Runtime Verification of C Memory Safety
نویسندگان
چکیده
C is the most widely used imperative system’s implementation language. While C provides types and high-level abstractions, its design goal has been to provide highest performance which often requires low-level access to memory. As a consequence C supports arbitrary pointer arithmetic, casting, and explicit allocation and deallocation. These operations are difficult to use, resulting in programs that often have software bugs like buffer overflows and dangling pointers that cause security vulnerabilities. We say a C program is memory safe, if at runtime it never goes wrong with such a memory access error. Based on standards for writing “good” C code, this paper proposes strong memory safety as the least restrictive formal definition of memory safety amenable for runtime verification. We show that although verification of memory safety is in general undecidable, even when restricted to closed, terminating programs, runtime verification of strong memory safety is a decision procedure for this class of programs. We verify strong memory safety of a program by executing the program using a symbolic, deterministic definition of the dynamic semantics. A prototype implementation of these ideas shows the feasibility of this approach.
منابع مشابه
Sound Modular Verification of C Code Executing in an Unverified Context Extended Version
Over the past decade, great progress has been made in the static modular verification of C code by means of separation logic-based program logics. However, the runtime guarantees offered by such verification are relatively limited when the verified modules are part of a whole program that also contains unverified modules. In particular, a memory safety error in an unverified module can corrupt ...
متن کاملTyped stack allocation
The verification of memory safety–no program will crash when referencing memory–falls into two categories. A runtime system may enforce memory safety at a cost. Or, we may rely on error-prone programmers. Runtime overhead, most noticeably garbage collection, is undesirable in embedded or real-time systems. The frequency of collection points is not deterministic. Languages that rely on garbage c...
متن کاملRewriting Semantics and Analysis of Concurrency Features for a C-like Language
This paper shows how one can easily transform K definitions of programming languages into runtime verification tools. To increase the confidence that these runtime verification tools can be used for testing realworld programs, the paper uses KernelC, a subset of the C programming language containing functions, memory allocation, pointer arithmetic, and input/output, which can be used to execute...
متن کاملRuntime Enforcement of Memory Safety for the C Programming Language
Title of dissertation: Runtime Enforcement of Memory Safety for the C Programming Language Matthew Stephen Simpson, Doctor of Philosphy, 2011 Dissertation directed by: Professor Rajeev Barua Memory access violations are a leading source of unreliability in C programs. Although the low-level features of the C programming language, like unchecked pointer arithmetic and explicit memory management,...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2009