Automated Code Repair (ACR) to Ensure Memory Safety

Abstract

Automated Code Repair (ACR) for Memory Safety: Problem: Software vulnerabilities constitute a major threat to DoD. *Memory violations are among the most common and most severe types of vulnerabilities. *Static analysis helps find bugs, but the volume of alerts is often overwhelming. *Huge amount of code is in use by DoD, with unknown number of security vulnerabilities. Solution: Repair code to enable proof of mem safety. Approach: *Transform source code to an intermediate representation (IR). *Try to prove that each memory access is within bounds (spatial memory safety) and not to a deallocated region (temporal memory safety). *If unable to prove, repair code so that proof succeeds. *Map the transformed IR back to source code.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Jan 29, 2019
Accession Number
AD1085458

Entities

People

  • William Klieber

Organizations

  • Carnegie Mellon University

Tags

DTIC Thesaurus Topics

  • Algorithms
  • Application Software
  • Compilers
  • Computer Programs
  • Copyrights
  • Department Of Defense
  • Directives
  • Engineering
  • Governments
  • Guarantees
  • Instrumentation
  • Lists (Data Structures)
  • Materials
  • Software Development
  • Universities
  • Vulnerability

Fields of Study

  • Computer science
  • Engineering

Readers

  • Artificial Intelligence
  • Software Engineering.
  • Systems Analysis and Design