Presentation is loading. Please wait.

Presentation is loading. Please wait.

Safety in the C programming Language Peter Wihl May 26 th, 2005 CS 297 Security and Programming Languages.

Published byChloe Watson Modified over 8 years ago

Similar presentations

Presentation on theme: "Safety in the C programming Language Peter Wihl May 26 th, 2005 CS 297 Security and Programming Languages."— Presentation transcript:

1 Safety in the C programming Language Peter Wihl May 26 th, 2005 CS 297 Security and Programming Languages

2 Overall Issue: Safety in C Best feature of C: –Gives programmer access to the lowest levels of the machine Worst feature of C: –Gives programmer access to the lowest levels of the machine

3 The Problem of Memory Manipulation Bad Pointer Arithmetic Defining the end of a string, the NULL termination Trespassing: When a pointer goes out of its bounds “The design of the C programming language encourages programming at the edge of safety.” –A1

4 The Band Aid Approach Create guidelines for the use of the existing language Examples: –DECOS: Dependable Embedded Components and Systems used in Europe and designed by comity –DOE-STD-1172-2003: Safety Software Quality guidelines for Nuclear Facilities –NASA C Programming Style Guide: From Goddard Space Flight Center –MISRA: Motor Industry Software Reliability Association

5 The Next Approach Create a modification of the C language –Cyclone –CCured

6 Cyclone Automatically insert run-time NULL checks when pointers are used Defined two new types of pointers: –Never-NULL pointer ‘@’ instead of ‘*’ –Fat pointer ‘?’ instead of ‘*’ permits pointer arithmetic ?-pointer represented by an address + bounds

7 Cyclone Uninitialized pointers: Static analysis to detect them Dangling pointers: to prevent dereferencing of a dangling pointer it performs a “region analysis” on the code. Freeing memory: –“growable regions” lives on the heap and are accessed though handles. Tagged Unions: used to control type-varying arguments, the tags distinguish the cases of the unions to know which types are being used in a particular call.

8 CCured Deals only with pointers Classifies them in two groups: Statically typed pointers Dynamically-typed pointers

9 CCured Defines two types classes of pointers: Static and dynamic CCured does not allow these two pointer conditions. –Cannot have both a dynamically-typed and a statically typed pointer pointing to the same location –Cannot have a statically type pointer stored in an area pointed to by a dynamic pointer Deallocation is handled though built in garbage collection

10 CCured: Statically Typed Pointer The SEQ (“sequence”) pointer –Can be used in pointer arithmetic but are required to carry bounds The SAFE pointer –Can be NULL but does not allow for pointer arithmetic

11

12 CCured: Dynamically Typed Pointer DYN pointer Contains two fields, the base and the pointer field Base field points to the start of a dynamically typed area that is processed by a length and followed by tag bits

13

14 Possible Problems With These Solutions Application level programming vs. system level programming Manually setting the address of a data pointer Needed for Memory mapped I/O Separating regions of code in systems with no OS

15 An example You are writing code for an embedded system with no OS and limited run time environment System architecture has two memory maps, boot time and run time. Build two separate execution regions: Boot and Main

16 Example (continued) ….. void *Jump(void); Jump = 0; Jump(); What am I doing here?!?! This is evil code! (it was written by Justin R. Cutler )

17 Example (continued) This is a soft reset that jumps out of Boot code and goes to the start of Main that is now at address location 0x000000 Would this be allowed by Cyclone or CCured? Something to talk about or maybe not.

18 References Software Safety Home Page: –http://www.softwaresafety.net/Guidelines/

Download ppt "Safety in the C programming Language Peter Wihl May 26 th, 2005 CS 297 Security and Programming Languages."

Similar presentations

Dynamic Memory Management

Dynamic Memory Management
Topic 10 Java Memory Management. 1-2 Memory Allocation in Java When a program is being executed, separate areas of memory are allocated for each class.

