Award Abstract # 1566154
CRII: SHF: EVID: Evidence-Assisted Detection and Elimination of Memory Errors in Single and Multi-threaded Programs

NSF Org: CCF
Division of Computing and Communication Foundations
Recipient: THE UNIVERSITY OF TEXAS AT SAN ANTONIO
Initial Amendment Date: February 16, 2016
Latest Amendment Date: March 22, 2018
Award Number: 1566154
Award Instrument: Standard Grant
Program Manager: Anindya Banerjee
abanerje@nsf.gov  (703)292-7885
CCF  Division of Computing and Communication Foundations
CSE  Directorate for Computer and Information Science and Engineering
Start Date: March 1, 2016
End Date: February 28, 2019 (Estimated)
Total Intended Award Amount: $174,731.00
Total Awarded Amount to Date: $206,731.00
Funds Obligated to Date: FY 2016 = $190,731.00
FY 2018 = $16,000.00
History of Investigator:
  • Tongping Liu (Principal Investigator)
     tongping@umass.edu
Recipient Sponsored Research Office: University of Texas at San Antonio
 1 UTSA CIR
 SAN ANTONIO
 TX  US  78249-1644
(210)458-4340
Sponsor Congressional District: 20
Primary Place of Performance: University of Texas at San Antonio
 1 UTSA Circle
 San Antonio
 TX  US  78249-3209
Primary Place of Performance
Congressional District:		 23
Unique Entity Identifier (UEI): U44ZMVYU52U6
Parent UEI: U44ZMVYU52U6
NSF Program(s): Software & Hardware Foundation,
CRII CISE Research Initiation
Primary Program Source: 01001617DB NSF RESEARCH & RELATED ACTIVIT
01001819DB NSF RESEARCH & RELATED ACTIVIT
Program Reference Code(s): 7943, 7798, 9251, 8228
Program Element Code(s): 779800, 026Y00
Award Agency Code: 4900
Fund Agency Code: 4900
Assistance Listing Number(s): 47.070

ABSTRACT

Title: CRII: SHF: EVID: Evidence-Assisted Detection and Elimination of Memory Errors in Single and Multi-threaded Programs

Despite decades of efforts, most real-world C/C++ software is still deployed with memory errors. Existing approaches either introduce significant performance overhead (for detection) or only partially defeat memory errors. The intellectual merits of this project are an evidence-assisted approach (EVID) for dynamic analysis and prevention of memory errors. The project's broader significance and importance are in (a) efficient and precise detection tools that significantly reduce manual effort in locating and fixing memory errors; (b) the improvement of availability and security of software systems; and (c) outreach to underrepresented groups such as Hispanic students.

This project proposes several techniques to detect and prevent memory errors, which can greatly reduce zero-day vulnerabilities and improve the reliability/security of software systems. EVID employs the following insight: it is often possible to discover the evidence of errors such as buffer overflows, use-after-frees, and memory leaks, after-the-fact. Assisted by the evidence, this project utilizes deterministic and instrumented re-execution to pinpoint the exact causes of memory errors in both single and multithreaded programs. EVID further proposes an innovative system that automatically eliminates detected memory errors, without restarting the software or compromising its availability. Thus the tools developed in the project have a direct impact on improving robustness of national cyberinfrastructure.

PUBLICATIONS PRODUCED AS A RESULT OF THIS RESEARCH

Note:  When clicking on a Digital Object Identifier (DOI) number, you will be taken to an external site maintained by the publisher. Some full text articles may not yet be available without a charge during the embargo (administrative interval).

Some links on this page may take you to non-federal websites. Their policies may differ from this site.

