Article

AddressSanitizer: a fast address sanity checker

Authors:

Konstantin Serebryany,

Derek Bruening,

Alexander Potapenko,

Dmitry VyukovAuthors Info & Claims

USENIX ATC'12: Proceedings of the 2012 USENIX conference on Annual Technical Conference

Page 28

Published: 13 June 2012 Publication History

Abstract

Memory access bugs, including buffer overflows and uses of freed heap memory, remain a serious problem for programming languages like C and C++. Many memory error detectors exist, but most of them are either slow or detect a limited set of bugs, or both.

This paper presents AddressSanitizer, a new memory error detector. Our tool finds out-of-bounds accesses to heap, stack, and global objects, as well as use-after-free bugs. It employs a specialized memory allocator and code instrumentation that is simple enough to be implemented in any compiler, binary translation system, or even in hardware.

AddressSanitizer achieves efficiency without sacrificing comprehensiveness. Its average slowdown is just 73% yet it accurately detects bugs at the point of occurrence. It has found over 300 previously unknown bugs in the Chromium browser and many bugs in other software.

References

[1]

The Chromium project. http://dev.chromium.org.

[2]

Dmalloc - Debug Malloc Library. http://www.dmalloc.com.

[3]

D.U.M.A. - Detect Unintended Memory Access. http://duma.sourceforge.net/.

[4]

The LLVM Compiler Infrastructure. http://llvm.org.

[5]

Emery D. Berger and Benjamin G. Zorn. DieHard: probabilistic memory safety for unsafe languages. In PLDI 06, pages 158-168. ACM Press, 2006.

[6]

Derek Bruening. Efficient, Transparent, and Comprehensive Run-time Code Manipulation. PhD thesis, M.I.T., September 2004.

[7]

Derek Bruening, Timothy Garnett, and Saman Amarasinghe. An infrastructure for adaptive dynamic optimization. In Proc. of the International Symposium on Code Generation and Optimization (CGO '03), pages 265-275, March 2003.

[8]

Derek Bruening and Qin Zhao. Practical memory checking with Dr. Memory. In Proc. of the International Symposium on Code Generation and Optimization (CGO '11), pages 213-223, April 2011.

[9]

Marc Brünink, Martin Süßkraut, and Christof Fetzer. Boundless memory allocations for memory safety and high availability. In Proc. of the 41st Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2011). IEEE Computer Society, June 2011.

[10]

Winnie Cheng, Qin Zhao, Bei Yu, and Scott Hiroshige. Taint-trace: Efficient flow tracing with dynamic binary rewriting. In Proc. of the 11th IEEE Symposium on Computers and Communications (ISCC '06), pages 749-754, 2006.

[11]

Frank Ch. Eigler. Mudflap: pointer use checking for C/C++. Red Hat Inc.

[12]

Niranjan Hasabnis, Ashish Misra, and R. Sekar. Light-weight bounds checking. In Proc. of the International Symposium on Code Generation and Optimization (CGO '12), pages 135-144, April 2012.

[13]

Reed Hastings and Bob Joyce. Purify: Fast detection of memory leaks and access errors. In Proc. of the Winter USENIX Conference, pages 125-136, January 1992.

[14]

IBM Research. GCC extension for protecting applications from stack-smashing attacks. http://researchweb.watson.ibm.com/ trl/projects/security/ssp/.

[15]

Intel. Intel Parallel Inspector. http://software.intel.com/ en-us/intel-parallel-inspector/.

[16]

Mac OS X Developer Library. Memory Usage Performance Guidelines: Enabling the Malloc Debugging Features. http://developer.apple.com/library/mac/ #documentation/darwin/reference/manpages/ man3/libgmalloc.3.html.

[17]

Micro Focus. BoundsChecker. http://www.microfocus.com/ products/micro-focus-developer/devpartner/ visual-c.aspx.

[18]

Microsoft Support. How to use Pageheap.exe in Windows XP, Windows 2000, and Windows Server 2003. http://support.microsoft.com/kb/286470.

[19]

George C. Necula, Scott McPeak, and Westley Weimer. CCured: Type-safe retrotting of legacy code. In Proc. of the, Principles of Programming Languages, pages 128-139, 2002.