Topic 10 Java Memory Management. 1-2 Memory Allocation in Java When a program is being executed, separate areas of memory are allocated for each class.
Lecture 10: Heap Management CS 540 GMU Spring 2009.

Lecture 10: Heap Management CS 540 GMU Spring 2009.
Two alternatives of C: Cyclone and Vault Keami Hung February 01, 2007.

Two alternatives of C: Cyclone and Vault Keami Hung February 01, 2007.
5. Memory Management From: Chapter 5, Modern Compiler Design, by Dick Grunt et al.

5. Memory Management From: Chapter 5, Modern Compiler Design, by Dick Grunt et al.
Various languages….  Could affect performance  Could affect reliability  Could affect language choice.

Various languages….  Could affect performance  Could affect reliability  Could affect language choice.
Garbage Collection CSCI 2720 Spring 2005. Static vs. Dynamic Allocation Early versions of Fortran –All memory was static C –Mix of static and dynamic.

Garbage Collection CSCI 2720 Spring Static vs. Dynamic Allocation Early versions of Fortran –All memory was static C –Mix of static and dynamic.
Memory allocation CSE 2451 Matt Boggus. sizeof The sizeof unary operator will return the number of bytes reserved for a variable or data type. Determine:

Memory allocation CSE 2451 Matt Boggus. sizeof The sizeof unary operator will return the number of bytes reserved for a variable or data type. Determine:
CS 326 Programming Languages, Concepts and Implementation Instructor: Mircea Nicolescu Lecture 18.

CS 326 Programming Languages, Concepts and Implementation Instructor: Mircea Nicolescu Lecture 18.
Chapter 8 Runtime Support. How program structures are implemented in a computer memory? The evolution of programming language design has led to the creation.

Chapter 8 Runtime Support. How program structures are implemented in a computer memory? The evolution of programming language design has led to the creation.
The Java Language. Topics of this Course  Introduction to Java  The Java Language  Object Oriented Programming in Java  Exceptions Handling  Threads.

The Java Language. Topics of this Course  Introduction to Java  The Java Language  Object Oriented Programming in Java  Exceptions Handling  Threads.
Introduction The Approach ’ s Overview A Language of Pointers The Type System Operational Semantics Type Safety Type Inference The Rest of C Experiments.

Introduction The Approach ’ s Overview A Language of Pointers The Type System Operational Semantics Type Safety Type Inference The Rest of C Experiments.
George Blank University Lecturer. CS 602 Java and the Web Object Oriented Software Development Using Java Chapter 4.

George Blank University Lecturer. CS 602 Java and the Web Object Oriented Software Development Using Java Chapter 4.
Strength Through Typing: A more powerful dependently-typed assembly language Matt Harren George Necula OSQ 2004.

Strength Through Typing: A more powerful dependently-typed assembly language Matt Harren George Necula OSQ 2004.
Type-Safe Programming in C George Necula EECS Department University of California, Berkeley.

Type-Safe Programming in C George Necula EECS Department University of California, Berkeley.
Memory Arrangement Memory is arrange in a sequence of addressable units (usually bytes) –sizeof( ) return the number of units it takes to store a type.

Memory Arrangement Memory is arrange in a sequence of addressable units (usually bytes) –sizeof( ) return the number of units it takes to store a type.
Run time vs. Compile time

Run time vs. Compile time
C and Data Structures Baojian Hua

C and Data Structures Baojian Hua
1 Run time vs. Compile time The compiler must generate code to handle issues that arise at run time Representation of various data types Procedure linkage.

1 Run time vs. Compile time The compiler must generate code to handle issues that arise at run time Representation of various data types Procedure linkage.
1 Pointers, Dynamic Data, and Reference Types Review on Pointers Reference Variables Dynamic Memory Allocation –The new operator –The delete operator –Dynamic.

1 Pointers, Dynamic Data, and Reference Types Review on Pointers Reference Variables Dynamic Memory Allocation –The new operator –The delete operator –Dynamic.

Similar presentations

Ads by Google