search menu icon-carat-right cmu-wordmark

Automated Code Repair to Ensure Spatial Memory Safety

June 2021 Presentation
William Klieber, Ruben Martins, Ryan Steele, Matt Churilla, Mike McCall, David Svoboda

In this presentation, the authors discuss a technique for repairing C code to protect against potential violations of spatial memory safety.


Software Engineering Institute


We present a technique for repairing C code to protect against potential violations of spatial memory safety. Many existing techniques can harden software against memory bugs as part of a compiler pass. However, this creates dependencies on the compiler and makes it difficult to fine-tune or even inspect the repairs. We propose an automated technique for repairing the source code to eliminate spatial memory vulnerabilities.

Performing the repair at the source-code level introduces a new challenge: analysis and transformation are most easily done on an intermediate representation (IR), but existing techniques using IRs have fundamental limitations in regards to translating changes back to the level of source code. We break this challenge into two parts: (1) translating changes at the level of the IR to the abstract syntax tree (AST) level, and (2) translating changes at the AST level back to the original source-code text.
Preemptively repairing potential memory bugs leads to a tradeoff between performance overhead and memory safety. While for safety-critical applications this trade-off may be acceptable, for other applications we can reduce the performance overhead by only repairing suspicious locations.
We implemented our approach in a tool called ACR and show that it can repair spatial memory vulnerabilities on buggy programs from the Software Verification Competition. Additionally, we also ran ACR on medium-size programs and preliminary results show the scalability of ACR for thousands of lines of code.  Finally, we integrated ACR with static analysis tools and show that the performance overhead is small when repairing only locations that are flagged by a static analyzer.