[20]

Nicholas Nethercote and Julian Seward. How to shadow every byte of memory used by a program. In Proc. of the 3rd International Conference on Virtual Execution Environments (VEE '07), pages 65-74, June 2007.

[21]

Nicholas Nethercote and Julian Seward. Valgrind: A framework for heavyweight dynamic binary instrumentation. In Proc. of the ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI '07), pages 89-100, June 2007.

[22]

Gene Novark and Emery D. Berger. DieHarder: securing the heap. In Proc. of the 17th ACM conference on Computer and communications security, CCS '10, pages 573-584. ACM, 2010.

[23]

Oracle. Sun Memory Error Discovery Tool (Discover). http://download.oracle.com/docs/cd/E19205-01/ 821-1784/6nmoc18gq/index.html.

[24]

Parasoft. Insure++. http://www.parasoft.com/jsp/ products/insure.jsp?itemId=63.

[25]

Bruce Perens. Electric Fence. http://perens.com/FreeSoftware/ElectricFence/.

[26]

Feng Qin, Cheng Wang, Zhenmin Li, Ho-seop Kim, Yuanyuan Zhou, and Youfeng Wu. LIFT: A low-overhead practical information flow tracking system for detecting security attacks. In Proc. of the 39th International Symposium on Microarchitecture (MICRO 39), pages 135-148, 2006.

[27]

Julian Seward and Nicholas Nethercote. Using Valgrind to detect undefined value errors with bit-precision. In Proc. of the USENIX Annual Technical Conference, pages 2-2, 2005.

[28]

Standard Performance Evaluation Corporation. SPEC CPU2006 benchmark suite, 2006. http://www.spec.org/osg/cpu2006/.

[29]

Perry Wagle and Crispin Cowan. Stackguard: Simple stack smash protection for gcc. In Proc. of the GCC Developers Summit, pages 243-255, 2003.

[30]

Qin Zhao, Derek Bruening, and Saman Amarasinghe. Efficient memory shadowing for 64-bit architectures. In Proc. of the The International Symposium on Memory Management (ISMM '10), pages 93-102, Jun 2010.

[31]

Qin Zhao, Derek Bruening, and Saman Amarasinghe. Umbra: Efficient and scalable memory shadowing. In Proc. of the International Symposium on Code Generation and Optimization (CGO '10), pages 22-31, April 2010.

Cited By

Jeong DChoi YLee BShin IKwon YWitchel EArpaci-Dusseau ARossbach CKeeton K(2024)OZZ: Identifying Kernel Out-of-Order Concurrency Bugs with In-Vivo Memory Access ReorderingProceedings of the ACM SIGOPS 30th Symposium on Operating Systems Principles10.1145/3694715.3695944(229-248)Online publication date: 4-Nov-2024
https://dl.acm.org/doi/10.1145/3694715.3695944
Orthen BBraunsdorf OZieris PHorsch J(2024)SoftBound+CETS RevisitedProceedings of the 17th European Workshop on Systems Security10.1145/3642974.3652285(22-28)Online publication date: 22-Apr-2024
https://dl.acm.org/doi/10.1145/3642974.3652285
James KValakuzhy KSnow KMonrose FVilela JSchulmann HLi N(2024)CrashTalk: Automated Generation of Precise, Human Readable, Descriptions of Software Security BugsProceedings of the Fourteenth ACM Conference on Data and Application Security and Privacy10.1145/3626232.3653256(337-347)Online publication date: 19-Jun-2024
https://dl.acm.org/doi/10.1145/3626232.3653256
Show More Cited By

AddressSanitizer: a fast address sanity checker
1. Software and its engineering
  1. Software creation and management
    1. Software verification and validation
      1. Software defect analysis

Recommendations

WOM-Code Solutions for Low Latency and High Endurance in Phase Change Memory
This paper describes a write-once-memory-code phase change memory (WOM-code PCM) architecture for next-generation non-volatile memory applications. Specifically, we address the long latency of the write operation in PCM—attributed to PCM SET—...
A Novel Memory Block Management Scheme for PCM Using WOM-Code
HPCC-CSS-ICESS '15: Proceedings of the 2015 IEEE 17th International Conference on High Performance Computing and Communications, 2015 IEEE 7th International Symposium on Cyberspace Safety and Security, and 2015 IEEE 12th International Conf on Embedded Software and Systems

