Abstract
The C programming language is expressive and flexible, but not safe; as its expressive power and flexibility are obtained through unsafe language features, and improper use of these features can lead to program bugs whose causes are hard to identify. Since C is widely used, and it is impractical to rewrite all existing C programs in safe languages, so ways must be found to make C programs safe. This paper deals with the unsafe features of C and presents a survey on existing solutions to make C programs safe. We have studied binary-level instrumentation tools, source checkers, source-level instrumentation tools and safe dialects of C, and present a comparison of different solutions, summarized the strengths and weaknesses of different classes of solutions, and show measures that could possibly improve the accuracy or alleviate the overhead of existing solutions.
References
Arnold, M., Ryder, B.G., 2001. A Framework for Reducing the Cost of Instrumented Code. Proceedings of the Conference on Programming Language Design and Implementation(PLDI), Salt Lake City, p. 168–179.
Austin, T.M., Breach, S.E., Sohi, G.S., 1994. Efficient Detection of All Pointer and Array Access Errors. Proceedings of the Conference on Programming Language Design and Implementation (PLDI), p. 290–301.
Bodik, R., Gupta, R., Sarkar, V., 2000. ABCD: Eliminating Array Bounds Checks on Demand. SIGPLAN Conference on Programming Language Design and Implementation(PLDI), p. 321–333.
Bouchareine, P., 2000. Format String Vulnerability. Bugtraq. http://www.hert.org/papers/format.html
Burrows, M., Freund, S.N., Wiener, J.L., 2003. Run-time Type Checking for Binary Programs. International Conference on Compiler Construction.
Bush, W.R., Pincus, J.D., Sielaff, D.J., 2000. A static analyzer for finding dynamic programming errors.Software, Practice, and Experience,30(7): 775–802.
Chandra, S., Reps, T., 1999. Physical Type Checking for C. Proceedings of the ACM SIGPLAN-SIGSOFT Workshop on Program Analysis for Software Tools and Engineering, volume 24.5 of Software Engineering Notes (SEN). p. 66–75.
Condit, J., Harren, M., McPeak, S., Necula, G.C., Weimer, W., 2003. CCured in the Real World. Proceedings of the Conference on Programming Language Design and Implementation (PLDI).
David, A., 2003. Flawfinder Documentation. http://www.dwheeler.com/flawfinder/
David, W., 2003. Boon Home Page. http://www.cs.berkeley. edu/~daw/boon/.
Dor, N., Rodeh, M., Sagiv, M., 2001. Cleanness Checking of String Manipulations in C Programs via Integer Analysis. 8th International Symposium on Static Analysis (SAS), p. 194–212.
Evans, D., 1996. Static Detection of Dynamic Memory Errors. SIGPLAN Conference on Programming Language Design and Implementation (PLDI).
Evans, D., 2003. SpLint Documentation. http://www.splint.org/.
Grossman, D., Morrisett, G., Jim, T., Hicks, M., Wang, Y.L., Cheney, J., 2002. Region-based Memory Management in Cyclone. ACM Conference on Programming Language Design and Implementation, Berlin, Germany, p. 282–293.
Hasting, R., Joyce, B., 1992. Purify: Fast Detection of Memory Leaks and Access Errors. Proceedings of the Winter USENIX Conference.
Jagannathan, S., Wright, A., 1995. Effective Flow Analysis for Avoiding Run-time Checks. Proceedings of the Second International Static Analysis Symposium,983: 207–224.
Jim, T., Morrisett, G., Grossman, D., Hicks, M., Cheney, J., Wang, Y.L., 2002. Cyclone: A Safe Dialect of C. USENIX Annual Technical Conference, Monterey, CA, p. 275–288.
Jones, R.W.M., Kelly, P.H.J., 1997. Backwards-Compatible Bounds Checking for Arrays and Pointers in C Programs. Proceedings of Third International Workshop on Automated Debugging, p. 13–26.
Larochelle, D., Evans, D., 2001. Statically Detecting likely Buffer Overflow Vulnerabilities. 10th USENIX Security Symposium. Washington D.C.
Loginov, A., Yong, S.H., Horwitz, S., Reps, T., 2001. Debugging via Run-time Type Checking. Proceedings of the Conference on Fundamental Approaches to Software Engineering, p. 217–232.
Miller, B.P., Koski, D., Lee, C.P., Maganty, V., Murthy, R., Natarajan, A., Steidl J., 1995. Fuzz Revisited: A Re-examination of the Reliability of UNIX Utilities and Services. Technical Report.
Necula, G.C., McPeak, S., Weimer, W., 2002. CCured: Type-safe Retrofitting of Legacy Code. Proceedings of the Symposium on Principles of Programming Languages p. 128–139.
Necula, G., McPeak, S., Weimer, W., Harren, M., Condit, J., 2003. CCured Documentation. http://manju.cs.berkely.edu/ccured/.
Scut, 2001. Exploiting Format String Vulnerabilities. http://teso.scene.at/articles/formatstring/.
Seward, J., 2003. Valgrind, An Open-source Memory Debugger for x86-GNU/Linux. Technical Report, http://valgrind.kde.org/.
Siff, M., Chandra, S., Ball, T., Kunchithapadam, K., Reps, T., 1999. Coping with type casts in C.Lecture Notes in Computer Science,1687: 180–198.
Smith, G., Volpano, D., 1998. A sound polymorphic type system for a dialect of C.Science of Computer Programming,32(13): 49–72.
Viega, J., Bloch, J.T., Kohno, Y., McGraw, G., 2000. ITS4: A Static Vulnerability Scanner for C and C++Code. Proceedings of the Annual Computer Security Applications Conference.
Wagner, D., Foster, J.S., Brewer, E. A., Aiken, A., 2000. A First Step toward Automated Detection of Buffer Overrun Vulnerabilities. Network Distributed Systems security Symposium, p. 1–15.
Author information
Authors and Affiliations
Additional information
Project (No. 2003AA1Z1060) supported by the National Hi-Tech Research and Development Program (863) of China
Rights and permissions
About this article
Cite this article
Ji-min, W., Ling-di, P., Xue-zeng, P. et al. Tools to make C programs safe: a deeper study. J. Zheijang Univ.-Sci. A 6, 63–70 (2005). https://doi.org/10.1631/BF02842479
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1631/BF02842479