Check bounds overflow bugs in C programs based on LLVM
2010-04-06 09:01
381 查看
Abstract
Bounds overflow is one of the most frequently encountered errors in C programs. For example, performing pointer arithmetic without checking bounds can cause bounds overflow. These errors can sometimes be latent for a long time, being discovered only after the program is already in production. I think bounds overflow bugs are the sources of security vulnerabilities in programs, and thus particularly serious.
Benefits to LLVM and LLVMers
Everyone who wants to do some research on checking out-of-bounds errors can benefit from my project. They can add their own new pass to increase the analysis accuracy, or use some of my passes to do a variety of their own jobs. I want to write some passes which can be used to check programs with more than 100,000 lines of source code, and so far as I know, LLVM haven’t implement the goal. I will propose an aggregation of exiting ideas, but I will make some improvement to increase the precision. After the project completed, LLVM will have the ability to check bounds overflow bugs in C programs.
Deliverables
In my project, I will write several passes to support the implementation of bound-checking, and one pass to implement the ultimate task of bound-checking. To elaborate on my results, I will present enough graphs or tables to show the compassion between my method and others.
Project Details
Many tools, such as ASTREE, Archer, SAFEcode, Calysto, KLEE, and Clang, can detect bounds overflows, but some are commercial, some are slow because of a very thorough check, and other can’t detect dereferences if allocations and dereferences are in different functions. I mean to a fast open-source method, which is easy to be integrated into the compilation process, to look for bounds overflow bugs. My main goal: verification speed should be fast, and making trade-off between speed and accuracy. Edvin Torok have proposed an intra-procedural analysis method to check bounds overflow bugs in his master thesis, involved in slicing and inline, but he haven’t done an inter-procedural analysis. I think summary function / (partial) transition function can help me do more accurate analysis based on his work..
Perhaps with the help of summary function / (partial) transition function, verification speed will be obviously slower than that without it. If so, I want do integrate a more effective slicing method to increase the accuracy of the verification. When Facing some unforeseen difficulties or setbacks, I will discuss with my mentor, or my learning partner, because they maybe lighten me. In the worst cases, I can’t implement an effective way to check bounds overflows with inter-procedural analysis, but I can also implement some LLVM passes, which are useful for other analysis based on LLVM or other compilers, to check bounds overflow bugs with partial inter-procedural analysis with the help of inline and slicing.
Bounds overflow is one of the most frequently encountered errors in C programs. For example, performing pointer arithmetic without checking bounds can cause bounds overflow. These errors can sometimes be latent for a long time, being discovered only after the program is already in production. I think bounds overflow bugs are the sources of security vulnerabilities in programs, and thus particularly serious.
Benefits to LLVM and LLVMers
Everyone who wants to do some research on checking out-of-bounds errors can benefit from my project. They can add their own new pass to increase the analysis accuracy, or use some of my passes to do a variety of their own jobs. I want to write some passes which can be used to check programs with more than 100,000 lines of source code, and so far as I know, LLVM haven’t implement the goal. I will propose an aggregation of exiting ideas, but I will make some improvement to increase the precision. After the project completed, LLVM will have the ability to check bounds overflow bugs in C programs.
Deliverables
In my project, I will write several passes to support the implementation of bound-checking, and one pass to implement the ultimate task of bound-checking. To elaborate on my results, I will present enough graphs or tables to show the compassion between my method and others.
Project Details
Many tools, such as ASTREE, Archer, SAFEcode, Calysto, KLEE, and Clang, can detect bounds overflows, but some are commercial, some are slow because of a very thorough check, and other can’t detect dereferences if allocations and dereferences are in different functions. I mean to a fast open-source method, which is easy to be integrated into the compilation process, to look for bounds overflow bugs. My main goal: verification speed should be fast, and making trade-off between speed and accuracy. Edvin Torok have proposed an intra-procedural analysis method to check bounds overflow bugs in his master thesis, involved in slicing and inline, but he haven’t done an inter-procedural analysis. I think summary function / (partial) transition function can help me do more accurate analysis based on his work..
Perhaps with the help of summary function / (partial) transition function, verification speed will be obviously slower than that without it. If so, I want do integrate a more effective slicing method to increase the accuracy of the verification. When Facing some unforeseen difficulties or setbacks, I will discuss with my mentor, or my learning partner, because they maybe lighten me. In the worst cases, I can’t implement an effective way to check bounds overflows with inter-procedural analysis, but I can also implement some LLVM passes, which are useful for other analysis based on LLVM or other compilers, to check bounds overflow bugs with partial inter-procedural analysis with the help of inline and slicing.
相关文章推荐
- Get XML tree format based on the tree data in SQL server table
- How to easily concatenate text based on criteria in Excel? 如何将Excel中的文本按条件合并
- How to set the DefaultButton in a Page Based on ASP.NET Master Page
- Common Memory-Related Bugs in C Programs
- 【跟着stackoverflow学Pandas】Select rows from a DataFrame based on values in a column -pandas 筛选
- How To Compile OpenCV based programs in Linux
- Stack-based buffer overflow in acdb audio driver (CVE-2013-2597)
- The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path
- Create Data Block Based On From Clause Query In Oracle Forms
- 【每周一文】Clustering Users in Twitter Based on Interests(2012)
- [orginal]checkBox based on web(thinking in & implementation)
- TinyOS论文03:Bugs or Anomalies? Sequence Mining based Debugging in Wireless Sensor Networks
- 设置页面的默认焦点控件和默认接受事件控件How Do I Set the DefaultFocus or DefaultButton in a Page Based on a Master Page in ASP.NET 2.0
- update records in one table based on values in another table
- 良精南方cms /inc/Check_Sql.asp SQL Injection Based On Cookie
- 奇葩问题:This file could not be checked in because the original version of the file on the server was moved or deleted. A new version of this file has been saved to the server, but your check-in comments were not saved
- shape into blocks--source code in python based on pySpark
- The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java
- The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java
- Filtering F4 Help Values in Table Control, Based On Other Field Value