An earlier version of this paper was presented at the 10th IEEE International Working Conference on Source Code Analysis and Manipulation (SCAM), Timişoara, Romania, September 12–13, 2010.
Extended Conference Paper
MemSafe: ensuring the spatial and temporal memory safety of C at runtime†
Article first published online: 2 FEB 2012
Copyright © 2012 John Wiley & Sons, Ltd.
Software: Practice and Experience
Volume 43, Issue 1, pages 93–128, January 2013
How to Cite
Simpson, M. S. and Barua, R. K. (2013), MemSafe: ensuring the spatial and temporal memory safety of C at runtime. Softw: Pract. Exper., 43: 93–128. doi: 10.1002/spe.2105
- Issue published online: 17 DEC 2012
- Article first published online: 2 FEB 2012
- Manuscript Accepted: 11 DEC 2011
- Manuscript Revised: 21 NOV 2011
- Manuscript Received: 31 AUG 2010
- memory safety;
- programming languages
Memory access violations are a leading source of unreliability in C programs. As evidence of this problem, a variety of methods exist that retrofit C with software checks to detect memory errors at runtime. However, these methods generally suffer from one or more drawbacks including the inability to detect all errors, the use of incompatible metadata, the need for manual code modifications, and high runtime overheads. This paper presents a compiler analysis and transformation for ensuring the memory safety of C called MemSafe. MemSafe makes several novel contributions that improve upon previous work and lower the cost of safety. These include (i) a method for modeling temporal errors as spatial errors, (ii) a metadata representation that combines features of both object-based and pointer-based approaches, and (iii) a dataflow representation that simplifies optimizations for removing unneeded checks. MemSafe is capable of detecting real errors with lower overheads than previous efforts. Experimental results show that MemSafe detects all memory errors in six programs with known violations as well as two large and widely used open source applications. Finally, MemSafe ensures complete safety with an average overhead of 88% on 30 programs commonly used for evaluating the performance of error detection tools. Copyright © 2012 John Wiley & Sons, Ltd.