YAHMD - Yet Another Heap Memory Debugger

Slides:



Advertisements
Similar presentations
Introduction to Memory Management. 2 General Structure of Run-Time Memory.
Advertisements

Pointer applications. Arrays and pointers Name of an array is a pointer constant to the first element whose value cannot be changed Address and name refer.
Garbage Collection CSCI 2720 Spring Static vs. Dynamic Allocation Early versions of Fortran –All memory was static C –Mix of static and dynamic.
1 Objectives ❏ To understand the relationship between arrays and pointers ❏ To understand the design and concepts behind pointer arithmetic ❏ To write.
Chapter 8 Runtime Support. How program structures are implemented in a computer memory? The evolution of programming language design has led to the creation.
CSE 451: Operating Systems Section 1. Why are you here? 9/30/102.
Vertically Integrated Analysis and Transformation for Embedded Software John Regehr University of Utah.
Memory Arrangement Memory is arrange in a sequence of addressable units (usually bytes) –sizeof( ) return the number of units it takes to store a type.
Run-Time Storage Organization
Chapter 3.7 Memory and I/O Systems. 2 Memory Management Only applies to languages with explicit memory management (C or C++) Memory problems are one of.
. Memory Management. Memory Organization u During run time, variables can be stored in one of three “pools”  Stack  Static heap  Dynamic heap.
U NIVERSITY OF M ASSACHUSETTS A MHERST Department of Computer Science 2006 Exterminator: Automatically Correcting Memory Errors Gene Novark, Emery Berger.
Address Obfuscation: An Efficient Approach to Combat a Broad Range of Memory Error Exploits Sandeep Bhatkar, Daniel C. DuVarney, and R. Sekar Stony Brook.
Debugging Print And Imaging Drivers. Print driver team philosophy on driver quality There are tools to detect violations Wrongful development assumptions.
A Portable Virtual Machine for Program Debugging and Directing Camil Demetrescu University of Rome “La Sapienza” Irene Finocchi University of Rome “Tor.
CS 501: Software Engineering Fall 1999 Lecture 16 Verification and Validation.
CS 11 C track: lecture 5 Last week: pointers This week: Pointer arithmetic Arrays and pointers Dynamic memory allocation The stack and the heap.
1 Debugging and Testing Overview Defensive Programming The goal is to prevent failures Debugging The goal is to find cause of failures and fix it Testing.
Presentation of Failure- Oblivious Computing vs. Rx OS Seminar, winter 2005 by Lauge Wullf and Jacob Munk-Stander January 4 th, 2006.
1 MT258 Computer Programming and Problem Solving Unit 7.
Chapter 3.5 Memory and I/O Systems. 2 Memory Management Memory problems are one of the leading causes of bugs in programs (60-80%) MUCH worse in languages.
Computer Science Detecting Memory Access Errors via Illegal Write Monitoring Ongoing Research by Emre Can Sezer.
Dynamic Memory Allocation The process of allocating memory at run time is known as dynamic memory allocation. C does not Inherently have this facility,
Debugging in Java. Common Bugs Compilation or syntactical errors are the first that you will encounter and the easiest to debug They are usually the result.
Use of Coverity & Valgrind in Geant4 Gabriele Cosmo.
Well-behaved objects Main concepts to be covered Testing Debugging Test automation Writing for maintainability Objects First with Java - A Practical.
University of Washington Today Finished up virtual memory On to memory allocation Lab 3 grades up HW 4 up later today. Lab 5 out (this afternoon): time.
® IBM Software Group © 2006 IBM Corporation PurifyPlus on Linux / Unix Vinay Kumar H S.
CSCI Rational Purify 1 Rational Purify Overview Michel Izygon - Jim Helm.
Pointers in C Computer Organization I 1 August 2009 © McQuain, Feng & Ribbens Memory and Addresses Memory is just a sequence of byte-sized.
Design - programming Cmpe 450 Fall Dynamic Analysis Software quality Design carefully from the start Simple and clean Fewer errors Finding errors.
Debugging of # P. Hristov 04/03/2013. Introduction Difficult problem – The behavior is “random” and depends on the “history” – The debugger doesn’t.
 Asserting Expectations. Introduction -Observation alone is not enough for debugging as it can be a burden for a programmer. -One must compare observed.
Lecture 14 Page 1 CS 236 Online Variable Initialization Some languages let you declare variables without specifying their initial values And let you use.
+ Dynamic memory allocation. + Introduction We often face situations in programming where the data is dynamics in nature. Consider a list of customers.
Processes and Virtual Memory
Efficient Detection of All Pointer and Array Access Errors Todd M.Austin Scott E.Breach Gurindar S.Sohi Computer Sciences Department University of Wisconsin-Madison.
1 Debugging (Part 2). “Programming in the Large” Steps Design & Implement Program & programming style (done) Common data structures and algorithms Modularity.
VM: Chapter 7 Buffer Overflows. csci5233 computer security & integrity (VM: Ch. 7) 2 Outline Impact of buffer overflows What is a buffer overflow? Types.
DYNAMIC MEMORY ALLOCATION. Disadvantages of ARRAYS MEMORY ALLOCATION OF ARRAY IS STATIC: Less resource utilization. For example: If the maximum elements.
Code improvement: Coverity static analysis Valgrind dynamic analysis GABRIELE COSMO CERN, EP/SFT.
Design issues for Object-Oriented Languages
Memory-Related Perils and Pitfalls in C
Dynamic Allocation in C
Object Lifetime and Pointers
CMSC 345 Defensive Programming Practices from Software Engineering 6th Edition by Ian Sommerville.
Debugging Memory Issues
CSE 374 Programming Concepts & Tools
Introduction to programming
Testing and Debugging PPT By :Dr. R. Mall.
Valgrind Overview What is Valgrind?
Effective Data-Race Detection for the Kernel
Checking Memory Management
Introduction Enosis Learning.
Introduction Enosis Learning.
Chapter 9 :: Subroutines and Control Abstraction
CS Introduction to Operating Systems
Object Oriented Programming COP3330 / CGS5409
Jihyun Park, Changsun Park, Byoungju Choi, Gihun Chang
Memory Allocation Functions
Chap. 8 :: Subroutines and Control Abstraction
Chap. 8 :: Subroutines and Control Abstraction
Human Complexity of Software
System Structure and Process Model
Closure Representations in Higher-Order Programming Languages
Effective and Efficient memory Protection Using Dynamic Tainting
Dynamic Allocation in C
CETS: Compiler-Enforced Temporal Safety for C
Valgrind Overview What is Valgrind?
Run-time environments
Presentation transcript:

