Proceedings of the Institute for System Programming of the RAS
RUS  ENG    JOURNALS   PEOPLE   ORGANISATIONS   CONFERENCES   SEMINARS   VIDEO LIBRARY   PACKAGE AMSBIB  
General information
Latest issue
Archive

Search papers
Search references

RSS
Latest issue
Current issues
Archive issues
What is RSS



Proceedings of ISP RAS:
Year:
Volume:
Issue:
Page:
Find






Personal entry:
Login:
Password:
Save password
Enter
Forgotten password?
Register


Proceedings of the Institute for System Programming of the RAS, 2021, Volume 33, Issue 4, Pages 195–210
DOI: https://doi.org/10.15514/ISPRAS-2021-33(4)-14
(Mi tisp622)
 

This article is cited in 1 scientific paper (total in 1 paper)

Prevention of vulnerabilities arising from optimization of code with undefined behavior

R. V. Baev, L. V. Skvortsov, E. A. Kudryashov, R. A. Buchatskiy, R. A. Zhuykov

Ivannikov Institute for System Programming of the Russian Academy of Sciences
Full-text PDF (459 kB) Citations (1)
Abstract: Aggressive optimization in modern compilers may uncover vulnerabilities in program code that did not lead to bugs prior to optimization. The source of these vulnerabilities is in code with undefined behavior. Programmers use such constructs relying on some particular behavior these constructs showed before in their experience, but the compiler is not obliged to stick to that behavior and may change the behavior if it's needed for optimization since the behavior is undefined by language standard. This article describes approaches to detection and elimination of vulnerabilities arising from optimization in the case when source code is available but its modification is undesirable or impossible. Concept of a safe compiler (i.e. compiler that ensures no vulnerability is added to the program during optimization) is presented and implementation of such a compiler on top of GCC compiler is described. Implementation of safe compiler's functionality is divided into three security levels whose applicability is discussed in the article. Feasibility of using the safe compiler on real-world codebases is demonstrated and possible performance losses are estimated.
Keywords: compiler, vulnerability, undefined behavior.
Document Type: Article
Language: Russian
Citation: R. V. Baev, L. V. Skvortsov, E. A. Kudryashov, R. A. Buchatskiy, R. A. Zhuykov, “Prevention of vulnerabilities arising from optimization of code with undefined behavior”, Proceedings of ISP RAS, 33:4 (2021), 195–210
Citation in format AMSBIB
\Bibitem{BaeSkvKud21}
\by R.~V.~Baev, L.~V.~Skvortsov, E.~A.~Kudryashov, R.~A.~Buchatskiy, R.~A.~Zhuykov
\paper Prevention of vulnerabilities arising from optimization of code with undefined behavior
\jour Proceedings of ISP RAS
\yr 2021
\vol 33
\issue 4
\pages 195--210
\mathnet{http://mi.mathnet.ru/tisp622}
\crossref{https://doi.org/10.15514/ISPRAS-2021-33(4)-14}
Linking options:
  • https://www.mathnet.ru/eng/tisp622
  • https://www.mathnet.ru/eng/tisp/v33/i4/p195
  • This publication is cited in the following 1 articles:
    Citing articles in Google Scholar: Russian citations, English citations
    Related articles in Google Scholar: Russian articles, English articles
    Proceedings of the Institute for System Programming of the RAS
    Statistics & downloads:
    Abstract page:22
    Full-text PDF :12
     
      Contact us:
     Terms of Use  Registration to the website  Logotypes © Steklov Mathematical Institute RAS, 2024