-05-08. CWE-762: Mismatched Memory Management Routines. https://cwe.mitre.org/data/definitions/762.html
[23]
The MITRE Corporation. 2020-02-24. CWE-590: Free of Memory not on the Heap. https://cwe.mitre.org/data/definitions/590.html
[24]
Kostyantyn Vorobyov, Julien Signoles, and Nikolai Kosmatov. 2017. Shadow state encoding for efficient monitoring of block-level properties. In Proceedings of the 2017 ACM SIGPLAN International Symposium on Memory Management, ISMM 2017. ACM, 47--58.
Index Terms
- A dynamic analysis tool for memory safety based on smart status and source-level instrumentation
Recommendations
Runtime detection of memory errors with smart status
ISSTA 2021: Proceedings of the 30th ACM SIGSOFT International Symposium on Software Testing and AnalysisC is a dominant language for implementing system software. Unfortunately, its support for low-level control of memory often leads to memory errors. Dynamic analysis tools, which have been widely used for detecting memory errors at runtime, are not yet ...
Detecting memory errors at runtime with source-level instrumentation
ISSTA 2019: Proceedings of the 28th ACM SIGSOFT International Symposium on Software Testing and AnalysisThe unsafe language features of C, such as low-level control of memory, often lead to memory errors, which can result in silent data corruption, security vulnerabilities, and program crashes. Dynamic analysis tools, which have been widely used for ...
A Smart Status Based Monitoring Algorithm for the Dynamic Analysis of Memory Safety
C is a dominant programming language for implementing system and low-level embedded software. Unfortunately, the unsafe nature of its low-level control of memory often leads to memory errors. Dynamic analysis has been widely used to detect memory errors ...
Comments
Information & Contributors
Information
Published In
Copyright © 2022 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Sponsors
In-Cooperation
- IEEE CS
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 19 October 2022
Check for updates
Author Tags
Qualifiers
- Research-article
Funding Sources
- Open Project of State Key Laboratory for Novel Software Technology
- Open Project of Shanghai Key Laboratory of Trustworthy Computing
- Fundamental Research Funds for AI
- National Natural Science Foundation of China
Conference
ICSE '22
Sponsor:
ICSE '22: 44th International Conference on Software Engineering
May 21 - 29, 2022
Pennsylvania, Pittsburgh
Acceptance Rates
Overall Acceptance Rate 276 of 1,856 submissions, 15%
Upcoming Conference
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 163Total Downloads
- Downloads (Last 12 months)26
- Downloads (Last 6 weeks)0
Reflects downloads up to 18 Jan 2025
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in