R. V. Baev, L. V. Skvortsov, E. A. Kudryashov, R. A. Buchatskiy, R. A. Zhuykov, “Prevention of vulnerabilities arising from optimization of code with undefined behavior”, Proceedings of ISP RAS, 33:4 (2021), 195

Proceedings of the Institute for System Programming of the RAS

RUS ENG

JOURNALS PEOPLE ORGANISATIONS CONFERENCES SEMINARS VIDEO LIBRARY PACKAGE AMSBIB

JavaScript is disabled in your browser. Please switch it on to enable full functionality of the website

	General information
	Latest issue
	Archive

	Search papers
	Search references

	RSS
	Latest issue
	Current issues
	Archive issues
	What is RSS

Proceedings of ISP RAS:
Year:
Volume:
Issue:
Page:
	Find

Personal entry:
Login:
Password:
	Save password
	Enter
	Forgotten password?
	Register

Proceedings of the Institute for System Programming of the RAS, 2021, Volume 33, Issue 4, Pages 195–210
DOI: https://doi.org/10.15514/ISPRAS-2021-33(4)-14 (Mi tisp622)

This article is cited in 1 scientific paper (total in 1 paper)

Prevention of vulnerabilities arising from optimization of code with undefined behavior

R. V. Baev, L. V. Skvortsov, E. A. Kudryashov, R. A. Buchatskiy, R. A. Zhuykov

Ivannikov Institute for System Programming of the Russian Academy of Sciences

Full-text PDF (459 kB) Citations (1)

DOI: https://doi.org/10.15514/ISPRAS-2021-33(4)-14

Abstract: Aggressive optimization in modern compilers may uncover vulnerabilities in program code that did not lead to bugs prior to optimization. The source of these vulnerabilities is in code with undefined behavior. Programmers use such constructs relying on some particular behavior these constructs showed before in their experience, but the compiler is not obliged to stick to that behavior and may change the behavior if it's needed for optimization since the behavior is undefined by language standard. This article describes approaches to detection and elimination of vulnerabilities arising from optimization in the case when source code is available but its modification is undesirable or impossible. Concept of a safe compiler (i.e. compiler that ensures no vulnerability is added to the program during optimization) is presented and implementation of such a compiler on top of GCC compiler is described. Implementation of safe compiler's functionality is divided into three security levels whose applicability is discussed in the article. Feasibility of using the safe compiler on real-world codebases is demonstrated and possible performance losses are estimated.

Keywords: compiler, vulnerability, undefined behavior.

Document Type: Article

Language: Russian

Citation: R. V. Baev, L. V. Skvortsov, E. A. Kudryashov, R. A. Buchatskiy, R. A. Zhuykov, “Prevention of vulnerabilities arising from optimization of code with undefined behavior”, Proceedings of ISP RAS, 33:4 (2021), 195–210

Citation in format AMSBIB

\Bibitem{BaeSkvKud21}

\by R.~V.~Baev, L.~V.~Skvortsov, E.~A.~Kudryashov, R.~A.~Buchatskiy, R.~A.~Zhuykov

\paper Prevention of vulnerabilities arising from optimization of code with undefined behavior

\jour Proceedings of ISP RAS

\yr 2021

\vol 33

\issue 4

\pages 195--210

\mathnet{http://mi.mathnet.ru/tisp622}

\crossref{https://doi.org/10.15514/ISPRAS-2021-33(4)-14}

Linking options:

https://www.mathnet.ru/eng/tisp622

https://www.mathnet.ru/eng/tisp/v33/i4/p195

This publication is cited in the following 1 articles:

Citing articles in Google Scholar: Russian citations, English citations
Related articles in Google Scholar: Russian articles, English articles

Proceedings of the Institute for System Programming of the RAS

Statistics & downloads:
Abstract page:	14
Full-text PDF :	3

Что такое QR-код?

Registration to the website

Logotypes