Introspection for C and its Applications to Library Robustness
Context: In C, low-level errors, such as buffer overflow and use-after-free, are a major problem, as they cause security vulnerabilities and hard-to-find bugs. C lacks automatic checks, and programmers cannot apply defensive programming techniques because objects (e.g., arrays or structs) lack run-time information about bounds, lifetime, and types. Inquiry: Current approaches to tackling low-level errors include dynamic tools, such as bounds or type checkers, that check for certain actions during program execution. If they detect an error, they typically abort execution. Although they track run-time information as part of their runtimes, they do not expose this information to programmers. Approach: We devised an introspection interface that allows C programmers to access run-time information and to query object bounds, object lifetimes, object types, and information about variadic arguments. This enables library writers to check for invalid input or program states and thus, for example, to implement custom error handling that maintains system availability and does not terminate on benign errors. As we assume that introspection is used together with a dynamic tool that implements automatic checks, errors that are not handled in the application logic continue to cause the dynamic tool to abort execution. Knowledge: Using the introspection interface, we implemented a more robust, source-compatible version of the C standard library that validates parameters to its functions. The library functions react to otherwise undefined behavior; for example, they can detect lurking flaws, handle unterminated strings, check format string arguments, and set errno when they detect benign usage errors. Grounding: Existing dynamic tools maintain run-time information that can be used to implement the introspection interface, and we demonstrate its implementation in Safe Sulong, an interpreter and dynamic bug-finding tool for C that runs on a Java Virtual Machine and can thus easily expose relevant run-time information. Importance: Using introspection in user code is a novel approach to tackling the long-standing problem of low-level errors in C. As new approaches are lowering the performance overhead of run-time information maintenance, the usage of dynamic runtimes for C could become more common, which could ultimately facilitate a more widespread implementation of such an introspection interface.
Thu 12 AprDisplayed time zone: Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change
10:30 - 12:00 | |||
10:30 30mTalk | Fast, Flexible, Polyglot Instrumentation Support for Debuggers and other Tools Research Papers Michael Van De Vanter Oracle Labs, Chris Seaton Oracle Labs, Michael Haupt eBay, Christian Humer Oracle Labs, Switzerland, Thomas Wuerthinger Oracle Labs Link to publication DOI | ||
11:00 30mTalk | Proactive Empirical Assessment of New Language Feature Adoption via Automated Refactoring: The Case of Java 8 Default Methods Research Papers Raffi Khatchadourian City University of New York (CUNY) Hunter College, Hidehiko Masuhara Tokyo Institute of Technology Link to publication DOI | ||
11:30 30mTalk | Introspection for C and its Applications to Library Robustness Research Papers Manuel Rigger Johannes Kepler University Linz, Rene Mayrhofer Johannes Kepler University Linz, Roland Schatz Johannes Kepler University Linz, Matthias Grimmer Oracle Labs, Austria, Hanspeter Mössenböck JKU Linz, Austria Link to publication DOI Media Attached |