research-article

Sulong, and Thanks for All the Bugs: Finding Errors in C Programs by Abstracting from the Native Execution Model

Authors:

Hanspeter MössenböckAuthors Info & Claims

ACM SIGPLAN Notices, Volume 53, Issue 2

Pages 377 - 391

https://doi.org/10.1145/3296957.3173174

Published: 19 March 2018 Publication History

Get Access

Abstract

In C, memory errors, such as buffer overflows, are among the most dangerous software errors; as we show, they are still on the rise. Current dynamic bug-finding tools that try to detect such errors are based on the low-level execution model of the underlying machine. They insert additional checks in an ad-hoc fashion, which makes them prone to omitting checks for corner cases. To address this, we devised a novel approach to finding bugs during the execution of a program. At the core of this approach is an interpreter written in a high-level language that performs automatic checks (such as bounds, NULL, and type checks). By mapping data structures in C to those of the high-level language, accesses are automatically checked and bugs discovered. We have implemented this approach and show that our tool (called Safe Sulong) can find bugs that state-of-the-art tools overlook, such as out-of-bounds accesses to the main function arguments.

References

[1]

Matthew Arnold, Stephen Fink, David Grove, Michael Hind, and Peter F. Sweeney . 2000. Adaptive Optimization in the Jalape nO JVM. In Proceedings of the 15th ACM SIGPLAN Conference on Object-oriented Programming, Systems, Languages, and Applications (OOPSLA '00). ACM, New York, NY, USA, 47--65.

Digital Library

Google Scholar

[2]

Edd Barrett, Carl Friedrich Bolz-Tereick, Rebecca Killick, Sarah Mount, and Laurence Tratt . 2017. Virtual Machine Warmup Blows Hot and Cold. Proc. ACM Program. Lang. Vol. 1, OOPSLA, Article bibinfoarticleno52 (Oct. . 2017), 27 pages.

Digital Library

Google Scholar

[3]

Yves Younan, Wouter Joosen, and Frank Piessens. 2012. Runtime Countermeasures for Code Injection Attacks Against C and C

Google Scholar

[4]

Programs. ACM Comput. Surv. Vol. 44, 3, Article 17 (June. 2012), 28 pages. 0360-0300

Google Scholar

Cited By

View all

Kreindl JBonetta DStadler LLeopoldseder DMössenböck HKuchen HSinger J(2021)Low-overhead multi-language dynamic taint analysis on managed runtimes through speculative optimizationProceedings of the 18th ACM SIGPLAN International Conference on Managed Programming Languages and Runtimes10.1145/3475738.3480939(70-87)Online publication date: 29-Sep-2021
https://dl.acm.org/doi/10.1145/3475738.3480939
Kreindl JBonetta DStadler LLeopoldseder DMössenböck HKuchen HSinger J(2021)Low-overhead multi-language dynamic taint analysis on managed runtimes through speculative optimizationProceedings of the 18th ACM SIGPLAN International Conference on Managed Programming Languages and Runtimes10.1145/3475738.3480939(70-87)Online publication date: 29-Sep-2021
https://dl.acm.org/doi/10.1145/3475738.3480939
Altinay ANash JKroes TRajasekaran PZhou DDabrowski AGens DNa YVolckaert SGiuffrida CBos HFranz MBilas AMagoutis KMarkatos EKostic DSeltzer M(2020)BinRecProceedings of the Fifteenth European Conference on Computer Systems10.1145/3342195.3387550(1-16)Online publication date: 15-Apr-2020
https://dl.acm.org/doi/10.1145/3342195.3387550
Show More Cited By

Index Terms

Sulong, and Thanks for All the Bugs: Finding Errors in C Programs by Abstracting from the Native Execution Model
1. Security and privacy
  1. Systems security
    1. Operating systems security
      1. Virtualization and security
2. Software and its engineering

Recommendations

Sulong, and Thanks for All the Bugs: Finding Errors in C Programs by Abstracting from the Native Execution Model
ASPLOS '18: Proceedings of the Twenty-Third International Conference on Architectural Support for Programming Languages and Operating Systems

In C, memory errors, such as buffer overflows, are among the most dangerous software errors; as we show, they are still on the rise. Current dynamic bug-finding tools that try to detect such errors are based on the low-level execution model of the ...
Sulong, and thanks for all the fish
Programming '18: Companion Proceedings of the 2nd International Conference on the Art, Science, and Engineering of Programming

Dynamic languages rely on native extensions written in languages such as C/C++ or Fortran. To efficiently support the execution of native extensions in the multi-lingual GraalVM, we have implemented Sulong, which executes LLVM IR to support all ...
Sulong - execution of LLVM-based languages on the JVM: position paper
ICOOOLPS '16: Proceedings of the 11th Workshop on Implementation, Compilation, Optimization of Object-Oriented Languages, Programs and Systems

For the last decade, the Java Virtual Machine (JVM) has been a popular platform to host languages other than Java. Language implementation frameworks like Truffle allow the implementation of dynamic languages such as JavaScript or Ruby with competitive ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

