Computer Science

Computer Science ›› 2024, Vol. 51 ›› Issue (6A): 230900115-6.doi: 10.11896/jsjkx.230900115

• Computer Software & Architecture • Previous Articles     Next Articles

Dynamic Analysis Method for Memory Safety of Multithreaded C Programs

YAN Rui1, CHEN Zhe1,2   

  1. 1 College of Computer Science and Technology,Nanjing University of Aeronautics and Astronautics,Nanjing 211106,China
    2 Collaborative Innovation Center of Novel Software Technology and Industrialization,Nanjing 211106,China
  • Published:2024-06-06
  • About author:YAN Rui,born in 1998,postgraduate.His main research interest is software verification.
    CHEN Zhe,born in 1981,Ph.D,asso-ciate professor.His main research in-terest is software verification.
  • Supported by:
    National Natural Science Foundation of China(62172217),National Natural Science Foundation of China-Civil Aviation Administration of China Joint Research Fund for Civil Aviation(U1533130) and CCF Huawei Populus euphratica Forest Fund formalspecial support.

PDF (PC)

287

Abstract: As software results become increasingly complex and require higher levels of concurrency,more and more multithrea-ded programs are emerging.At the same time,C language programs lack the ability to detect memory security,which may lead to more hidden vulnerabilities in C language implemented programs.Therefore,memory security detection for C language multithreaded programs is particularly important.At present,the most cutting-edge and reliable technology for detecting memory security is dynamic analysis technology,and the tools for detecting memory safety in C language multithreaded programs are not particularly perfect.Therefore,this paper proposes a pointer based dynamic analysis technology,and combines lockless technology and source code instrumentation technology to implement the tool Movec to detect the memory security of C language multi-threaded programs.And by selecting a professional test set for experiments,it is verified that this tool is effective in detecting memory security in C language multithreaded programs and has excellent performance.

Key words: Multithreading, Memory safety, Dynamic analysis, Source code instrumentation

CLC Number: 

