Fail-safe ANSI-C compiler: An approach to making C programs secure progress report

Yutaka Oiwa, Tatsurou Sekiguchi, Eijiro Sumii, Akinori Yonezawa

Research output: Chapter in Book/Report/Conference proceedingChapter

15 Citations (Scopus)

Abstract

It is well known that programs written in C are apt to suffer from nasty errors due to dangling pointers and/or buffer overflow. In particular, such errors in Internet servers are often exploited by malicious attackers to "crack" an entire system, which becomes even social problems nowadays. Nevertheless, it is yet unrealistic to throw away the C language at once because of legacy programs and legacy programmers. To alleviate this dilemma, many approaches to safe implementations of the C language - such as Safe C and CCured - have been proposed and implemented. To our knowledge, however, none of them support all the features of the ANSI C standard and prevent all unsafe operations. (By unsafe operations, we mean any operation that leads to "undefined behavior" , such as array boundary overrun and dereference of a pointer in a wrong type.) This paper describes a memory-safe implementation of the full ANSI C language. Our implementation detects and disallows all unsafe operations, yet conforming to the full ANSI C standard (including casts and unions) and even supporting many "dirty tricks" common in programs beyond ANSI C. This is achieved using sophisticated representations of pointers (and integers) that contain dynamic type and size information. We also devise several techniques - both compile-time and runtime - to reduce the overhead of runtime checks.

Original languageEnglish
Title of host publicationLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
EditorsMitsuhiro Okada, Benjamin C. Pierce, Andre Scedrov, Hideyuki Tokuda, Akinori Yonezawa
PublisherSpringer Verlag
Pages133-153
Number of pages21
ISBN (Print)3540007083
DOIs
Publication statusPublished - 2003
Externally publishedYes

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume2609
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Computer Science(all)

Fingerprint

Dive into the research topics of 'Fail-safe ANSI-C compiler: An approach to making C programs secure progress report'. Together they form a unique fingerprint.

Cite this