Computer Science

Computer Science ›› 2025, Vol. 52 ›› Issue (11A): 241100060-8.doi: 10.11896/jsjkx.241100060

• Information Security • Previous Articles     Next Articles

Lightweight Memory Safety Runtime Detection Method Combined with Static Analysis

MAO Ruiqi1, CHEN Zhe1,2   

  1. 1 College of Computer Science and Technology,Nanjing University of Aeronautics and Astronautics,Nanjing 211106,China
    2 Collaborative Innovation Center of Novel Software Technology and Industrialization,Nanjing 211106,China
  • Online:2025-11-15 Published:2025-11-10
  • Supported by:
    National Natural Science Foundation of China(62172277)and Joint Research Funds of National Natural Science Foundation of China and Civil Aviation Administration of China(U1533130).

PDF (PC)

13

Abstract: Memory safety issues,such as buffer overflow,have long troubled C language developers.Runtime detection is a reliable solution to C language memory safety problems,but it introduces significant runtime overhead.Existing methods to reduce runtime overhead for memory safety detection may be incompatible with existing code,depend on manual annotations,introduce false negatives and positives,or fail to ensure timing consistency between illegal memory access and error reporting.This paper proposes a lightweight runtime detection method for stack memory regions,which combines static analysis to replace certain runtime metadata lookups with compile-time metadata checks,and replaces most high-overhead detection function calls with inline Boolean condition checks.The method also uses on-demand interprocedural alias analysis to extend detection to interprocedural and whole-program analysis.A prototype tool,LISA(Lightweight Inline Safety Assertion),was implemented with static analysis and detection code instrumentation based on the C language abstract syntax tree.Experiments show that LISA reduces runtime detection overhead by an average of 36%,with only about 0.5% additional space overhead.Furthermore,LISA addresses compatibility with existing code,enhances runtime detection effectiveness,and ensures real-time memory safety,overcoming limitations of previous methods.

Key words: Memory safety, Runtime verification, Static analysis, Source level instrumentation, Alias analysis

CLC Number: 

