Type

Text

Type

Thesis

Advisor

C R. Ramakrishnan | Sekar, Ram C. | Robert Johnson.

Date

2010-05-01

Keywords

Bounds Checking | Computer Science

Department

Department of Computer Science

Language

en_US

Source

This work is sponsored by the Stony Brook University Graduate School in compliance with the requirements for completion of degree.

Identifier

http://hdl.handle.net/11401/72600

Publisher

The Graduate School, Stony Brook University: Stony Brook, NY.

Format

application/pdf

Abstract

Memory-related errors such as buffer overflows and dangling pointers remain oneof the principle reasons for the failure of C programs. Such failures do notalways manifest as program crashes but also as incorrect outputs. Well-testedprograms do run error free in most cases, but studies have shown thateven such programs can crash when presented with unexpected data. Out of boundsarray and pointer accesses are an important subclass of memory-related errors.Despite many years of research in bounds-checking, current solutions aremostly deployed as debugging and testing aids. This is because the currenttechniques for bounds protection are either too performance intensive to be usedin production software or are unable to process all valid C programs. Hence, in this thesis, we present a backwards compatible lightweight boundschecking technique that aims to provide practical protection to Cprograms that can be deployed in production software. Our technique involvesflanking memory objects with guard zones. We generate instrumentation tocheck that memory references do not access these guard zones. We are ableto avoid some of the compatibility problems associated with previousbounds-checking techniques by avoiding pointer arithmetic checks, andinstead relying on checks on the values of dereferenced pointers.To obtain good performance, we partition these runtimechecks into two parts. The first part is always performed, and is veryfast because it does not introduce additional memory dereferences. Themore expensive second part is triggered only if the first check succeeds,which is relatively rare. We present an efficient implementation of ourtechnique. Our results show that the technique has a relatively low overheadin CPU intensive benchmarks. Furthermore, by instrumenting real worldapplications, we prove the practical utility of our approach.

Download

Share

COinS
 
 

To view the content in your browser, please download Adobe Reader or, alternately,
you may Download the file to your hard drive.

NOTE: The latest versions of Adobe Reader do not support viewing PDF files within Firefox on Mac OS and if you are using a modern (Intel) Mac, there is no official plugin for viewing PDF files within the browser window.