Abstract
The C programming language offers setjmp/ longjmp as a mechanism for nonlocal control flow. This mechanism has complicated semantics. As most developers do not encounter it day-to-day, they may be unfamiliar with all its intricacies – leading to subtle programming errors. At the same time, most static analyzers lack proper support, implying that otherwise sound tools miss whole classes of program deficiencies. We propose a concrete semantics of a subset of C with setjmp/ longjmp, where interprocedural longjmps are performed directly, as well as an equivalent formulation where such jumps are implemented via stack-unwinding at the call-sites. Reflecting this semantic equivalence, we propose an approach for lifting existing interprocedural analyses to support setjmp/ longjmp and to flag their misuse. To deal with the nonlocal semantics, our approach leverages side-effecting transfer functions, which, when executed, may additionally trigger contributions for program points that are not static control-flow successors. We showcase our analysis on a real-world example and propose a set of litmus tests for other analyzers.
Article PDF
Similar content being viewed by others
Avoid common mistakes on your manuscript.
References
Apinis, K., Seidl, H., Vojdani, V.: side-effecting constraint systems: a Swiss army knife for program analysis. In: Jhala, R., Igarashi, A. (eds.) Programming Languages and Systems - 10th Asian Symposium, APLAS 2012, Proceedings, Kyoto, Japan, December 11-13, 2012, Lecture Notes in Computer Science, vol. 7705, pp. 157–172. Springer, Berlin (2012). https://doi.org/10.1007/978-3-642-35182-2_12
Bertrane, J., Cousot, P., Cousot, R., Feret, J., Mauborgne, L., Miné, A., Rival, X.: Static analysis and verification of aerospace software by abstract interpretation. Found. Trends Program. Lang. 2(2–3), 71–190 (2015). https://doi.org/10.1561/2500000002
Beyer, D.: State of the art in software verification and witness validation: SV-COMP 2024. In: Finkbeiner, B., Kovács, L. (eds.) Tools and Algorithms for the Construction and Analysis of Systems – 30th International Conference, TACAS 2024, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2024, Proceedings, Part III, Luxembourg City, Luxembourg, April 6–11, 2024. Lecture Notes in Computer Science, vol. 14572, pp. 299–329. Springer, Berlin (2024). https://doi.org/10.1007/978-3-031-57256-2_15
Blazy, S., Bühler, D., Yakobowski, B.: Structuring abstract interpreters through state and value abstractions. In: Bouajjani, A., Monniaux, D. (eds.) Verification, Model Checking, and Abstract Interpretation – 18th International Conference, VMCAI 2017, Proceedings, Paris, France, January 15–17, 2017. Lecture Notes in Computer Science, vol. 10145, pp. 112–130. Springer, Berlin (2017). https://doi.org/10.1007/978-3-319-52234-0_7
Chang, B., Choi, K.: A review on exception analysis. Inf. Softw. Technol. 77, 1–16 (2016). https://doi.org/10.1016/j.infsof.2016.05.003
Christakis, M., Bird, C.: What developers want and need from program analysis: an empirical study. In: Lo, D., Apel, S., Khurshid, S. (eds.) Proceedings of the 31st IEEE/ACM International Conference on Automated Software Engineering, ASE 2016, Singapore, September 3–7, 2016, pp. 332–343. ACM, New York (2016). https://doi.org/10.1145/2970276.2970347
Cousot, P., Cousot, R.: Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints. In: Graham, R.M., Harrison, M.A., Sethi, R. (eds.) Conference Record of the Fourth ACM Symposium on Principles of Programming Languages, Los Angeles, California, USA, pp. 238–252. ACM, New York (1977). https://doi.org/10.1145/512950.512973