  • TP309
[1]YE D,SU Y,SUI Y,et al.WPBOUND:Enforcing Spatial Memo-ry Safety Efficiently at Runtime with Weakest Preconditions[C]//IEEE 25th International Symposium on Software Reliabi-lity Engineering.2014:88-99.
[2]CHEN Z,WANG C,YAN J,et al.Runtime Detection of Memory Errors with Smart Status[C]//30th ACM SIGSOFT International Symposium on Software Testing and Analysis.2021:296-308.
[3]SANTOSH N,JIANZHOU Z,MILO M,et al.SoftBound:highly compatible and complete spatial memory safety for C[C]//Proceedings of the 2009 ACM SIGPLAN Conference on Programming Language Design and Implementation.2009:245-258.
[4]KONSTANTIN S,DEREK B,ALEXANDER P,et al.AddressSanitizer:A Fast Address Sanity Checker[C]//2012 USENIX Annual Technical Conference.2012:309-318.
[5]NICHOLAS N,JULIAN S.Valgrind:a framework for heavy-weight dynamic binary instrumentation[C]//Proceedings of the ACM SIGPLAN 2007 Conference on Programming Language Design and Implementation.2007:89-100.
[6]GEORGE C,JEREMY C,MATTHEW H,et al.CCured:type-safe retrofitting of legacy software[J].ACM Transactions on Programming Languages and Systems,2005,27(3):477-526.
[7]ARCHIBALD S,ANDREW R,MICHAEL H,et al.Checked C:Making C Safe by Extension[C]//2018 IEEE Cybersecurity Development.2018:53-60.
[8]JONAS W,VOLODYMYR K,GEORGEC,et al.High system-code security with low overhead[C]//IEEE Symposium on Security and Privacy.2015:866-879.
[9]ZHANG J,WANG S,MANUEL R,et al.SANRAZOR:Reducing Redundant Sanitizer Checks in C/C++ Programs[C]//15th USENIX Symposium on Operating Systems Design and Implementation.2021:479-494.
[10]ZHANG Y,LIU T,SUN Z,et al.Catamaran:Low-overheadmemory safety enforcement via parallel acceleration[C]//Proceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis.2023:816-828.
[11]CHEN Z,WANG C,KAN S L,et al.Detecting Memory Errors at Runtime with Source-Level Instrumentation[C]//Procee-dings of the 28th ACM SIGSOFT International Symposium on Software Testing and Analysis.2019:341-351.
[12]CHEN Z,WU J,ZHANG Q,et al.A Dynamic Analysis Tool for Memory Safety Based on Smart Status and Source-Level Instrumentation[C]//Proceedings of the 44th ACM/IEEE International Conference on Software Engineering.2022:22-24.
[13]CHEN Z,ZHANG Q,WU J,et al.A Source-Level Instrumentation Framework for the Dynamic Analysis of Memory Safety[J].IEEE Transactions on Software Engineering,2023,49(4):2107-2127.
[14]CHEN Z,YAN R,MA Y Z,et al.A Smart Status Based Monitoring Algorithm for the Dynamic Analysis of Memory Safety[J].ACM Transactions on Software Engineering and Methodo-logy,2024,33(4):1-17.
[15]MATTHEW G,JEFFREY S,DAN E,et al.MiBench:A free,commercially representative embedded benchmark suite[C]//Proceedings of the IEEE 4th Annual Workshop on Workload Characterization.2001:3-14.
[16]Facebook infer[EB/OL].https://fbinfer.com/.
[17]Clang static analyzer[EB/OL].https://clang-analyzer.llvm.org/
[18]SUI Y,YE D,XUE J.Static memory leak detection using full-sparse value-flow analysis[C]//Proceedings of the 2012 International Symposium on Software Testing and Analysis.2012:254-264.
[19]International Organization for Standardization,ISO/IEC 9899:1999:Programming Languages-C[S].ISO,1999.
[1] CHEN Wangxu, WEN Hao, NI Yang. Application of Requirements Traceability in Code Static Analysis [J]. Computer Science, 2025, 52(6A): 241000024-5.
[2] HU Mengze, MA Xutong, ZHANG Hao, ZHANG Jian. Flow-sensitive Coding Style Checking for C/C++ Programs [J]. Computer Science, 2025, 52(6): 35-43.
[3] YIN Jiale, CHEN Zhe. Dynamic Analysis Based Fuzz Testing for Memory Safety Vulnerabilities [J]. Computer Science, 2025, 52(11): 382-389.
[4] YAN Rui, CHEN Zhe. Dynamic Analysis Method for Memory Safety of Multithreaded C Programs [J]. Computer Science, 2024, 51(6A): 230900115-6.
[5] JIA Fan, YIN Xiaokang, GAI Xianzhe, CAI Ruijie, LIU Shengli. Function-call Instruction Characteristic Analysis Based Instruction Set Architecture Recognization Method for Firmwares [J]. Computer Science, 2024, 51(6): 423-433.
[6] MA Yingzi, CHEN Zhe, YIN Jiale, MAO Ruiqi. Memory Security Vulnerability Detection Combining Fuzzy Testing and Dynamic Analysis [J]. Computer Science, 2024, 51(2): 352-358.
[7] FU Jianming, JIANG Yuqian, HE Jia, ZHENG Rui, SURI Guga, PENG Guojun. Cryptocurrency Mining Malware Detection Method Based on Sample Embedding [J]. Computer Science, 2024, 51(1): 327-334.
[8] LIU Xinwei, TAO Chuanqi. Method of Java Redundant Code Detection Based on Static Analysis and Knowledge Graph [J]. Computer Science, 2023, 50(3): 65-71.
[9] DING Xuhui, ZHANG Linlin, ZHAO Kai, WANG Xusheng. Android Application Privacy Disclosure Detection Method Based on Static and Dynamic Combination [J]. Computer Science, 2023, 50(10): 327-335.
[10] ZHANG Guang-hua, GAO Tian-jiao, CHEN Zhen-guo, YU Nai-wen. Study on Malware Classification Based on N-Gram Static Analysis Technology [J]. Computer Science, 2022, 49(8): 336-343.
[11] ZHAO Jing-wen, FU Yan, WU Yan-xia, CHEN Jun-wen, FENG Yun, DONG Ji-bin, LIU Jia-qi. Survey on Multithreaded Data Race Detection Techniques [J]. Computer Science, 2022, 49(6): 89-98.
[12] LI Ming-lei, HUANG Hui, LU Yu-liang, ZHU Kai-long. SymFuzz:Vulnerability Detection Technology Under Complex Path Conditions [J]. Computer Science, 2021, 48(5): 25-31.
[13] CHEN Chen, ZHOU Yu, WANG Yong-chao, HUANG Zhi-qiu. Context-aware Based API Personalized Recommendation [J]. Computer Science, 2021, 48(12): 100-106.
[14] SUN Xiao-xiang, CHEN Zhe. Study on Correctness of Memory Security Dynamic Detection Algorithm Based on Theorem Proving [J]. Computer Science, 2021, 48(1): 268-272.
[15] XIE Nian-nian, ZENG Fan-ping, ZHOU Ming-song, QIN Xiao-xia, LV Cheng-cheng, CHEN Zhao. Android Malware Detection with Multi-dimensional Sensitive Features [J]. Computer Science, 2019, 46(2): 95-101.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
Add:18# Honghu West Rd., Yubei ,Chongqing,China    Post Code: 401121
Tel: 023-63500828/023-67039612/023-67039623
E-mail: jsjkx12@163.com
Powered by Beijing Magtech Co., Ltd.