Towards Optimization-Safe Systems: Analyzing the Impact of Undefined Behavior
, MIT CSAIL
Date: Wednesday, October 02, 2013
Time: 4:00 PM to 5:00 PM Note: all times are in the Eastern Time Zone
Refreshments: 4:00 PM
Host: CSAIL Security Seminar
Contact: Raluca Ada Popa, firstname.lastname@example.org
Speaker URL: None
TALK: Towards Optimization-Safe Systems: Analyzing the Impact of Undefined Behavior
Abstract: This talk will give an overview of an emerging class of software bugs called optimization-unstable code: code that is unexpectedly discarded by compiler optimizations due to undefined behavior in the program. Unstable code is present in many systems, including the Linux kernel and the Postgres database. The consequences of unstable code range from incorrect functionality to missing security checks.
To reason about unstable code, this talk will present a novel model, which views unstable code in terms of optimizations that leverage undefined behavior. Using this model, we introduce a new static checker called STACK that precisely identifies unstable code. Applying STACK to widely used systems has uncovered 160 new bugs that have been confirmed and fixed by developers.
Created by Raluca Ada Popa at Tuesday, October 01, 2013 at 3:40 PM.