Phase Change Memory (PCM) is a promising DRAM replacement in embedded systems due to its attractive characteristics including low static power consumption and high density. However, long write latency is one of the major drawbacks in current PCM ...
Mellow writes: extending lifetime in resistive memories through selective slow write backs
ISCA'16

Emerging resistive memory technologies, such as PCRAM and ReRAM, have been proposed as promising replacements for DRAM-based main memory, due to their better scalability, low standby power, and non-volatility. However, limited write endurance is a major ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image Guide Proceedings

USENIX ATC'12: Proceedings of the 2012 USENIX conference on Annual Technical Conference

June 2012

41 pages

Publisher

USENIX Association

United States

Publication History

Published: 13 June 2012

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

207
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 20 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Jeong DChoi YLee BShin IKwon YWitchel EArpaci-Dusseau ARossbach CKeeton K(2024)OZZ: Identifying Kernel Out-of-Order Concurrency Bugs with In-Vivo Memory Access ReorderingProceedings of the ACM SIGOPS 30th Symposium on Operating Systems Principles10.1145/3694715.3695944(229-248)Online publication date: 4-Nov-2024
https://dl.acm.org/doi/10.1145/3694715.3695944
Orthen BBraunsdorf OZieris PHorsch J(2024)SoftBound+CETS RevisitedProceedings of the 17th European Workshop on Systems Security10.1145/3642974.3652285(22-28)Online publication date: 22-Apr-2024
https://dl.acm.org/doi/10.1145/3642974.3652285
James KValakuzhy KSnow KMonrose FVilela JSchulmann HLi N(2024)CrashTalk: Automated Generation of Precise, Human Readable, Descriptions of Software Security BugsProceedings of the Fourteenth ACM Conference on Data and Application Security and Privacy10.1145/3626232.3653256(337-347)Online publication date: 19-Jun-2024
https://dl.acm.org/doi/10.1145/3626232.3653256
Ling HHuang HWang CCai YZhang CTsafrir DMusuvathi MGupta RAbu-Ghazaleh N(2024)GIANTSAN: Efficient Memory Sanitization with Segment FoldingProceedings of the 29th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Volume 210.1145/3620665.3640391(433-449)Online publication date: 27-Apr-2024
https://dl.acm.org/doi/10.1145/3620665.3640391
Liang JWu ZFu JWang MSun CJiang YRoychoudhury APaiva AAbreu RStorey M(2024)Mozi: Discovering DBMS Bugs via Configuration-Based Equivalent TransformationProceedings of the IEEE/ACM 46th International Conference on Software Engineering10.1145/3597503.3639112(1-12)Online publication date: 20-May-2024
https://dl.acm.org/doi/10.1145/3597503.3639112
Kuliamin V(2024)A Survey of Software Dynamic Analysis MethodsProgramming and Computing Software10.1134/S036176882401007950:1(90-114)Online publication date: 1-Feb-2024
https://dl.acm.org/doi/10.1134/S0361768824010079
Bang IKayondo MMoon HPaek YCalandrino JTroncoso C(2023)TRUSTProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620626(6947-6964)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620626
Chen ZYan RMa YSui YXue J(2023)A Smart Status Based Monitoring Algorithm for the Dynamic Analysis of Memory SafetyACM Transactions on Software Engineering and Methodology10.1145/363722733:4(1-47)Online publication date: 11-Dec-2023
https://dl.acm.org/doi/10.1145/3637227
Zhou JSilvestro STang SYang HLiu HZeng GWu BLiu CLiu T(2023)MemPerf: Profiling Allocator-Induced Performance SlowdownsProceedings of the ACM on Programming Languages10.1145/36228487:OOPSLA2(1418-1441)Online publication date: 16-Oct-2023
https://dl.acm.org/doi/10.1145/3622848
Zhou CZhang QGuo LWang MJiang YLiao QWu ZLi SGu B(2023)Towards Better Semantics Exploration for Browser FuzzingProceedings of the ACM on Programming Languages10.1145/36228197:OOPSLA2(604-631)Online publication date: 16-Oct-2023
https://dl.acm.org/doi/10.1145/3622819
Show More Cited By

View Options

View options

Media

Figures

Other

Tables

View Table of Contents