Erhard, J., Schinabeck, J.F., Schwarz, M., Seidl, H.: When to stop going down the rabbit hole: taming context-sensitivity on the fly. In: Monat, R., Rubio-González, C. (eds.) Proceedings of the 13th ACM SIGPLAN International Workshop on the State of the Art in Program Analysis, SOAP 2024, Copenhagen, Denmark. ACM, New York (2024). To appear
Feng, X., Shao, Z., Vaynberg, A., Xiang, S., Ni, Z.: Modular verification of assembly code with stack-based control abstractions. In: Schwartzbach, M.I., Ball, T. (eds.) Proceedings of the ACM SIGPLAN 2006 Conference on Programming Language Design and Implementation, Ottawa, Ontario, Canada, June 11–14, 2006, pp. 401–414. ACM, New York (2006). https://doi.org/10.1145/1133981.1134028
Fromherz, A., Ouadjaout, A., Miné, A.: Static value analysis of python programs by abstract interpretation. In: Dutle, A., Muñoz, C.A., Narkawicz, A. (eds.) NASA Formal Methods - 10th International Symposium, NFM 2018, Newport News, VA, USA, April 17–19, 2018. Proceedings, Lecture Notes in Computer Science, vol. 10811, pp. 185–202. Springer, Berlin (2018). https://doi.org/10.1007/978-3-319-77935-5_14
Hind, M., Pioli, A.: Evaluating the effectiveness of pointer alias analyses. Sci. Comput. Program. 39(1), 31–55 (2001). https://doi.org/10.1016/S0167-6423(00)00014-9
Leroy, X.: The CompCert C verified compiler – documentation and user’s manual – version 3.12 (2022). Tech. rep
Livshits, B., Sridharan, M., Smaragdakis, Y., Lhoták, O., Amaral, J.N., Chang, B.E., Guyer, S.Z., Khedker, U.P., Møller, A., Vardoulakis, D.: In defense of soundiness: a manifesto. Commun. ACM 58(2), 44–46 (2015). https://doi.org/10.1145/2644805
MITRE: CVE-2018-14876. (2018). https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14876. [accessed 09-March-2023]
MITRE: CVE-2013-1441. (2013). https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1441. [Accessed 09-March-2023]
Monat, R.: Static type and value analysis by abstract interpretation of Python programs with native C libraries. (analyse statique, de type et de valeur, par interprétation abstraite, de programmes Python utilisant des librairies C). Ph.D. thesis, Sorbonne University, Paris, France (2021) https://tel.archives-ouvertes.fr/tel-03533030
Monat, R., Milanese, M., Parolini, F., Boillot, J., Ouadjaout, A., Miné, A.: Mopsa-c: improved verification for C programs, simple validation of correctness witnesses (competition contribution). In: Finkbeiner, B., Kovács, L. (eds.) Tools and Algorithms for the Construction and Analysis of Systems - 30th International Conference, TACAS 2024, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2024, Proceedings, Part III, Luxembourg City, Luxembourg, April 6–11, 2024. Lecture Notes in Computer Science, vol. 14572, pp. 387–392. Springer, Berlin (2024). https://doi.org/10.1007/978-3-031-57256-2_26
Patrakov, A.: Dangers of setjmp()/longjmp() (2009). https://patrakov.blogspot.com/2009/07/dangers-of-setjmplongjmp.html. Online; accessed 09-March-2023
Roberts, E.S.: Implementing exceptions in C. Tech. Rep. 40, Digital Equipment Corporation, Systems Research Center (1989)
Saan, S., Erhard, J., Schwarz, M., Bozhilov, S., Holter, K., Tilscher, S., Vojdani, V., Seidl, H.: Goblint: abstract interpretation for memory safety and termination (competition contribution). In: Finkbeiner, B., Kovács, L. (eds.) Tools and Algorithms for the Construction and Analysis of Systems – 30th International Conference, TACAS 2024, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2024, Proceedings, Part III, Luxembourg City, Luxembourg, April 6-11, 2024. Lecture Notes in Computer Science, vol. 14572, pp. 381–386. Springer, Berlin (2024). https://doi.org/10.1007/978-3-031-57256-2_25
