Static Analysis for Transitioning to CHERI C/C plus

被引:0
|
作者
Dudina, Irina [1 ]
Stark, Ian [1 ]
机构
[1] Univ Edinburgh, Edinburgh, Midlothian, Scotland
来源
PROCEEDINGS OF THE 13TH ACM SIGPLAN INTERNATIONAL WORKSHOP ON THE STATE OF THE ART IN PROGRAM ANALYSIS, SOAP 2024 | 2024年
关键词
Static Analysis; CHERI; software porting;
D O I
10.1145/3652588.3663323
中图分类号
TP18 [人工智能理论];
学科分类号
081104 ; 0812 ; 0835 ; 1405 ;
摘要
We describe and evaluate custom static analyses to support transitioning C/C++ code to CHERI hardware. CHERI is a novel architectural extension, implemented for RISC-V and AArch64, that uses capabilities to provide fine-grained memory protection and scalable software compartmentalisation. We provide custom checkers for the Clang Static Analyzer to handle capability alignment, copying through memory, and manipulation as integers; as well as evaluating these on a sample of packages from the CheriBSD ports library. While the existing CHERI toolchain can recompile large code collections for the platform with only a few source changes, we demonstrate that static analysis can help to identify where and what those changes must be to avoid later runtime faults.
引用
收藏
页码:52 / 59
页数:8
相关论文
共 50 条
  • [1] CHERI: Hardware-Enabled C/C plus plus Memory Protection at Scale
    Watson, Robert N. M.
    Chisnall, David
    Clarke, Jessica
    Davis, Brooks
    Filardo, Nathaniel Wesley
    Laurie, Ben
    Moore, Simon W.
    Neumann, Peter G.
    Richardson, Alexander
    Sewell, Peter
    Witaszczyk, Konrad
    Woodruff, Jonathan
    [J]. IEEE SECURITY & PRIVACY, 2024, 22 (04) : 50 - 61
  • [2] Static Analysis Approach for Defect Detection in Multithreaded C/C plus plus Programs
    Moiseev, Mikhail
    [J]. SOFTWARE ENGINEERING FOR RESILIENT SYSTEMS, SERENE 2013, 2013, 8166 : 169 - 183
  • [3] Comparative Study on Static Code Analysis Tools for C/C plus
    Fatima, Anum
    Bibi, Shazia
    Hanif, Rida
    [J]. PROCEEDINGS OF 2018 15TH INTERNATIONAL BHURBAN CONFERENCE ON APPLIED SCIENCES AND TECHNOLOGY (IBCAST), 2018, : 465 - 469
  • [4] PhASAR: An Inter-procedural Static Analysis Framework for C/C plus
    Schubert, Philipp Dominik
    Hermann, Ben
    Bodden, Eric
    [J]. TOOLS AND ALGORITHMS FOR THE CONSTRUCTION AND ANALYSIS OF SYSTEMS, PT II, 2019, 11428 : 393 - 410
  • [5] Static analysis usage for customizable semantic checks of C and C plus plus programming languages constraints
    Ignatyev, Valery
    [J]. 2014 SEVENTH IEEE INTERNATIONAL CONFERENCE ON SOFTWARE TESTING, VERIFICATION AND VALIDATION WORKSHOPS (ICSTW 2014), 2014, : 241 - 242
  • [6] On the Use of Open-Source C/C plus plus Static Analysis Tools in Large Projects
    Pereira, Jose D'Abruzzo
    Vieira, Marco
    [J]. 2020 16TH EUROPEAN DEPENDABLE COMPUTING CONFERENCE (EDCC 2020), 2020, : 97 - 102
  • [7] Finding parallel patterns through static analysis in C plus plus applications
    del Rio Astorga, David
    Dolz, Manuel F.
    Miguel Sanchez, Luis
    Daniel Garcia, J.
    Danelutto, Marco
    Torquati, Massimo
    [J]. INTERNATIONAL JOURNAL OF HIGH PERFORMANCE COMPUTING APPLICATIONS, 2018, 32 (06): : 779 - 788
  • [8] Static Analysis of Functors' Mathematical Properties in C plus plus Source Code
    Babati, Bence
    Pataki, Norbert
    [J]. INTERNATIONAL CONFERENCE ON NUMERICAL ANALYSIS AND APPLIED MATHEMATICS (ICNAAM-2018), 2019, 2116
  • [9] A Comparison of Open-Source Static Analysis Tools for Vulnerability Detection in C/C plus plus Code
    Arusoaie, Andrei
    Ciobaca, Stefan
    Craciun, Vlad
    Gavrilut, Dragos
    Lucanu, Dorel
    [J]. 2017 19TH INTERNATIONAL SYMPOSIUM ON SYMBOLIC AND NUMERIC ALGORITHMS FOR SCIENTIFIC COMPUTING (SYNASC 2017), 2017, : 161 - 168
  • [10] Detection of Incorrect Pointer Dereferences for C/C plus plus Programs using Static Code Analysis and Logical Inference
    Vert, Tatiana
    Krikun, Tatiana
    Glukhikh, Mikhail
    [J]. 2013 TOOLS & METHODS OF PROGRAM ANALYSIS (TMPA 2013), 2013, : 78 - 82
12345