Despite decades of efforts, most real-world C/C++ software is still deployed with memory errors. Existing approaches either introduce significant performance overhead (for detection) or only partially defeat memory errors. The intellectual merits of this project are an evidence-assisted approach (EVID) for dynamic analysis and prevention of memory errors. The project's broader significance and importance are in (a) efficient and precise detection tools that significantly reduce manual effort in locating and fixing memory errors; (b) the improvement of availability and security of software systems; and (c) outreach to underrepresented groups such as Hispanic students.
This project proposes several techniques to detect and prevent memory errors, which can greatly reduce zero-day vulnerabilities and improve the reliability/security of software systems. EVID employs the following insight: it is often possible to discover the evidence of errors such as buffer overflows, use-after-frees, and memory leaks, after-the-fact. Assisted by the evidence, this project utilizes deterministic and instrumented re-execution to pinpoint the exact causes of memory errors in both single and multithreaded programs. EVID further proposes an innovative system that automatically eliminates detected memory errors, without restarting the software or compromising its availability. Thus the tools developed in the project have a direct impact on improving robustness of national cyberinfrastructure.