Hongyu Liu, Sam Silvestro, Wei Wang, Chen Tian, Tongping Liu. "iReplayer: In-situ and Identical Record-and-Replay for Multithreaded Applications" Proceedings of The 37th annual ACM SIGPLAN conference on Programming Language Design and Implementation (PLDI'18) , 2018
Hongyu Liu, Sam Silvestro Xiaoyin Wang, Lide Duan, Tongping Liu. "Causer: Context-Sensitive Overflow Detection" Proceedings of The 2019 International Symposium on Code Generation and Optimization (CGO'19). , 2019
Jinpeng Zhou, Sam Silvestro, Hongyu Liu, Yan Cai, Tongping Liu. "UnDead: Detecting and Tolerating Deadlocks in Production Software" Proceedings of 32nd IEEE/ACM International Conference on Automated Software Engineering (ASE'17). , 2017
Mohammad Mejbah ul Alam, Tongping Liu, Guangming Zeng, Abdullah Muzahid. "SyncPerf: Categorizing, Detecting, and Diagnosing Synchronization Performance Bugs" Proceedings of 2017 European Conference on Computer Systems (EuroSys'17). , 2017
Sam Silvestro, Hongyu Liu, Corey Crosser, Zhiqiang Lin, Tongping Liu. "FreeGuard: A Faster Secure Heap Allocator" Proceedings of ACM Conference on Computer and Communications Security (CCS'17). , 2017
Sam Silvestro, Hongyu Liu, Tianyi Liu, Zhiqiang Lin, Tongping Liu. "Guarder: A Tunable Secure Allocator" Proceedings of The 27th USENIX Security Symposium (Security'18) , 2018
Sam Silvestro, Hongyu Liu, Tong Zhang, Changhee Jung, Dongyoon Lee, Tongping Liu. "Sampler: PMU-based Sampling to Detect Memory Errors Latent in Production Software" Proceedings of The 51th International Symposium on Microarchitecture (Micro'18) , 2018
Sam Silvestro, Timothy T. Yuen, Corey Crosser, Dakai Zhu, Turgay Korkmaz, Tongping Liu. "A User Space-based Project for Practicing Core Memory Management Concepts" Proceedings of The 49th ACM Technical Symposium on Computer Science Education (SIGCSE'18) . , 2018
Tongping Liu, Charlie Curtsinger, Emery D. Berger. "DoubleTake: Fast and Precise Error Detection via Evidence-Based Dynamic Analysis." Proceedings of the 38th International Conference on Software Engineering (ICSE'16). , 2016

PROJECT OUTCOMES REPORT

Disclaimer

This Project Outcomes Report for the General Public is displayed verbatim as submitted by the Principal Investigator (PI) for this award. Any opinions, findings, and conclusions or recommendations expressed in this Report are those of the PI and do not necessarily reflect the views of the National Science Foundation; NSF has not approved or endorsed its content.

The project significantly advanced the state-of-the-arts in the following aspects.

1. It developped a novel record-and-replay system--iReplayer--for multithreaded applications, which could identically reproduce the original execution in the same process. This RnR system only imposes very little recording overhead, allowing it to be employed in the production systems.The paper is published in PLDI'18.

2. Based on the record-and-replay system, multiple tools have been built on top of it with the evidence-based approach. Two tools are developped to detect typical memory errors, such as buffer overflows and use-after-free bugs. The paper is published in PLDI'18.

3. Two secure memory allocators are built with this support. These memory allocators make it harder for attackers to succeed, even when applications have many latent memory errors. The papers are published in CCS'17 and USENIX Security'18, and the corresponding source code are openned in https://github.com/UTSASRG.

4. One tool of identifying one notorious concurrency issue--deadlocks--has been developped. Deadlocks may cause software to hang with no further progress. The tool imposes negligible runtime performanceoverhead (less than 3% on average) and small memory overhead(around 6%), without any storage consumption. After detection,UNDEADautomatically strengthens erroneous programs to pre-vent future occurrences of both existing and potential deadlock. The paper was published in ASE'17, and the source code is openned at https://github.com/UTSASRG .

5. One tool to identify the performance issue related with explicit synchronizations has been developped. it discovers many unknown but significant synchronization performance issues, but without imposing too much overhead for its detection. The paper was published in EuroSys'17, and the source code is openned at https://github.com/UTSASRG .

6. The first tool that could employ the sample of memory accesses to detect memory errors in the deployment environment has been developped. The paper was published in Micro'18, and the source code is openned at https://github.com/UTSASRG .

 

The project also has the following broader impacts.

1. One course project related to kernel memory management has been designed and applied to both graduate and undergraduate teaching in UTSA. This course project improves the performance of students by over 30%, and a SIGCSE'18 paper has been published on this. 

2. The project creates some products that attracts the industry partners, such as Mozilla. They are interested in integrating our secure memory allocator with Firefox. Currently, this project is undergoing. If successful, it will benefit millions of users of using Firefox, improving their security.

3. The project outreached to K12 students via mentoring at Youth Code Jam and coaching at "USTA Robotics Summer Camp".


Last Modified: 04/03/2019
Modified by: Tongping Liu

Please report errors in award information by writing to: awardsearch@nsf.gov.

Print this page

Back to Top of page

Top