research-article

Dynamically diagnosing type errors in unsafe code

Author:
Stephen Kell

University of Cambridge, UK

University of Cambridge, UK
View Profile

Authors Info & Claims

ACM SIGPLAN Notices Volume 51 Issue 10October 2016pp 800–819https://doi.org/10.1145/3022671.2983998

Published:19 October 2016Publication History

ACM SIGPLAN Notices

Abstract

Existing approaches for detecting type errors in unsafe languages are limited. Static analysis methods are imprecise, and often require source-level changes, while most dynamic methods check only memory properties (bounds, liveness, etc.), owing to a lack of run-time type information. This paper describes libcrunch, a system for binary-compatible run-time type checking of unmodified unsafe code, currently focusing on C. Practical experience shows that our prototype implementation is easily applicable to many real codebases without source-level modification, correctly flags programmer errors with a very low rate of false positives, offers a very low run-time overhead, and covers classes of error caught by no previously existing tool.

References

T. M. Austin, S. E. Breach, and G. S. Sohi. Efficient detection of all pointer and array access errors. In Proceedings of the ACM SIGPLAN 1994 Conference on Programming Language Design and Implementation, PLDI ’94, pages 290–301, New York, NY, USA, 1994. ACM. Google ScholarDigital Library
G. Banavar, G. Lindstrom, and D. Orr. Type-safe composition of object modules. Technical Report UUCS-94-001, University of Utah, Salt Lake City, Utah, USA, 1994.Google Scholar
M. Burrows, S. N. Freund, and J. L. Wiener. Run-time type checking for binary programs. In CC’03: Proceedings of the 12th international conference on Compiler construction, pages 90–105, Berlin, Heidelberg, 2003. Springer-Verlag. Google ScholarDigital Library
S. Chandra and T. Reps. Physical type checking for C. In Proceedings of the 1999 ACM SIGPLAN-SIGSOFT Workshop on Program Analysis for Software Tools and Engineering, PASTE ’99, pages 66–75, New York, NY, USA, 1999. ACM. Google ScholarDigital Library
B. Chin, S. Markstrum, and T. Millstein. Semantic type qualifiers. In Proceedings of the 2005 ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI ’05, pages 85–95, New York, NY, USA, 2005. ACM. Google ScholarDigital Library
D. Dhurjati, S. Kowshik, and V. Adve. SAFECode: Enforcing alias analysis for weakly typed languages. In Proceedings of the 2006 ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI ’06, pages 144– 157, New York, NY, USA, 2006. ACM. Google ScholarDigital Library
C. Diamand, S. Kell, and D. Chisnall. Run-time type checking with clang, using libcrunch. Presented at EuroLLVM 2016, March 2016.Google Scholar
Presentation abstract, slides and video available at http://www.llvm.org/devmtg/2016-03/ as retrieved on 2016/8/26.Google Scholar
C. Ellison and G. Rosu. An executable formal semantics of C with applications. In Proceedings of the 39th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL ’12, pages 533–544, New York, NY, USA, 2012. ACM. Google ScholarDigital Library
J. S. Foster, R. Johnson, J. Kodumal, and A. Aiken. Flowinsensitive type qualifiers. ACM Trans. Program. Lang. Syst., 28(6):1035–1087, Nov. 2006. Google ScholarDigital Library
R. Hastings and B. Joyce. Purify: Fast detection of memory leaks and access errors. In Proc. of the Winter 1992 USENIX Conference, pages 125–138. USENIX Association, 1991.Google Scholar
ISO WG21. Programming languages — C. ISO/IEC Standard 9899:2011, Dec. 2011.Google Scholar
A non-final but recent version is available at www.open-std.org/JTC1/SC22/WG14/www/docs/n1539.pdf, retrieved on 2016/8/24.Google Scholar
T. Jim, J. G. Morrisett, D. Grossman, M. W. Hicks, J. Cheney, and Y. Wang. Cyclone: A safe dialect of C. In Proceedings of the General Track of the Annual Conference on USENIX Annual Technical Conference, ATEC ’02, pages 275–288, Berkeley, CA, USA, 2002. USENIX Association. Google ScholarDigital Library
S. Kell. Towards a dynamic object model within Unix processes. In 2015 ACM International Symposium on New Ideas, New Paradigms, and Reflections on Programming and Software (Onward!), Onward! 2015, pages 224–239, New York, NY, USA, 2015. ACM. Google ScholarDigital Library
R. Krebbers and F. Wiedijk. A typed C11 semantics for interactive theorem proving. In Proceedings of the 2015 Conference on Certified Programs and Proofs, CPP ’15, pages 15–27, New York, NY, USA, 2015. ACM. Google ScholarDigital Library
S. Krishnamurthi and M. Felleisen. Safety in programming languages. Technical Report TR 99-352, Rice University, 1999.Google Scholar
A. Loginov, S. H. Yong, S. Horwitz, and T. W. Reps. Debugging via run-time type checking. In Proceedings of the 4th International Conference on Fundamental Approaches to Software Engineering, FASE ’01, pages 217–232, London, UK, UK, 2001. Springer-Verlag. Google ScholarDigital Library
K. Memarian, J. Matthiesen, J. Lingard, K. Nienhuis, D. Chisnall, R. N. M. Watson, and P. Sewell. Into the depths of c: Elaborating the de facto standards. In Proceedings of the 37th ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI ’16, pages 1–15, New York, NY, USA, 2016. ACM. Google ScholarDigital Library
S. Nagarakatte, J. Zhao, M. M. Martin, and S. Zdancewic. SoftBound: highly compatible and complete spatial memory safety for C. In Proceedings of the 2009 ACM SIGPLAN conference on Programming language design and implementation, PLDI ’09, pages 245–258, New York, NY, USA, 2009. ACM. Google ScholarDigital Library
S. Nagarakatte, J. Zhao, M. M. K. Martin, and S. Zdancewic. CETS: compiler enforced temporal safety for C. In Proceedings of the 9th International Symposium on Memory Management, ISMM ’10, pages 31–40, 2010. Google ScholarDigital Library
G. C. Necula, S. McPeak, S. P. Rahul, and W. Weimer. CIL: Intermediate language and tools for analysis and transformation of C programs. In R. N. Horspool, editor, Compiler Construction, volume 2304 of Lecture Notes in Computer Science, pages 213–228. Springer Berlin Heidelberg, 2002. Google ScholarDigital Library
G. C. Necula, S. McPeak, and W. Weimer. CCured: Type-safe retrofitting of legacy code. In Proceedings of the 29th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL ’02, pages 128–139, New York, NY, USA, 2002. ACM. Google ScholarDigital Library
M. Polishchuk, B. Liblit, and C. W. Schulze. Dynamic heap type inference for program understanding and debugging. In Proceedings of the 34th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL ’07, pages 39–46, New York, NY, USA, 2007. ACM. Google ScholarDigital Library
K. Serebryany, D. Bruening, A. Potapenko, and D. Vyukov. AddressSanitizer: A fast address sanity checker. In Proceedings of the 2012 USENIX Annual Technical Conference, USENIX ATC’12, pages 28–28, Berkeley, CA, USA, 2012. USENIX Association. Google ScholarDigital Library
J. Seward and N. Nethercote. Using Valgrind to detect undefined value errors with bit-precision. In ATEC ’05: Proceedings of the USENIX Annual Technical Conference, Berkeley, CA, USA, 2005. USENIX Association. Google ScholarDigital Library
M. Siff, S. Chandra, T. Ball, K. Kunchithapadam, and T. Reps. Coping with type casts in C. In Proceedings of the 7th European Software Engineering Conference Held Jointly with the 7th ACM SIGSOFT International Symposium on Foundations of Software Engineering, ESEC/FSE-7, pages 180–198, London, UK, UK, 1999. Springer-Verlag. Google ScholarDigital Library
P. Wilson, M. Johnstone, M. Neely, and D. Boles. Dynamic storage allocation: A survey and critical review. In Proc. International Workshop on Memory management, pages 1– 116. Springer Verlag, September 1995. Google ScholarDigital Library
S. H. Yong and S. Horwitz. Reducing the overhead of dynamic analysis. Electr. Notes Theor. Comput. Sci., 70(4):158–178, 2002.Google ScholarCross Ref
Q. Zhao, D. Bruening, and S. Amarasinghe. Umbra: Efficient and scalable memory shadowing. In Proceedings of the 8th Annual IEEE/ACM International Symposium on Code Generation and Optimization, CGO ’10, pages 22–31, New York, NY, USA, 2010. ACM. Google ScholarDigital Library

