qi gao wenbin zhang yan tang and feng qin
play

Qi Gao, Wenbin Zhang, Yan Tang, and Feng Qin The Ohio State - PowerPoint PPT Presentation

Jan 27, 2023 •552 likes •820 views

Qi Gao, Wenbin Zhang, Yan Tang, and Feng Qin The Ohio State University 1 Memory Management Bugs are Severe Memory management bugs: Programming errors related to memory management E.g., buffer overflows, dangling pointers, etc.

  1. Qi Gao, Wenbin Zhang, Yan Tang, and Feng Qin The Ohio State University 1

  2. Memory Management Bugs are Severe  Memory management bugs:  Programming errors related to memory management  E.g., buffer overflows, dangling pointers, etc.  Causing severe problems during production runs  System hangs or crashes  System compromises [ US-CERT]  Long delays for diagnosing and fixing the bugs [ Symantec 2006, Arbaugh 2000] 2

  3. Desired Features for Handling Memory Bugs at Production Runs?  Quick recovery  Improving availability  Immune from future errors  Covering the time window before official bug fixes  Safe  Not introduce new bugs  Useful diagnosis reports  Assisting offline bug diagnosis  Low overhead  For production runs 3

  4. Existing Solutions Category Exam ples Lim itations Oblivion- Failure-oblivious computing, Unsafe based reactive immune systems Redundancy- N-version programming, Expensive based recovery blocks, DieHard, Exterminator Avoidance- Rx, Archipelago Expensive or based Non-immune 4

  5. Our Contributions  First-Aid: A low-overhead method for surviving and preventing memory bugs  Environmental change based failure diagnosis  Runtime patches for surviving failures and preventing future errors  Evaluation with seven real-world applications  Fast diagnosis and failure recovery (0.887 sec on average)  Effective in preventing bug reoccurrence  Low runtime overhead (3.7% on average)  Informative bug reports 5

  6. Outline  Motivation & Introduction  First-Aid Overview  Design and Algorithms  Software architecture  Diagnosis algorithm  Validation algorithm  Evaluation  Conclusion 6

  7. Environmental Changes for Failure Diagnosis  Two types of environmental changes for diagnosis:  Preventive changes  Exposing changes  Execution environments:  Everything but the program itself  E.g., runtime systems, operating systems, etc. 7

  8. An Example of Preventive and Exposing Changes * Canary: a bit pattern that B unlikely appears in normal execution, e.g. 0xdeadbeef Exposing change: Preventive change: Pad with canary* add padding B B Enlarge buffer size: (padding is random data) 1. Detect Overflow!!!  can prevent failure but not proving occurrence 2. Identify bug-affected (possibly cure other types due to disturbance) objects 8

  9. Environmental Changes for Different Types of Memory Bugs Exposing changes Application Bug types Preventive changes (Bug manifestations) points Buffer Padding objects with Padding new objects allocation overflow canary (corruption) Dangling Fill objects with canary Delay free deallocation pointer read (failure) Dangling Fill objects with canary Delay free deallocation pointer write (corruption) Check parameters Double free Delay free deallocation (free twice) Uninitialized Fill new objects with Fill new objects with allocation read zeros canary (failure) 9

  10. Runtime Patches Preventive changes/ Exposing changes Application Bug types Runtime patches (Bug manifestations) points Buffer Padding objects with Padding new objects allocation overflow canary (corruption) Dangling Fill objects with canary Delay free deallocation pointer read (failure) Dangling Fill objects with canary Delay free deallocation pointer write (corruption) Check parameters Double free Delay free deallocation (free twice) Uninitialized Fill new objects with Fill new objects with allocation read zeros canary (failure) 10

  11. First-Aid Working Scenario Failure or Error Program Detected Checkpoint execution bug diagnosis patch patch validation generation re-execute multiple times patch with randomization list allocation/ illegal diagnosis patch deallocation access log details one diagnosis step trace trace rollback to re-execute analyze checkpoint with change result bug report 11

