Implementation of a Fail - Safe ANSI C Compiler

Programs written in the C language often suffer from nasty errors due to dangling pointers and buffer overflow. Such errors in Internet server programs are often exploited by malicious attackers to “crack” an entire system, and this has become a problem affecting society as a whole. The root of these errors is usually corruption of on-memory data structures caused by out-of-bound array accesses. The C language does not provide any protection against such out-of-bound access, although recent languages such as Java, C#, Lisp and ML provide such protection. Nevertheless, the C language itself should not be blamed for this shortcoming—it was designed to provide a replacement for assembly languages (i.e., to provide flexible direct memory access through a light-weight high-level language). In other words, lack of array boundary protection is “by design.” In addition, the C language was designed more than thirty years ago when there was not enough computer power to perform a memory boundary check for every memory access. The real problem is the use of the C language for current casual programming, which does not usually require such direct memory accesses. We cannot realistically discard the C language right away, though, because there are many legacy programs written in the C language and many legacy programmers accustomed to the C language and its programming style. To alleviate this dilemma, many approaches to safe implementation of the C language have been proposed and put into use. To my knowledge, however, none of these support all the features of the ANSI C standard and prevent all unsafe operations. Some, such as StackGuard by Cowan, perform an ad hoc runtime check which can detect only specific kinds of error. Others, such as Safe C, accept only a small subset of the ANSI C standard. CCured, by Necula, comes closest to providing a solution in my opinion, but is not yet perfect. This thesis proposes the most powerful solution to this problem so far. FailSafe C is a memory-safe implementation of the full ANSI C language. More precisely, it detects and disallows all unsafe operations, yet conforms to the full ANSI C standard (including casts and unions) and even supports many of the “dirty tricks” common in many existing programs which do not strictly conform to the standard. In this work, I also propose several techniques—regarding both compiletime and runtime—to reduce the overhead of runtime checks. By using the FailSafe C compiler, programmers can easily make their programs safe without heavy rewriting or porting of their code. In the thesis, I also discuss a demonstration of