计算机科学

计算机科学 ›› 2024, Vol. 51 ›› Issue (6A): 230900115-6.doi: 10.11896/jsjkx.230900115

• 计算机软件&体系架构 • 上一篇    下一篇

多线程C程序内存安全性动态分析方法

严瑞1, 陈哲1,2   

  1. 1 南京航空航天大学计算机科学与技术学院 南京 211106
    2 软件新技术与产业化协同创新中心 南京 210023
  • 发布日期:2024-06-06
  • 通讯作者: 陈哲(zhechen@nuaa.edu.cn)
  • 作者简介:(yanruissy@nuaa.edu.cn)
  • 基金资助:
    国家自然科学基金(62172217);国家自然科学基金委员会-中国民航局民航联合研究基金(U1533130);CCF-华为胡杨林基金形式化专项资助

Dynamic Analysis Method for Memory Safety of Multithreaded C Programs

YAN Rui1, CHEN Zhe1,2   

  1. 1 College of Computer Science and Technology,Nanjing University of Aeronautics and Astronautics,Nanjing 211106,China
    2 Collaborative Innovation Center of Novel Software Technology and Industrialization,Nanjing 211106,China
  • Published:2024-06-06
  • About author:YAN Rui,born in 1998,postgraduate.His main research interest is software verification.
    CHEN Zhe,born in 1981,Ph.D,asso-ciate professor.His main research in-terest is software verification.
  • Supported by:
    National Natural Science Foundation of China(62172217),National Natural Science Foundation of China-Civil Aviation Administration of China Joint Research Fund for Civil Aviation(U1533130) and CCF Huawei Populus euphratica Forest Fund formalspecial support.

PDF (PC)

292

摘要: 随着软件结构越来越复杂以及其要求更高级别的并发量,出现了越来越多的多线程程序,同时C语言程序缺乏检测其内存安全的能力,进而导致C语言实现的程序可能会存在较多的隐藏漏洞,因此对多线程C程序的内存安全检测尤为的重要。较为前沿且可靠的检测内存安全的技术主要为动态分析技术,且现在对于多线程C程序内存安全检测的工具不是特别完善,错误检测不完全,性能不是很高。因此提出了基于指针的动态分析技术,同时结合无锁技术、源代码插桩技术实现了工具Movec来对多线程C程序的内存安全性进行检测,并且选取专业测试集来进行实验,验证了本工具对于多线程C程序检测内存安全是有效的,检测的错误更多且性能较为优秀。

关键词: 多线程, 内存安全, 动态分析, 源代码插桩

Abstract: As software results become increasingly complex and require higher levels of concurrency,more and more multithrea-ded programs are emerging.At the same time,C language programs lack the ability to detect memory security,which may lead to more hidden vulnerabilities in C language implemented programs.Therefore,memory security detection for C language multithreaded programs is particularly important.At present,the most cutting-edge and reliable technology for detecting memory security is dynamic analysis technology,and the tools for detecting memory safety in C language multithreaded programs are not particularly perfect.Therefore,this paper proposes a pointer based dynamic analysis technology,and combines lockless technology and source code instrumentation technology to implement the tool Movec to detect the memory security of C language multi-threaded programs.And by selecting a professional test set for experiments,it is verified that this tool is effective in detecting memory security in C language multithreaded programs and has excellent performance.

Key words: Multithreading, Memory safety, Dynamic analysis, Source code instrumentation

中图分类号: 

  • TP311
[1]CHEN Z,TAO C Q,ZHANG Z Y,et al.Beyond spatial and temporal memory safety[C]//Proceedings of the 40th International Conference on Software Engineering(ICSE 2018),Companion Volume.ACM,2018:189-190.
[2]XU W,DUVARNEY D C,SEKAR R.An efficient and back-wards-compatible transformation to ensure memory safety of C programs[C]//Proceedings of the 12th ACM SIGSOFT Twelfth International Symposium on Foundations of Software Engineering.2004:117-126.
[3]NETHERCOTE N,SEWARD J.How to shadow every byte of memory used by a program[C]//Proceedings of the 3rd International Conference on Virtual Execution Environments(VEE 2007).ACM,2007:65-74.
[4]NAGARAKATTE S,ZHAO J Z,MARTIN M M K,et al.SoftBound:highly compatible and complete spatial memory safety for C[C]//Proceedings of the 2009 ACM SIGPLAN Conference on Programming Language Design and Implementation(PLDI 2009).ACM,2009:245-258.
[5]SIMPSON M S,BARUA R K.MemSafe:ensuring the spatial and temporal memory safety of C at runtime[J].Software:Practice and Experience,2013,43(1):93-128.
[6]CHEN Z,WANG C,YAN J Q,et al.Runtime Detection ofMemory Errors with Smart Status[C]//Proceedings of the 30th ACM SIGSOFT International Symposium on Software Testing and Analysis(ISSTA 2021).Virtual,Denmark,ACM,2021:296-308.
[7]CHEN Z,YAN J Q,KAN S L,et al.Detecting Memory Errorsat Runtime with Source-Level Instrumentation[C]//Procee-dings of the 28th ACM SIGSOFT International Symposium on Software Testing and Analysis(ISSTA 2019).Beijing,China,ACM,2019:341-351.
[8]CHEN Z,YAN J Q,LI W M,et al.Runtime verification ofmemory safety via source transformation[C]//Proceedings of the 40th International Conference on Software Engineering(ICSE 2018),Companion Volume.ACM,2018:264-265.
[9]MA R,CHEN L,HU C,et al.A dynamic detection method to C/C++ programs memory vulnerabilities based on pointer analysis[C]//2013 IEEE 11th International Conference on Dependable,Autonomic and Secure Computing.IEEE,2013:52-57.
[10]SEREBRYANY K,BRUENING D,POTAPENKO A,et al.AddressSanitizer:A fast address sanity checker[C]//2012 {USENIX} Annual Technical Conference({USENIX}ATC} 12).2012:309-318.
[11]NETHERCOTE N,SEWARD J.Valgrind:A program supervi-sion framework[J].Electronic Notes in theoretical Computer Science,2003,89(2):44-66.
[12]NETHERCOTE N,SEWARD J.Valgrind:a framework forheavyweight dynamic binary instrumentation[C]//Proceedings of the ACM SIGPLAN 2007 Conference on Programming Language Design and Implementation(PLDI 2007).ACM,2007:89-100.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
地址:重庆市渝北区洪湖西路18号    邮编:401121  
电话:023-63500828(编辑部) 023-67039612(会议/专题) 023-67039623(财务/发票)
E-mail:jsjkx12@163.com
本系统由北京玛格泰克科技发展有限公司设计开发