Abstract
It is well known that programs written in C are apt to suffer from nasty errors due to dangling pointers and/or buffer overflow. In particular, such errors in Internet servers are often exploited by malicious attackers to “crack” an entire system, which becomes even social problems nowadays. Nevertheless, it is yet unrealistic to throw away the C language at once because of legacy programs and legacy programmers. To alleviate this dilemma, many approaches to safe implementations of the C language-such as Safe C and CCured—have been proposed and implemented. To our knowledge, however, none of them support all the features of the ANSI C standard and prevent all unsafe operations. (By unsafe operations, we mean any operation that leads to “undefined behavior”, such as array boundary overrun and dereference of a pointer in a wrong type.) This paper describes a memory-safe implementation of the full ANSI C language. Our implementation detects and disallows all unsafe operations, yet conforming to the full ANSI C standard (including casts and unions) and even supporting many “dirty tricks” common in programs beyond ANSI C. This is achieved using sophisticated representations of pointers (and integers) that contain dynamic type and size information. We also devise several techniques—both compile-time and runtime—to reduce the overhead of runtime checks.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Todd M. Austin, Scott E. Breach, and Gurindar S. Sohi. Efficient detection of all pointer and array access errors. In Proc.’ 94 Conference on Programming Language Design and Implementation (PLDI), pages 290–301, 1994.
Rastislav Bodik, Rajiv Gupta, and Vivek Sarkar. ABCD: Eliminating Array Bounds Checks on Demand. In Proceedings of the SIGPLAN’ 00 Conference on Program Language Design and Implementation, June 2000.
Crispan Cowan, Calton Pu, Dave Maier, Jonathan Walpole, Peat Bakke, Steve Beattie, Aaron Grier, Perry Wagle, Qian Zhang, and Heather Hinton. StackGuard: Automatic adaptive detection and prevention of buffer-overflow attacks. In Proc. 7th USENIX Security Conference, pages 63–78, San Antonio, Texas, January 1998.
Dan Grossman, Greg Morrisett, Trevor Jim, Michael Hicks, Yanling Wang, and James Cheney. Region-based memory management in Cyclone. In Proc. ACM Conference on Programming Language Design and Implementation (PLDI), pages 282–293, June 2002.
Reed Hastings and Bob Joyce. Purify: Fast detection of memory leaks and access errors. In Proc. 1992 Winter USENIX Conference, pages 125–136, 1992.
Trevor Jim, Greg Morrisett, Dan Grossman, Michael Hicks, James Cheney, and Yanling Wang. Cyclone: A safe dialect of C. In USENIX Annual Technical Conference, June 2002.
Richard W. M. Jones and Paul H. J. Kelly. Backwards-compatible bounds checking for arrays and pointers in C programs. In Automated and Algorithmic Debugging, pages 13–26, 1997.
Stephen Kaufer, Russell Lopez, and Sasha Pratap. Saber-C: an interpreter-based programming environment for the C language. In Proc. 1998 Summer USENIX Conference, pages 161–171, 1988.
Jens Knoop, Oliver Rüthing, and Bernhard Steffen. Lazy Code Motion. In Proceedings of the 5th ACM SIGPLAN Conference on Programming Language Design and Implementation, pages 224–234, June 1992.
Alexey Loginov, Suan Hsi Yong, Susan Horwitz, and Thomas Reps. Debugging via run-time type checking. Lecture Notes in Computer Science, 2029:217, 2001.
George Necula, Scott McPeak, and Westley Weimer. CCured: Type-safe retrofitting of legacy code. In Proc. The 29th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL2002), pages 128–139, January 2002.
Yutaka Oiwa, Eijiro Sumii, and Akinori Yonezawa. Implementing a fail-safe ANSIC compiler. In JSSST 2001, Hakodate, Japan, 18 September 2001. Japan Society for Software Science and Technology. In Japanese.
Yutaka Oiwa, Eijiro Sumii, and Akinori Yonezawa. Implementing a fail-safe ANSIC compiler. Computer Software, 19(3):39–44, May 2002. In Japanese.
Harish Patil and Charles Fischer. Low-cost, concurrent checking of pointer and array accesses in C programs. Software-Practice and Experience, 27(1):87–110, January 1997.
Radu Rugina and Martin Rinard. Symbolic bounds analysis of pointers, array indices, and accessed memory regions. In Proc.’ 00 Conference on Programming Language Design and Implementation (PLDI), pages 182–195, 2000.
David Wagner, Jeffrey S. Foster, Eric A. Brewer, and Alexander Aiken. A first step towards automated detection of buffer overrun vulnerabilities. In Network and Distributed System Security Symposium, February 2000.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Oiwa, Y., Sekiguchi, T., Sumii, E., Yonezawa, A. (2003). Fail-Safe ANSI-C Compiler: An Approach to Making C Programs Secure Progress Report. In: Okada, M., Pierce, B.C., Scedrov, A., Tokuda, H., Yonezawa, A. (eds) Software Security — Theories and Systems. ISSS 2002. Lecture Notes in Computer Science, vol 2609. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-36532-X_9
Download citation
DOI: https://doi.org/10.1007/3-540-36532-X_9
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-00708-1
Online ISBN: 978-3-540-36532-7
eBook Packages: Springer Book Archive