Field of the Invention
This invention relates to computing systems, and more particularly to memory corruption detection.
Description of the Related Art
Memory corruption may occur when the contents of a memory location are unintentionally modified due to programming errors. One example of such corruption is an access of a byte of memory past the end of the array of bytes reserved for a particular data structure. In addition, memory corruption may occur when the contents of a memory location are intentionally modified by a malicious attack. When the corrupted memory contents are used later in the computer program, it may lead either to a program crash or to unexpected program behavior. Some programming languages (for example, C and C++) include features such as explicit memory management and pointer arithmetic. These features allow development of efficient applications and system software. However, when a computer programmer incorrectly uses these features, memory corruption may occur. “Memory corruption” is used in a broad sense and may refer to various issues such as bad pointers, buffer overruns, malicious attacks, etc.
A computer programming language may be characterized as “type safe” when the language does not permit a computer programmer to use a value as a data type to which it does not belong. For example, a type safe programming language does not allow conversion of an integer variable to a pointer value. The C programming language is one example of a “type unsafe” language due to casting, particularly the casting of pointers to void pointers and back. The C++ programming language includes most of the C programming language as a subset. Therefore, the C++ programming language inherits the “type unsafe” property.
A computer programming language may be characterized as “memory safe” when the language allows programs to release a portion of memory when it is determined the portion of memory is unused for the remainder of the program evaluation. A programming language that is “memory unsafe” may cause security vulnerabilities with random-access memory (RAM) access, such as buffer overflows and dangling pointers. Programming languages, such as C and C++, that support arbitrary pointer arithmetic, casting, and deallocation are typically “memory unsafe”. Some high-level programming languages are memory safe due to disallowing pointer arithmetic and casting, and enforcing tracing garbage collection. However, programming efficiency may be reduced.
Many malicious attacks reduce system security through memory corruption and may exploit memory unsafe and/or type unsafe characteristics of a programming language. For example, a type unsafe language may not prevent programming errors such as allowing user input to be used as a pointer value. A malicious attacker may exploit such programming errors to create memory corruption attacks and access various portions of programs or data. Other examples of programming errors include vulnerabilities regarding buffer overflow, heap corruption (such as heap buffer overflow and double free), integer overflow, and format strings.
When memory corruption is detected, precise identification of a memory access instruction that caused the corruption and the associated program state may be very helpful to application developers, e.g., for debugging purposes.