Presentation is loading. Please wait.

Presentation is loading. Please wait.

Safety in the C programming Language Peter Wihl May 26 th, 2005 CS 297 Security and Programming Languages.

Similar presentations


Presentation on theme: "Safety in the C programming Language Peter Wihl May 26 th, 2005 CS 297 Security and Programming Languages."— Presentation transcript:

1 Safety in the C programming Language Peter Wihl May 26 th, 2005 CS 297 Security and Programming Languages

2 Overall Issue: Safety in C Best feature of C: –Gives programmer access to the lowest levels of the machine Worst feature of C: –Gives programmer access to the lowest levels of the machine

3 The Problem of Memory Manipulation Bad Pointer Arithmetic Defining the end of a string, the NULL termination Trespassing: When a pointer goes out of its bounds “The design of the C programming language encourages programming at the edge of safety.” –A1

4 The Band Aid Approach Create guidelines for the use of the existing language Examples: –DECOS: Dependable Embedded Components and Systems used in Europe and designed by comity –DOE-STD-1172-2003: Safety Software Quality guidelines for Nuclear Facilities –NASA C Programming Style Guide: From Goddard Space Flight Center –MISRA: Motor Industry Software Reliability Association

5 The Next Approach Create a modification of the C language –Cyclone –CCured

6 Cyclone Automatically insert run-time NULL checks when pointers are used Defined two new types of pointers: –Never-NULL pointer ‘@’ instead of ‘*’ –Fat pointer ‘?’ instead of ‘*’ permits pointer arithmetic ?-pointer represented by an address + bounds

7 Cyclone Uninitialized pointers: Static analysis to detect them Dangling pointers: to prevent dereferencing of a dangling pointer it performs a “region analysis” on the code. Freeing memory: –“growable regions” lives on the heap and are accessed though handles. Tagged Unions: used to control type-varying arguments, the tags distinguish the cases of the unions to know which types are being used in a particular call.

8 CCured Deals only with pointers Classifies them in two groups: Statically typed pointers Dynamically-typed pointers

9 CCured Defines two types classes of pointers: Static and dynamic CCured does not allow these two pointer conditions. –Cannot have both a dynamically-typed and a statically typed pointer pointing to the same location –Cannot have a statically type pointer stored in an area pointed to by a dynamic pointer Deallocation is handled though built in garbage collection

10 CCured: Statically Typed Pointer The SEQ (“sequence”) pointer –Can be used in pointer arithmetic but are required to carry bounds The SAFE pointer –Can be NULL but does not allow for pointer arithmetic

11

12 CCured: Dynamically Typed Pointer DYN pointer Contains two fields, the base and the pointer field Base field points to the start of a dynamically typed area that is processed by a length and followed by tag bits

13

14 Possible Problems With These Solutions Application level programming vs. system level programming Manually setting the address of a data pointer Needed for Memory mapped I/O Separating regions of code in systems with no OS

15 An example You are writing code for an embedded system with no OS and limited run time environment System architecture has two memory maps, boot time and run time. Build two separate execution regions: Boot and Main

16 Example (continued) ….. void *Jump(void); Jump = 0; Jump(); What am I doing here?!?! This is evil code! (it was written by Justin R. Cutler )

17 Example (continued) This is a soft reset that jumps out of Boot code and goes to the start of Main that is now at address location 0x000000 Would this be allowed by Cyclone or CCured? Something to talk about or maybe not.

18 References Software Safety Home Page: –http://www.softwaresafety.net/Guidelines/


Download ppt "Safety in the C programming Language Peter Wihl May 26 th, 2005 CS 297 Security and Programming Languages."

Similar presentations


Ads by Google