Schubert, P.D., Hermann, B., Bodden, E.: Phasar: an inter-procedural static analysis framework for C/C++. In: Vojnar, T., Zhang, L. (eds.) Tools and Algorithms for the Construction and Analysis of Systems – 25th International Conference, TACAS 2019, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2019, Proceedings, Part II, Prague, Czech Republic, April 6–11, 2019. Lecture Notes in Computer Science, vol. 11428, pp. 393–410. Springer, Berlin (2019). https://doi.org/10.1007/978-3-030-17465-1_22
Schwarz, M., Saan, S., Seidl, H., Apinis, K., Erhard, J., Vojdani, V.: Improving thread-modular abstract interpretation. In: Dragoi, C., Mukherjee, S., Namjoshi, K.S. (eds.) Static Analysis – 28th International Symposium, SAS 2021, Proceedings, Chicago, IL, USA, October 17–19, 2021. Lecture Notes in Computer Science, vol. 12913, pp. 359–383. Springer, Berlin (2021). https://doi.org/10.1007/978-3-030-88806-0_18
Schwarz, M., Erhard, J., Vojdani, V., Saan, S., Seidl, H.: When long jumps fall short: control-flow tracking and misuse detection for non-local jumps in C. In: Ferrara, P., Hadarean, L. (eds.) Proceedings of the 12th ACM SIGPLAN International Workshop on the State of the Art in Program Analysis, SOAP 2023, Orlando, FL, USA, 17 June 2023, pp. 20–26. ACM, New York (2023). https://doi.org/10.1145/3589250.3596140
Schwarz, M., Saan, S., Seidl, H., Erhard, J., Vojdani, V.: Clustered relational thread-modular abstract interpretation with local traces. In: Wies, T. (ed.) Programming Languages and Systems – 32nd European Symposium on Programming, ESOP 2023, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2023, Proceedings, Paris, France, April 22–27, 2023. Lecture Notes in Computer Science, vol. 13990, pp. 28–58. Springer, Berlin (2023). https://doi.org/10.1007/978-3-031-30044-8_2
Seidl, H., Vene, V., Müller-Olm, M.: Global invariants for analysing multi-threaded applications. In: Proceedings – Estonian Academy of Sciences Physics Mathematics, vol. 52, pp. 413–436. Estonian Academy Publishers (2003)
Vojdani, V., Vene, V.: Goblint: path-sensitive data race analysis. Ann. Univ. Sci. Budapest., Sect. Comput. 30, 141–155 (2009)
Vojdani, V., Apinis, K., Rõtov, V., Seidl, H., Vene, V., Vogler, R.: Static race detection for device drivers: the Goblint approach. In: Proceedings of the 31st IEEE/ACM International Conference on Automated Software Engineering, ASE 2016, pp. 391–402. ACM, New York (2016)
Wilson, R.P.: Efficient, context-sensitive pointer analysis for C programs. Ph.D. thesis, Stanford University (1997)
Acknowledgements
We thank Benjamin Bott for implementing an earlier prototype. This work was supported in part by Deutsche Forschungsgemeinschaft (DFG) – 378803395/2428 ConVeY, the Estonian Centre of Excellence in IT, funded by the European Regional Development Fund, and the Shota Rustaveli National Science Foundation of Georgia under the project FR-21-7973.
Funding
Open Access funding enabled and organized by Projekt DEAL.
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher’s Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Open Access This article is licensed under a Creative Commons Attribution 4.0 International License, which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if changes were made. The images or other third party material in this article are included in the article’s Creative Commons licence, unless indicated otherwise in a credit line to the material. If material is not included in the article’s Creative Commons licence and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this licence, visit http://creativecommons.org/licenses/by/4.0/.
About this article
Cite this article
Erhard, J., Schwarz, M., Vojdani, V. et al. When long jumps fall short: control-flow tracking and misuse detection for nonlocal jumps in C. Int J Softw Tools Technol Transfer 26, 589–605 (2024). https://doi.org/10.1007/s10009-024-00764-z
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10009-024-00764-z