YAHMD - Yet Another Heap Memory Debugger Debapriyay Mukhopadhyay IXIA Technologies Pvt Ltd, Kolkata Subhas C. Nandy Indian Statistical Institute, Kolkata

Motivation According to NIST, software bugs cost the U.S. economy an estimated 59.5 billion dollar annually and memory-related bugs are the most difficult ones to catch of all software bugs, particularly in the programs written in C or C++ language. In complex embedded products, in every release, quality engineers use to come across quite a good number of bugs, which are related to oom, memory leak, memory over-run, memory under-run, double free, stack smashing, etc. Typically these bugs take a lot of time to get to the root cause and to fix it.

Motivation Valgrind, Asdfalloc, Purify, Diduce – there are tools to isolate these problems. But, These tools provide us with a huge amount of information and it is really a pain to get to the origin of the problem. These tools can not be applied selectively module wise. They are not very good to detect memory corruption. These tools can not be applied to debug kernel modules. Many of these tools require the code base to be built in debug mode – the Bug may not reproduce when built in debug mode.

What we aim? We aim to come up with a debugger framework which the existing tools is not supportive of doing. We want the debugger framework to be lightweight with a very low memory foot-prints. We also want our framework capable of isolating the following memory related bugs. Buffer overflow: Illegal access beyond the buffer boundary. This includes both memory overrun and underrun. Memory Leak: Dynamically allocated memory having no reference to it, hence is never freed. OOM: Out Of Memory issues because of either memory leak, or inappropriate design/implementation. Double Free: One memory location is freed twice. Uninitialized Read: Read memory data before it in initialized. K to

Code Instrumentation Many of the existing tools use this approach of source code instrumentation. We also use this approach. We have tried to formalize the problem of code instrumentation against the design of the framework. And this unified approach was missing in earlier works. YAHMD identifies the allocated heap variables with the virtual memory addresses as returned by malloc, alloc, calloc, realloc etc. It remains same across the functions - only the name with which we refer this addess in a program changes. Since YAHMD directly deal with these addresses, no special handling required to detect memory related issues across functions, different paths, contexts, etc. YAHMD does dynamic analysis of the code to look for errors.

High-Level Design of the Framework

Example Usages of the Macro

A Few More The Macros YAHMD_CHECK_MEMORY_PROBLEMS and YAHMD_UPDATE_SYM_TABLE are used in pairs for the following two cases Assignment statements which assigns value to a pointer variable and these Macros are used immediately before the statement. Statements involving only pointer arithmetic and these Macros in pairs are also used before these type of statements.

Results

Conclusion YAHMD framework identifies the allocated variables with the virtual memory addresses, so it is easy for the framework to isolate memory issues even across multiple functions. The framework assumes as if it is allocating or deallocating memory from memory pool and keeps track of the necessary information. But the framework actually does not intercept the memory allocation / deallocation calls. This method, what we call virtual execution of memory related instructions, is used in YAHMD. But, actually there is no memory pool, YAHMD mimics/simulates the behavior as if we are interacting with a pool based memory management system. The memory used by YAHMD framework is proportional to the number of heap variables used in the program – footprint is low. YAHMD framework can be easily extended to kernel modules.

Future Research Directions To come up with a solution to plug in the framework into any code-base without any manual intervention. What could be the optimal value for the size of each Memory Pool? To come up with metrics to evaluate the performance of the debugger framework. How to extend the framework to detect Stack Smashing and Assertion Violations. Whether this framework can be extended to detect memory problems related to static allocations. Can this framework be extended to identify the program execution sequence in which the problem occurred and has been detected. Can this framework be used to detect vulnerabilities in C/C++ code.

Questions?