1 / 13

Introduction to SAFECode

Introduction to SAFECode. SAFECODE is a memory safety checking compiler Features static and runtime checks that try to verify that code is memory-safe Part of the SVA infrastructure http:// sva.cs.illinois.edu/ Uses LLVM compiler technology http://llvm.org Provides the basis for our work.

tolla
Télécharger la présentation

Introduction to SAFECode

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Introduction to SAFECode • SAFECODE is a memory safety checking compiler • Features static and runtime checks that try to verify that code is memory-safe • Part of the SVA infrastructure • http://sva.cs.illinois.edu/ • Uses LLVM compiler technology • http://llvm.org • Provides the basis for our work SAFECode Project by Shaosu Liu

  2. SAFECode Safety Guarantees SAFECode Project by Shaosu Liu

  3. Our Work Extending SAFECode • Previously SAFECode required the full source code of a program for maximum functionality • This was a problem with external libraries, because many security issues occur in C library code that may not be available. • We extended and built a set of compiler passes in SAFECode to detect C library function calls and insert runtime checks to guarantee memory safety. • Primary focus on string functions SAFECode Project by Shaosu Liu

  4. Our SAFECode Runtime Functions • We transform original C library functions into their SAFECode version, which prevent unsafe memory operations. • This is done by looking up information about memory objects in splay trees. Use these information we can detect whether an operation is unsafe. • SAFECode uses Data Structure Analysis to organize memory objects into pools (splay trees). This allows efficient lookups of objects. • This library is easily extendable. SAFECode Project by Shaosu Liu

  5. SAFECode Features: Object Registration Run-time checks on Indexing operations Obj1 = malloc(size1); reg_obj(Pool1, Obj1,size1); Dest = &Obj1[index]; bounds = get_bounds(Pool1, Obj1); check_bounds(Obj1, Dest, bounds); Obj2 = malloc(size2); reg_obj(Pool2, Obj2, size2); Obj3 = malloc(size1); reg_obj(Pool1, Obj3, size1); Register Bounds On Allocations SAFECode Project by Shaosu Liu

  6. SAFECode Features: Efficient Object Lookups • Partition objects into pools based on aliasing (using Data Structure Analysis) • Object allocations are recorded per pool • Run-time checks only check objects in a single pool Pointers Memory Obj1 Obj2 Pools Pool1 Pool2 Obj3 SAFECode Project by Shaosu Liu

  7. How Our Transforms Work: Compile Time C Code is translated into LLVM IR. #include <string.h> int main() { char buf[1]; strcpy(buf, "Overflow"); return 0; } declare i8* @strcpy(i8*, i8*) @.str = private constant [9x i8] c"Overflow\00" define i32 @main() { entry: %buf = alloca [1 x i8], align 1 %bufptr = getelementptr [1 x i8]* %buf, i32 0, i32 0 %strptr= getelementptr[9 x i8]* @.str, i32 0, i32 0 %result = call i8* @strcpy(i8* %bufptr, i8* %strptr) ret i32 0 } SAFECode Project by Shaosu Liu

  8. Our SAFECode passes detect calls to C library functions in the IR code, replacing them with our runtime checks. SAFECode fills in information about where the object is located at runtime. ... %result = call i8* @strcpy(i8* %bufptr, i8* %strptr) ... strcpy is transformed into its pool_ version ... %result = call i8* @pool_strcpy( i8* bitcast (%PoolDescriptor* @PoolForMain to i8*), i8* bitcast (%PoolDescriptor* @GlobalPool to i8*), i8* %bufptr, i8* %strptr, i8 3) ... SAFECode Project by Shaosu Liu

  9. How our Transforms Work: Runtime When the function is called, our runtime checks look up a memory object’s boundaries from its pool and determine if string operations can proceed safely. This operation is not safe, target memory object is not big enough strcpy SAFECode Project by Shaosu Liu

  10. When an error is detected, it is reported during the execution of the program. $ ./a.out Cannot copy more bytes than the size of the destination! =======+++++++ SAFECODE RUNTIME ALERT +++++++======= = Error type : Writing Out of Bounds Error = Source size (in bytes) : 9 = Destination size (in bytes) : 1 SAFECode Project by Shaosu Liu

  11. Current Status of Project • Checks exist for almost all of string.h • Checks run on all platforms SAFECode supports: Linux, Mac OS X • Checks successfully detect the following issues: • Out of bounds write • Out of bounds read • Undefined behavior • NULL pointers • Unterminated strings • Overlapping objects SAFECode Project by Shaosu Liu

  12. Future Work • Extend checks to other C library functions • printffamily: printf, scanf, fprintf, … • system calls • Find ways to make checks more efficient SAFECode Project by Shaosu Liu

  13. Special thanks to the SVA research group: - John Criswell for his guidance - Matthew Wala, my research partner - ArushiAggarwal. She helped us a lot making these slides. SAFECode Project by Shaosu Liu

More Related