EffectiveSan: Type and Memory Error Detection using Dynamically Typed C/C++
Remarks
Conference: PLDI 2019
Full Paper: https://dl.acm.org/doi/10.1145/3192366.3192388
Artifact: https://github.com/GJDuck/EffectiveSan
Introduction
EffectiveSan is a comprehensive dynamic type checker for C/C++ programs.
Related work
下图总结了自1980年以来常用的Sanitizer
尽管目前已经有许多优秀的Sanitizer,能够检测各类软件缺陷,如下图所示。然而,一部分工具只关注类型错误,另一部分工具只关注内存破坏错误,并且对buffer overflow和use-afrer-free的支持也不好,存在大量的漏报。作者提出的EffectiveSan能同时检测类型错误和内存破坏错误。
Key Idea
实际上目前很多内存错误都可以看作是类型错误,因此可以将内存破坏错误的检查转化为类型错误的检测问题
EffectiveSan directly detects the following classes of error:
(1) Type errors (type confusion, bad casts, etc.)
(2) Bounds errors (buffer overflows, etc.)
(3) Sub-object bounds errors (overwriting vptrs, etc.)
(4) (Re)use-after-free
Approach:
Dynamic typing using a combination of low-fat pointers, meta data, and type/bounds check.
Evaluation
作者将EffectiveSan与未检测的baseline进行比较。对于这些测试,使用标准SPEC2006基准套件:
Further Reading
For more detailed information EffectiveSan, please see our PLDI’2018 paper:
Gregory J. Duck and Roland H. C. Yap, EffectiveSan: Type and Memory Error Detection using Dynamically Typed C/C++, Programming Language Design and Implementation (PLDI’18), 2018
EffectiveSan is built on top of our earlier work on low fat pointers. More information can be found here:
Gregory J. Duck, Roland H. C. Yap, Heap Bounds Protection with Low Fat Pointers, Compiler Construction (CC’16), 2016
Gregory J. Duck, Roland H. C. Yap, Lorenzo Cavallaro, Stack Bounds Protection with Low Fat Pointers, Network and Distributed System Security Symposium (NDSS’17), 2017
Implementation: https://github.com/GJDuck/LowFat