ACM SIGPLAN Notices Volume 53, Issue 2

ASPLOS '18

February 2018

809 pages

ISSN:0362-1340

EISSN:1558-1160

DOI:10.1145/3296957

Editor:
Matthew Fluet
Rodchester Institude of Technology

Issue’s Table of Contents

ASPLOS '18: Proceedings of the Twenty-Third International Conference on Architectural Support for Programming Languages and Operating Systems
March 2018
827 pages
ISBN:9781450349116
DOI:10.1145/3173162
General Chairs:
Xipeng Shen
North Carolina State University, USA
,
James Tuck
North Carolina State University, USA
,
Program Chairs:
Ricardo Bianchini
Microsoft Research, USA
,
Vivek Sarkar
Georgia Institute of Technology, USA

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 19 March 2018

Published in SIGPLAN Volume 53, Issue 2

Check for updates

Author Tags

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

12
Total Citations
View Citations
604
Total Downloads

Downloads (Last 12 months)52
Downloads (Last 6 weeks)8

Reflects downloads up to 18 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Kreindl JBonetta DStadler LLeopoldseder DMössenböck HKuchen HSinger J(2021)Low-overhead multi-language dynamic taint analysis on managed runtimes through speculative optimizationProceedings of the 18th ACM SIGPLAN International Conference on Managed Programming Languages and Runtimes10.1145/3475738.3480939(70-87)Online publication date: 29-Sep-2021
https://dl.acm.org/doi/10.1145/3475738.3480939
Kreindl JBonetta DStadler LLeopoldseder DMössenböck HKuchen HSinger J(2021)Low-overhead multi-language dynamic taint analysis on managed runtimes through speculative optimizationProceedings of the 18th ACM SIGPLAN International Conference on Managed Programming Languages and Runtimes10.1145/3475738.3480939(70-87)Online publication date: 29-Sep-2021
https://dl.acm.org/doi/10.1145/3475738.3480939
Altinay ANash JKroes TRajasekaran PZhou DDabrowski AGens DNa YVolckaert SGiuffrida CBos HFranz MBilas AMagoutis KMarkatos EKostic DSeltzer M(2020)BinRecProceedings of the Fifteenth European Conference on Computer Systems10.1145/3342195.3387550(1-16)Online publication date: 15-Apr-2020
https://dl.acm.org/doi/10.1145/3342195.3387550
Gaikwad SNisbet ALuján MHosking AFinocchi I(2019)Hosting OpenMP programs on Java virtual machinesProceedings of the 16th ACM SIGPLAN International Conference on Managed Programming Languages and Runtimes10.1145/3357390.3361031(63-71)Online publication date: 21-Oct-2019
https://dl.acm.org/doi/10.1145/3357390.3361031
Mosaner RLeopoldseder DRigger MSchatz RMössenböck HHosking AFinocchi I(2019)Supporting on-stack replacement in unstructured languages by loop reconstruction and extractionProceedings of the 16th ACM SIGPLAN International Conference on Managed Programming Languages and Runtimes10.1145/3357390.3361030(1-13)Online publication date: 21-Oct-2019
https://dl.acm.org/doi/10.1145/3357390.3361030
Rigger MMarr SAdams BMössenböck HDumas MPfahl DApel SRusso A(2019)Understanding GCC builtins to develop better toolsProceedings of the 2019 27th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering10.1145/3338906.3338907(74-85)Online publication date: 12-Aug-2019
https://dl.acm.org/doi/10.1145/3338906.3338907
Rigger MMarr SKell SLeopoldseder DMössenböck H(2018)An Analysis of x86-64 Inline Assembly in C ProgramsACM SIGPLAN Notices10.1145/3296975.318641853:3(84-99)Online publication date: 25-Mar-2018
https://dl.acm.org/doi/10.1145/3296975.3186418
Kreindl JRigger MMössenböck HTilevich EMössenböck H(2018)Debugging native extensions of dynamic languagesProceedings of the 15th International Conference on Managed Languages & Runtimes10.1145/3237009.3237017(1-7)Online publication date: 12-Sep-2018
https://dl.acm.org/doi/10.1145/3237009.3237017
Rigger MMarr SSartor J(2018)Sandboxed execution of C and other unsafe languages on the Java virtual machineCompanion Proceedings of the 2nd International Conference on the Art, Science, and Engineering of Programming10.1145/3191697.3213795(227-229)Online publication date: 9-Apr-2018
https://dl.acm.org/doi/10.1145/3191697.3213795
Rigger MSchatz RKreindl JHäubl CMössenböck HMarr SSartor J(2018)Sulong, and thanks for all the fishCompanion Proceedings of the 2nd International Conference on the Art, Science, and Engineering of Programming10.1145/3191697.3191726(58-60)Online publication date: 9-Apr-2018
https://dl.acm.org/doi/10.1145/3191697.3191726
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

Sulong, and Thanks for All the Bugs: Finding Errors in C Programs by Abstracting from the Native Execution Model

Sulong, and thanks for all the fish

Sulong - execution of LLVM-based languages on the JVM: position paper