Manuel Rigger,
"Safe and Efficient Execution of LLVM-based Languages"
, Eigenverlag, 11-2018
Original Titel:
Safe and Efficient Execution of LLVM-based Languages
Sprache des Titels:
Englisch
Original Kurzfassung:
In unsafe languages like C/C++, errors such as buffer overflows cause Undefined Behavior. Typically, compilers handle undefined behavior in some arbitrary way, for example, they disregard it when optimizing and omit inserting checks that could detect it. Consequently, undefined behavior often results in hard-to-find bugs and security vulnerabilities, for example, when a buffer overflow corrupts memory.
Existing bug-finding tools that instrument code to detect undefined behavior often suffer from compilers that possibly optimize code so that errors are no longer detected. Alternatively, unsafe code could be rewritten in a safe language like Java, which is well defined and where such errors are detected. However, this would incur an infeasible-high cost for many projects.
To tackle undefined behavior, we came up with an approach to execute unsafe languages on the Java Virtual Machine. We implemented this approach as Safe Sulong, a system that includes an interpreter for unsafe languages, which is written in Java. By relying on Java's well-definedness and its automatic run-time checks, the interpreter can detect buffer overflows and other errors during its execution and can terminate the program in such cases. Safe Sulong tracks metadata such as types and object bounds, which we provide to programmers over an introspection interface, so that they can use this data to mitigate errors and to implement additional checks. The interpreter also supports unstandardized elements in C code such as the most common inline assembly and GCC builtins. To implement them, we first studied their usage in a large number of open-source projects.
Sulong is used in GraalVM, a commercially-used multi-lingual virtual machine. Since Sulong allows the implementation of efficient native function interfaces, our safe execution mechanism could also make the execution of native extensions of other languages such as Ruby, Python, and R safer.