MEDS: Enhancing Memory Error Detection for Large-Scale Applications
Prerequisites
cmakeandclang
Build MEDS supporting compiler
$ make
Build Using Docker
# build docker image
$ docker build -t meds .
# run docker image
$ docker run --cap-add=SYS_PTRACE -it meds /bin/bash
Testing MEDS
-
MEDS's testing runs original ASAN's testcases as well as MEDS specific testcases.
- Copied ASAN's testcases in
llvm/projects/compiler-rt/test/meds/TestCases/ASan - MEDS specific testcases in
llvm/projects/compiler-rt/test/meds/TestCases/Meds
- Copied ASAN's testcases in
-
To run the test,
$ make test
Testing Time: 30.70s
Expected Passes : 183
Expected Failures : 1
Unsupported Tests : 50
Build applications with MEDS heap allocation and ASan stack and global
- Given a test program
test.cc,
$ cat > test.cc
int main(int argc, char **argv) {
int *a = new int[10];
a[argc * 10] = 1;
return 0;
}
test.cccan be built using the option,-fsanitize=meds.
$ build/bin/clang++ -fsanitize=meds test.cc -o test
$ ./test
==90589==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x43fff67eb078 at pc 0x0000004f926d bp 0x7fffffffe440 sp 0x7fffffffe438
WRITE of size 4 at 0x43fff67eb078 thread T0
#0 0x4f926c in main (/home/wookhyun/release/meds-release/a.out+0x4f926c)
#1 0x7ffff6b5c82f in __libc_start_main /build/glibc-bfm8X4/glibc-2.23/csu/../csu/libc-start.c:291
#2 0x419cb8 in _start (/home/wookhyun/release/meds-release/a.out+0x419cb8)
Address 0x43fff67eb078 is a wild pointer.
SUMMARY: AddressSanitizer: heap-buffer-overflow (/home/wookhyun/release/meds-release/a.out+0x4f926c) in main
Shadow bytes around the buggy address:
0x08807ecf55b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x08807ecf55c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x08807ecf55d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x08807ecf55e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x08807ecf55f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x08807ecf5600: fa fa fa fa fa fa fa fa fa fa 00 00 00 00 00[fa]
0x08807ecf5610: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x08807ecf5620: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x08807ecf5630: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x08807ecf5640: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x08807ecf5650: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==90589==ABORTING
Options
-
-fsanitize=meds: Enable heap protection using MEDS (stack and global are protected using ASAN) -
-mllvm -meds-stack=1: Enable stack protection using MEDS -
-mllvm -meds-global=1 -mcmodel=large: Enable global protection using MEDS- This also requires
--emit-relocsinLDFLAGS
- This also requires
-
Example: to protect heap/stack using MEDS and global using ASAN
$ clang -fsanitize=meds -mllvm -meds-stack=1 test.c -o test
- Example: to protect heap/global using MEDS and stack using ASAN
$ clang -fsanitize=meds -mllvm -meds-global=1 -mcmodel=large -Wl,-emit-relocs test.c -o test
- Example: to protect heap/stack/global using MEDS
$ clang -fsanitize=meds -mllvm -meds-stack=1 -mllvm -meds-global=1 -mcmodel=large -Wl,--emit-relocs
Contributors
- Wookhyun Han ([email protected])
- Byunggil Joe ([email protected])
- Byoungyougn Lee ([email protected])
- Chengyu Song ([email protected])
- Insik Shin ([email protected])
2.3k Jan 04, 2023
1 Nov 10, 2021
0 Nov 17, 2021
15 Jul 11, 2022
769 Dec 27, 2022
34 Dec 04, 2022
93 Dec 28, 2022
55 Dec 29, 2022
25 Dec 12, 2022
26 Nov 24, 2022
3 Oct 25, 2022
3 Feb 26, 2022
0 Oct 21, 2022
1k Jan 06, 2023
1 Jan 05, 2022
1.4k Dec 23, 2022
1.1k Dec 10, 2022
731 Jan 01, 2023
328 Jan 09, 2023
31 Oct 13, 2022