Download presentation
Presentation is loading. Please wait.
1
CCured in the Real World Jeremy ConditMatthew Harren Scott McPeakGeorge Necula Westley Weimer OSQ Retreat May 14, 2003
2
CCured Review What: Guarantee memory safety in (legacy) C programs Why: Useful for debugging, security How: Static analysis + runtime checks. –Add bounds information, other metadata to each pointer
3
New Features 1. Physical subtyping: struct {char*; int}* <: struct {char*}* 2. Runtime Type Information for checked downcasts. 3. Split representation of metadata allows interoperability with precompiled libraries.
4
Experiments Benchmark suites: SPEC95, Olden, Ptrdist –Less than 87% slowdown in all cases –Less than 20% slowdown in half of the cases –Purify and Valgrind have slowdown factor of 5- 120 Minimal slowdown on I/O-bound applications –Linux kernel modules, Apache modules Cured many security-critical applications –Includes: sendmail, bind, ftpd, OpenSSL/SSH –Can prevent known security flaws –Can be used in production environments
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.