TY - GEN
T1 - Runtime verification of c memory safety
AU - Roşu, Grigore
AU - Schulte, Wolfram
AU - Şerbǎnuţǎ, Traian Florin
PY - 2009
Y1 - 2009
N2 - C is the most widely used imperative system's implementation language. While C provides types and high-level abstractions, its design goal has been to provide highest performance which often requires low-level access to memory. As a consequence C supports arbitrary pointer arithmetic, casting, and explicit allocation and deallocation. These operations are difficult to use, resulting in programs that often have software bugs like buffer overflows and dangling pointers that cause security vulnerabilities. We say a C program is memory safe, if at runtime it never goes wrong with such a memory access error. Based on standards for writing "good" C code, this paper proposes strong memory safety as the least restrictive formal definition of memory safety amenable for runtime verification. We show that although verification of memory safety is in general undecidable, even when restricted to closed, terminating programs, runtime verification of strong memory safety is a decision procedure for this class of programs. We verify strong memory safety of a program by executing the program using a symbolic, deterministic definition of the dynamic semantics. A prototype implementation of these ideas shows the feasibility of this approach.
AB - C is the most widely used imperative system's implementation language. While C provides types and high-level abstractions, its design goal has been to provide highest performance which often requires low-level access to memory. As a consequence C supports arbitrary pointer arithmetic, casting, and explicit allocation and deallocation. These operations are difficult to use, resulting in programs that often have software bugs like buffer overflows and dangling pointers that cause security vulnerabilities. We say a C program is memory safe, if at runtime it never goes wrong with such a memory access error. Based on standards for writing "good" C code, this paper proposes strong memory safety as the least restrictive formal definition of memory safety amenable for runtime verification. We show that although verification of memory safety is in general undecidable, even when restricted to closed, terminating programs, runtime verification of strong memory safety is a decision procedure for this class of programs. We verify strong memory safety of a program by executing the program using a symbolic, deterministic definition of the dynamic semantics. A prototype implementation of these ideas shows the feasibility of this approach.
UR - http://www.scopus.com/inward/record.url?scp=70549106656&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=70549106656&partnerID=8YFLogxK
U2 - 10.1007/978-3-642-04694-0_10
DO - 10.1007/978-3-642-04694-0_10
M3 - Conference contribution
AN - SCOPUS:70549106656
SN - 3642046932
SN - 9783642046933
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 132
EP - 151
BT - Runtime Verification - 9th International Workshop, RV 2009, Selected Papers
T2 - 9th International Workshop on Runtime Verification, RV 2009
Y2 - 26 June 2009 through 28 June 2009
ER -