1. Field of the Invention
This invention relates to computing systems, and more particularly, to efficient memory corruption detection.
2. Description of the Relevant Art
Memory corruption occurs when the contents of a memory location are unintentionally modified due to programming errors. An example of this could be the access of a byte of memory past the end of the array of bytes reserved for a particular data structure. In addition, memory corruption may occur when the contents of a memory location are intentionally modified by a malicious attack. When the corrupted memory contents are used later in the computer program, it may lead either to a program crash or to strange program behavior. Regarding the first case, some programming languages include features such as explicit memory management and pointer arithmetic. These features allow development of efficient applications and system software. However, when a computer programmer incorrectly uses these features, memory corruption may occur. The programming languages C and C++ are two examples of such languages.
The behavior of programming languages may be categorized at least with type safety and memory safety. A computer programming language may be characterized as “type safe” when the language does not permit a computer programmer to use a value as a data type to which it does not belong. For example, a type safe programming language does not allow conversion of an integer variable to be a pointer value. The C programming language is one example of a “type unsafe” language due to casting, particularly the casting of pointers to void pointers and back. The C++ programming language includes most of the C programming language as a subset. Therefore, the C++ programming language inherits the “type unsafe” property.
A computer programming language may be characterized as “memory safe” when the language allows programs to release a portion of memory when it is determined the portion of memory is unused for the remainder of the program evaluation. A programming language that is “memory unsafe” may cause security vulnerabilities with random-access memory (RAM) access, such as buffer overflows and dangling pointers. Programming languages, such as C and C++, that support arbitrary pointer arithmetic, casting, and deallocation are typically “memory unsafe”. Some high-level programming languages are memory safe due to disallowing pointer arithmetic and casting, and enforcing tracing garbage collection. However, programming efficiency may be reduced. Type safety typically depends on memory safety.
Many malicious attacks reduce system security through memory corruption. A pointer may be referred to as tainted if user input can be used as the pointer value. A security attack may be detected whenever a tainted value is de-referenced during program execution. Programming errors allow attackers to create memory corruption attacks, wherein these errors include vulnerabilities regarding buffer overflow, heap corruption (such as heap buffer overflow and double free), integer overflow, and format strings.
There are software solutions for memory corruption detection. Debugging tools such as Oracle Solaris Studio, Purify, Valgrind, and Insure++ perform this detection. However, these debuggers typically perform instrumentation of the computer program, which may cause program execution to run hundreds of times slower.
In view of the above, efficient methods and mechanisms for memory corruption detection are desired.