add more content in contr
This commit is contained in:
parent
1f3acda060
commit
559edf38aa
|
@ -14,8 +14,8 @@ UBs: division by zero, oversized shift, signed integer overflow,
|
|||
out-of-bounds pointer, null pointer dereference, type-punned pointer
|
||||
dereference and uninitialized read. The consequences of these
|
||||
optimizations range from unexpected code
|
||||
generation~\cite{chen_2014,fermat_ub} to real-life
|
||||
vulnerabilities~\cite{mitre_ub}.
|
||||
generation~\cite{chen2014,fermatub} to real-life
|
||||
vulnerabilities~\cite{mitreub}.
|
||||
|
||||
To address these issues the research community created solutions that
|
||||
tackle the problem from different angles. One approach was to introduce
|
||||
|
|
19
TSW/bib.bib
19
TSW/bib.bib
|
@ -7,7 +7,7 @@ and Zeldovich, Nickolai and Kaashoek, M Frans},
|
|||
year={2012}
|
||||
}
|
||||
|
||||
@misc{checks_2008,
|
||||
@misc{checks2008,
|
||||
title={CERT/CC Vulnerability note vu162289},
|
||||
url={https://www.kb.cert.org/vuls/id/162289/},
|
||||
journal={VU162289 - C compilers may silently discard some wraparound
|
||||
|
@ -35,7 +35,7 @@ Systems Principles},
|
|||
year={2003}
|
||||
}
|
||||
|
||||
@misc{google_2015, title={BORINGCC},
|
||||
@misc{google2015, title={BORINGCC},
|
||||
url={https://groups.google.com/g/boring-crypto/c/48qa1kWignU/m/o8GGp2K1DAAJ},
|
||||
journal={Google}, publisher={Google}, year={2015}, month={Dec}}
|
||||
|
||||
|
@ -48,7 +48,7 @@ Programmierung (KPS 2015)},
|
|||
year={2015}
|
||||
}
|
||||
|
||||
@misc{regehr_2014,
|
||||
@misc{regehr2014,
|
||||
title={Proposal for a Friendly Dialect of C},
|
||||
url={https://blog.regehr.org/archives/1180},
|
||||
journal={Embedded in Academia},
|
||||
|
@ -57,7 +57,7 @@ Programmierung (KPS 2015)},
|
|||
month={Aug}
|
||||
}
|
||||
|
||||
@misc{chen_2014,
|
||||
@misc{chen2014,
|
||||
title={Undefined behavior can result in time travel},
|
||||
url={https://devblogs.microsoft.com/oldnewthing/20140627-00/?p=633},
|
||||
journal={The Old New Thing},
|
||||
|
@ -66,7 +66,7 @@ Programmierung (KPS 2015)},
|
|||
month={June}
|
||||
}
|
||||
|
||||
@misc{mitre_ub,
|
||||
@misc{mitreub,
|
||||
title={CVE Records on Undefined Behavior Vulnerabilities},
|
||||
url={https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=undefined+behavior},
|
||||
year={2022}
|
||||
|
@ -121,13 +121,20 @@ Programming Language Design and Implementation},
|
|||
publisher={Wiley Online Library}
|
||||
}
|
||||
|
||||
@misc{fermat_ub,
|
||||
@misc{fermatub,
|
||||
title={Undefined Behavior and Fermat's Last Theorem},
|
||||
url={https://web.archive.org/web/20201108094235/https://kukuruku.co/post/undefined-behavior-and-fermats-last-theorem/},
|
||||
year={2015},
|
||||
month={March}
|
||||
}
|
||||
|
||||
@misc{fnodeletelinux,
|
||||
title={Add -fno-delete-null-pointer-checks to gcc CFLAGS},
|
||||
url={https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a3ca86aea507904148870946d599e07a340b39bf},
|
||||
year={2009},
|
||||
month={July}
|
||||
}
|
||||
|
||||
@article{lee2017taming,
|
||||
title={Taming undefined behavior in LLVM},
|
||||
author={Lee, Juneyoung and Kim, Yoonseung and Song, Youngju and Hur,
|
||||
|
|
|
@ -2,10 +2,41 @@
|
|||
|
||||
Given the little research done in the field of analying the performance
|
||||
of UB optimizations, this study aims to provide insights of the
|
||||
performance on a specific class of software applications, i.e. operating
|
||||
systems.
|
||||
performance of these optimizations on a specific class of software
|
||||
applications, i.e. operating systems.
|
||||
|
||||
We take a self-contained operating system with focus on robustness and
|
||||
The first step of our work is to filter out all UB instances
|
||||
presented in the standard and focus on the UBs that present a potential
|
||||
for being used in compiler optimizations. Our filtering strategy is
|
||||
based on the assumption that all UBs that conflict with the
|
||||
intentionality of the progammer shall not be used to issue code
|
||||
optimizations.
|
||||
|
||||
Then we modify the compiler implementation to turn off these
|
||||
optimizatoins. A preliminary list of such UB extracted from the standard
|
||||
is:
|
||||
\begin{itemize}
|
||||
\item An arithmetic operation is invalid (such as division or modulus by
|
||||
0) or produces a result that cannot be represented in the space provided
|
||||
(such as overflow or underflow) (\$3.3).
|
||||
\item An invalid array reference, null pointer reference, or reference
|
||||
to an object declared with automatic storage duration in a terminated
|
||||
block occurs (\$3.3.3.2).
|
||||
\item A pointer is converted to other than an integral or pointer type
|
||||
(\$3.3.4).
|
||||
\end{itemize}
|
||||
|
||||
\todo{talk here or somewhere else about the pratical consequences of UB
|
||||
optimizations}
|
||||
The first UB could lead to code being eliminated if the compiler detects
|
||||
that the arithmetic operation is incompatible with the
|
||||
standard~\cite{wang2012undefined}. The second UB could discard security
|
||||
checks for NULL pointers~\cite{fnodeletelinux} and the third UB could
|
||||
break manual optimizatoins on floating point
|
||||
numbers~\cite{lomont2003fast}.
|
||||
|
||||
To analyze the role of these optimizations in real-life software, we
|
||||
take a self-contained operating system with focus on robustness and
|
||||
security, i.e. OpenBSD, and compile it on one hand with UB optimizations
|
||||
turned on and on the other hand with UB optimizations turned off. After
|
||||
this stage, the result will be two comparison canditates which will be
|
||||
|
|
|
@ -10,9 +10,9 @@ suddenly broken in newer versions because the standard imposes no
|
|||
requirements on undefined behavior.
|
||||
|
||||
This has created serious security problems throughout the
|
||||
years~\cite{wang2012undefined,checks_2008}. A number of initiatives to
|
||||
years~\cite{wang2012undefined,checks2008}. A number of initiatives to
|
||||
solve this problem were started from different
|
||||
parties~\cite{google_2015,regehr_2014,wang2013towards} however the
|
||||
parties~\cite{google2015,regehr2014,wang2013towards} however the
|
||||
problem still persists. The primary open source developer groups have
|
||||
seized the unsteady definition of undefined behavior to justify
|
||||
dangerous slient code transformations that break the intention of the
|
||||
|
|
|
@ -6,6 +6,7 @@
|
|||
\usepackage{textcomp}
|
||||
\usepackage{xcolor}
|
||||
\usepackage{listings}
|
||||
\usepackage{url}
|
||||
\def\BibTeX{{\rm B\kern-.05em{\sc i\kern-.025em b}\kern-.08em
|
||||
T\kern-.1667em\lower.7ex\hbox{E}\kern-.125emX}}
|
||||
|
||||
|
|
Loading…
Reference in New Issue