  • TP311
[1]CHEN Z,TAO C Q,ZHANG Z Y,et al.Beyond spatial and temporal memory safety[C]//Proceedings of the 40th International Conference on Software Engineering(ICSE 2018),Companion Volume.ACM,2018:189-190.
[2]XU W,DUVARNEY D C,SEKAR R.An efficient and back-wards-compatible transformation to ensure memory safety of C programs[C]//Proceedings of the 12th ACM SIGSOFT Twelfth International Symposium on Foundations of Software Engineering.2004:117-126.
[3]NETHERCOTE N,SEWARD J.How to shadow every byte of memory used by a program[C]//Proceedings of the 3rd International Conference on Virtual Execution Environments(VEE 2007).ACM,2007:65-74.
[4]NAGARAKATTE S,ZHAO J Z,MARTIN M M K,et al.SoftBound:highly compatible and complete spatial memory safety for C[C]//Proceedings of the 2009 ACM SIGPLAN Conference on Programming Language Design and Implementation(PLDI 2009).ACM,2009:245-258.
[5]SIMPSON M S,BARUA R K.MemSafe:ensuring the spatial and temporal memory safety of C at runtime[J].Software:Practice and Experience,2013,43(1):93-128.
[6]CHEN Z,WANG C,YAN J Q,et al.Runtime Detection ofMemory Errors with Smart Status[C]//Proceedings of the 30th ACM SIGSOFT International Symposium on Software Testing and Analysis(ISSTA 2021).Virtual,Denmark,ACM,2021:296-308.
[7]CHEN Z,YAN J Q,KAN S L,et al.Detecting Memory Errorsat Runtime with Source-Level Instrumentation[C]//Procee-dings of the 28th ACM SIGSOFT International Symposium on Software Testing and Analysis(ISSTA 2019).Beijing,China,ACM,2019:341-351.
[8]CHEN Z,YAN J Q,LI W M,et al.Runtime verification ofmemory safety via source transformation[C]//Proceedings of the 40th International Conference on Software Engineering(ICSE 2018),Companion Volume.ACM,2018:264-265.
[9]MA R,CHEN L,HU C,et al.A dynamic detection method to C/C++ programs memory vulnerabilities based on pointer analysis[C]//2013 IEEE 11th International Conference on Dependable,Autonomic and Secure Computing.IEEE,2013:52-57.
[10]SEREBRYANY K,BRUENING D,POTAPENKO A,et al.AddressSanitizer:A fast address sanity checker[C]//2012 {USENIX} Annual Technical Conference({USENIX}ATC} 12).2012:309-318.
[11]NETHERCOTE N,SEWARD J.Valgrind:A program supervi-sion framework[J].Electronic Notes in theoretical Computer Science,2003,89(2):44-66.
[12]NETHERCOTE N,SEWARD J.Valgrind:a framework forheavyweight dynamic binary instrumentation[C]//Proceedings of the ACM SIGPLAN 2007 Conference on Programming Language Design and Implementation(PLDI 2007).ACM,2007:89-100.
[1] MA Yingzi, CHEN Zhe, YIN Jiale, MAO Ruiqi. Memory Security Vulnerability Detection Combining Fuzzy Testing and Dynamic Analysis [J]. Computer Science, 2024, 51(2): 352-358.
[2] DING Xuhui, ZHANG Linlin, ZHAO Kai, WANG Xusheng. Android Application Privacy Disclosure Detection Method Based on Static and Dynamic Combination [J]. Computer Science, 2023, 50(10): 327-335.
[3] ZHAO Jing-wen, FU Yan, WU Yan-xia, CHEN Jun-wen, FENG Yun, DONG Ji-bin, LIU Jia-qi. Survey on Multithreaded Data Race Detection Techniques [J]. Computer Science, 2022, 49(6): 89-98.
[4] SUN Xiao-xiang, CHEN Zhe. Study on Correctness of Memory Security Dynamic Detection Algorithm Based on Theorem Proving [J]. Computer Science, 2021, 48(1): 268-272.
[5] LV Zhao-jin, SHEN Li-wei and ZHAO Wen-yun. Scenario-oriented Location Method of Android Applications [J]. Computer Science, 2017, 44(2): 216-221.
[6] GONG Wei-gang, YOU Wei, LI Zan, SHI Wen-chang and LIANG Bin. JavaScript Counterfactual Execution Method Based on Dynamic Instrumentation [J]. Computer Science, 2017, 44(11): 22-26.
[7] NING Zhuo, HU Ting and SUN Zhi-xin. Security Survey on Android Application Based on Dynamic Analysis [J]. Computer Science, 2016, 43(Z11): 324-328.
[8] ZHANG Guo-yin, QU Jia-xing, FU Xiao-jing and HE Zhi-chang. Android Malicious Behavior Detection Method Based on Composite-event Trigged Behaviors [J]. Computer Science, 2016, 43(5): 96-99.
[9] LIU Peng, ZHAO Rong-cai and LI Peng-yuan. Dynamic Pointer Alias Analysis Framework for Vectorization [J]. Computer Science, 2015, 42(3): 26-30.
[10] . Exploring Multiple Execution Paths Based on Execution Path Driven [J]. Computer Science, 2013, 40(2): 145-147.
[11] . EDFUSE : FUSE Framework Based on Asynchronous Event-driven [J]. Computer Science, 2012, 39(Z6): 389-391.
[12] . Malware Detection Model Based on the Sandbox [J]. Computer Science, 2012, 39(Z6): 12-14.
[13] . Branch Predictor with TBHBP Based on Simultaneous Multithreaded Processors [J]. Computer Science, 2012, 39(9): 307-311.
[14] . Field-sensitive Memory Model for Memory Safety of Heap-manipulating Programs [J]. Computer Science, 2012, 39(9): 109-114.
[15] JIANG Mei-lei, DING Li-li, BAI Yong-bing, GUO Yong-kang, KONG Xiang-yuan. Research on the Technology of Middleware of Distribution Spectrum Monitoring System [J]. Computer Science, 2011, 38(Z10): 288-292.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
Add:18# Honghu West Rd., Yubei ,Chongqing,China    Post Code: 401121
Tel: 023-63500828/023-67039612/023-67039623
E-mail: jsjkx12@163.com
Powered by Beijing Magtech Co., Ltd.