Academic
Publications
CCured in the real world

CCured in the real world,10.1145/781131.781157,Sigplan Notices,Jeremy Condit,Matthew Harren,Scott McPeak,George C. Necula,Westley Weimer

CCured in the real world   (Citations: 91)
BibTex | RIS | RefWorks Download
CCured is a program transformation system that adds memory safety guarantees to C programs by verifying statically that memory errors cannot occur and by inserting run-time checks where static verification is insufficient.This paper addresses major usability issues in a previous version of CCured, in which many type casts required the use of pointers whose representation was expensive and incompatible with precompiled libraries. We have extended the CCured type inference algorithm to recognize and verify statically a large number of type casts; this goal is achieved by using physical subtyping and pointers with run-time type information to allow parametric and subtype polymorphism. In addition, we present a new instrumentation scheme that splits CCured's metadata into a separate data structure whose shape mirrors that of the original user data. This scheme allows instrumented programs to invoke external functions directly on the program's data without the use of a wrapper function.With these extensions we were able to use CCured on real-world security-critical network daemons and to produce instrumented versions without memory-safety vulnerabilities.
Journal: Sigplan Notices - SIGPLAN , vol. 38, no. 5, pp. 232-244, 2003
Cumulative Annual
Sort by: