Browse > Article
http://dx.doi.org/10.13089/JKIISC.2014.24.1.215

Detection of invalidated sanity checks caused by undefined behaviors  

Lee, JongHyup (Korea National University of Transportation)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.24, no.1, 2014 , pp. 215-219 More about this Journal
Abstract
C programming language has undefined behaviors, which cause unintended execution of a program. When a programmer adds sanity checks without caring about undefined behaviors, compilers may misunderstand and invalidate the sanity checks. Thus, we propose an automated system to detect invalidated sanity checks by marking sanity checks in source code and checking the marks in binary code.
Keywords
Software Security; Undefined behavior;
Citations & Related Records
연도 인용수 순위
  • Reference
1 C. Lattner. "What every C programmer should know about undefined behavior," http://blog.llvm.org/2011/05/what-every-c-programmer-should-know.html, May 2011.
2 X. Wang, N. Zeldovich, M. F. Kaashoek, and A. Solar-Lezama, "Towards optimization-safe systems: analyzing the impact of undefined behavior," Proceedings of the 24th ACM Symposium on Operating Systems Principles (SOSP), pp. 260-275, Nov. 2013
3 X. Wang, H. Chen, A. Cheung, Z. Jia, N. Zeldovich, and M. F. Kaashoek, "Undefined behavior: what happened to my code?" Proceedings of the 3rd ACM SIGOPS Asia-Pacific conference on Systems, Jul. 2012
4 GCC Bug 30475, "assert(int+100 > int) optimized away," Jan. 2007.
5 Linux Bug 14287, "ext4: fixpoint divide exception at ext4_fill_super," Oct. 2009.
6 "C compilers may silently discard some wraparound checks," Vulnerability Note VU#162289, US-CERT, Apr. 2008.
7 G. Necula, S. McPeak, and S. Rahul, "CIL: Intermediate language and tools for analysis and transformation of C programs," Compiler Construction, pp. 213-218, Jan. 2002.