13,710 research outputs found
Automated verification of shape, size and bag properties.
In recent years, separation logic has emerged as a contender for formal reasoning of heap-manipulating imperative programs. Recent works have focused on specialised provers that are mostly based on fixed sets of predicates. To improve expressivity, we have proposed a prover that can automatically handle user-defined predicates. These shape predicates allow programmers to describe a wide range of data structures with their associated size properties. In the current work, we shall enhance this prover by providing support for a new type of constraints, namely bag (multi-set) constraints. With this extension, we can capture the reachable nodes (or values) inside a heap predicate as a bag constraint. Consequently, we are able to prove properties about the actual values stored inside a data structure
EffectiveSan: Type and Memory Error Detection using Dynamically Typed C/C++
Low-level programming languages with weak/static type systems, such as C and
C++, are vulnerable to errors relating to the misuse of memory at runtime, such
as (sub-)object bounds overflows, (re)use-after-free, and type confusion. Such
errors account for many security and other undefined behavior bugs for programs
written in these languages. In this paper, we introduce the notion of
dynamically typed C/C++, which aims to detect such errors by dynamically
checking the "effective type" of each object before use at runtime. We also
present an implementation of dynamically typed C/C++ in the form of the
Effective Type Sanitizer (EffectiveSan). EffectiveSan enforces type and memory
safety using a combination of low-fat pointers, type meta data and type/bounds
check instrumentation. We evaluate EffectiveSan against the SPEC2006 benchmark
suite and the Firefox web browser, and detect several new type and memory
errors. We also show that EffectiveSan achieves high compatibility and
reasonable overheads for the given error coverage. Finally, we highlight that
EffectiveSan is one of only a few tools that can detect sub-object bounds
errors, and uses a novel approach (dynamic type checking) to do so.Comment: To appear in the Proceedings of 39th ACM SIGPLAN Conference on
Programming Language Design and Implementation (PLDI2018
Creating a Distributed Programming System Using the DSS: A Case Study of OzDSS
This technical report describes the integration of the Distribution Subsystem (DSS) to the programming system Mozart. The result, OzDSS, is described in detail. Essential when coupling a programming system to the DSS is how the internal model of threads and language entities are mapped to the abstract entities of the DSS. The model of threads and language entities of Mozart is described at a detailed level to explain the design choices made when developing the code that couples the DSS to Mozart. To show the challenges associated with different thread implementations, the C++DSS system is introduced. C++DSS is a C++ library which uses the DSS to implement different types of distributed language entities in the form of C++ classes. Mozart emulates threads, thus there is no risk of multiple threads accessing the DSS simultaneously. C++DSS, on the other hand, makes use of POSIX threads, thus simultaneous access to the DSS from multiple POSIX threads can happen. The fundamental differences in how threads are treated in a system that emulates threads (Mozart) to a system that make use of native-threads~(C++DSS) is discussed. The paper is concluded by a performance comparison between the OzDSS system and other distributed programming systems. We see that the OzDSS system outperforms ``industry grade'' Java-RMI and Java-CORBA implementations
HardScope: Thwarting DOP with Hardware-assisted Run-time Scope Enforcement
Widespread use of memory unsafe programming languages (e.g., C and C++)
leaves many systems vulnerable to memory corruption attacks. A variety of
defenses have been proposed to mitigate attacks that exploit memory errors to
hijack the control flow of the code at run-time, e.g., (fine-grained)
randomization or Control Flow Integrity. However, recent work on data-oriented
programming (DOP) demonstrated highly expressive (Turing-complete) attacks,
even in the presence of these state-of-the-art defenses. Although multiple
real-world DOP attacks have been demonstrated, no efficient defenses are yet
available. We propose run-time scope enforcement (RSE), a novel approach
designed to efficiently mitigate all currently known DOP attacks by enforcing
compile-time memory safety constraints (e.g., variable visibility rules) at
run-time. We present HardScope, a proof-of-concept implementation of
hardware-assisted RSE for the new RISC-V open instruction set architecture. We
discuss our systematic empirical evaluation of HardScope which demonstrates
that it can mitigate all currently known DOP attacks, and has a real-world
performance overhead of 3.2% in embedded benchmarks
- …