Index Terms

Dynamically diagnosing type errors in unsafe code
1. Software and its engineering
  1. Software creation and management
    1. Software verification and validation
      1. Software defect analysis
        Software testing and debugging

Recommendations

Dynamically diagnosing type errors in unsafe code
OOPSLA 2016: Proceedings of the 2016 ACM SIGPLAN International Conference on Object-Oriented Programming, Systems, Languages, and Applications

Existing approaches for detecting type errors in unsafe languages are limited. Static analysis methods are imprecise, and often require source-level changes, while most dynamic methods check only memory properties (bounds, liveness, etc.), owing to a ...
Read More
On the use of C# Unsafe Code Context: An Empirical Study of Stack Overflow
ESEM '20: Proceedings of the 14th ACM / IEEE International Symposium on Empirical Software Engineering and Measurement (ESEM)

Background. C# maintains type safety and security by not allowing direct dangerous pointer arithmetic. To improve performance for special cases, pointer arithmetic is provided via an unsafe context. Programmers can use the C# unsafe keyword to ...
Read More
EffectiveSan: type and memory error detection using dynamically typed C/C++
PLDI 2018: Proceedings of the 39th ACM SIGPLAN Conference on Programming Language Design and Implementation

Low-level programming languages with weak/static type systems, such as C and C++, are vulnerable to errors relating to the misuse of memory at runtime, such as (sub-)object bounds overflows, (re)use-after-free, and type confusion. Such errors account ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Published in
ACM SIGPLAN Notices Volume 51, Issue 10
OOPSLA '16
October 2016
915 pages
ISSN:0362-1340
EISSN:1558-1160
DOI:10.1145/3022671
Editor:
Matthew Fluet
Issue’s Table of Contents
OOPSLA 2016: Proceedings of the 2016 ACM SIGPLAN International Conference on Object-Oriented Programming, Systems, Languages, and Applications
October 2016
915 pages
ISBN:9781450344449
DOI:10.1145/2983990
General Chair:
Eelco Visser
Delft University of Technology, Netherlands
,
Program Chair:
Yannis Smaragdakis
University of Athens, Greece
Copyright © 2016 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 19 October 2016
Check for updates
Author Tags
C
pointers
type information
unsafe code
Qualifiers
- research-article
Conference
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 14
  Total Citations
  View Citations
- 263
  Total Downloads
- Downloads (Last 12 months)17
- Downloads (Last 6 weeks)2
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Dynamically diagnosing type errors in unsafe code

ACM SIGPLAN Notices

Abstract

References

Cited By

Index Terms

Recommendations

Dynamically diagnosing type errors in unsafe code

On the use of C# Unsafe Code Context: An Empirical Study of Stack Overflow

EffectiveSan: type and memory error detection using dynamically typed C/C++