  12. Outline  Motivation & introduction  First-Aid overview  Design and algorithms  Software architecture  Diagnosis algorithm  Validation algorithm  Evaluation  Summary 12

  13. First-Aid Architecture Application Memory Allocator Error Lightweight Extension Monitor(s) Checkpoint/ Rollback Diagnosis Validation Patch Engine Engine Management First-Aid 13

  14. Diagnosis Engine  Phase I:  Is the failure due to memory bug(s)?  Which checkpoint to rollback to for diagnosis and patching?  Phase II:  Which type(s) of memory bug(s) has occurred?  What memory objects are potentially affected by the bug? 14

  15. Diagnosis Phase I Phase I : I s the failure due to m em ory bug( s) ? W hich checkpoint to rollback to? Pass Re-execute: Rollback All preventive changes on All objects from this checkpoint We know: 1. A memory bug 2. Triggered after this checkpoint 15

  16. Diagnosis Phase II Phase I I : W hich bug type? W here to patch? Manifested Not m anifested Re-execute: Locate the call-sites by: exposing one type, and 1. check corruption, or preventing other types 2. binary search on all memory objects Call-site: undecided set identified set [ 0x806437b] [ 0x80651a8] [ 0x8074d94] We know: buffer overflow 1. Buffer overflow bug 2. Exact call-sites Enough for patch double free generation 16

  17. Validation Engine Validation: Does the patch have consistent effects? Randomized Instrumentation allocation E.g. read before allocation/ illegal initialization; write I teration 1 : deallocation access over boundary; trace trace etc. Cross check: 1. patch triggering allocation/ illegal 2. illegal accesses I teration 2 : deallocation access 3. offset of each illegal trace trace access allocation/ illegal I teration 3 : deallocation access In parallel with trace trace recovered program 17

  18. Outline  Motivation & introduction  First-Aid overview  Design and algorithms  Software architecture  Diagnosis algorithm  Validation algorithm  Evaluation  Summary 18

  19. Experimental Setup  Implementation:  Linux 2.4.22 with flashback checkpointing support  Extension based on Lea allocator (used in GNU libc)  Platform:  Intel Xeon 3.00 GHz, 2MB L2 cache, 2GB memory  100 Mbps Ethernet connection  Applications:  Effectiveness: 7 applications (Apache, Squid, CVS, Pine, Mutt, M4, and BC), 7 real bugs, 2 injected bugs  Overhead: the above 7 applications, SPEC INT2000, allocation intensive benchmarks 19

  20. Overall Effectiveness Runtime patch Error Recovery Application Diagnosed bugs (call-sites applied) prevention time (s) dangling pointer Apache delay free (7) Yes 3.978 read Yes Squid buffer overflow add padding (1) 0.386 Yes CVS double free delay free (1) 0.121 Yes Pine buffer overflow add padding (1) 0.722 Yes Mutt buffer overflow add padding (1) 0.617 dangling pointer M4 delay free (2) Yes 1.396 read Yes BC buffer overflow add padding (3) 0.573 Yes Apache-uir* uninitialized read fill with zero (1) 0.102 dangling pointer Yes Apache-dpw* delay free (1) 0.084 write 20

  21. Comparison with Rx and Restart  Trigger the buffer overflow bug in Squid periodically after 7 second Restart Rx First-Aid Throughput (MB/ s) 12 10 8 6 4 2 0 0 5 10 15 20 25 Elapsed Time (s) 21

  22. Scope of Patch  Call-sites and memory objects affected by runtime patches in buggy regions Call-sites Objects Nam e First-Aid Rx Ratio First-Aid Rx Ratio Apache 7 32 21.88% 315 2567 12.23% Squid 1 61 1.64% 1 3626 0.03% CVS 1 44 2.27% 17 306 5.56% Pine 1 380 0.26% 11 2881 0.38% Mutt 1 216 0.46% 2 5004 0.04% M4 2 8 25.00% 3 183 1.64% BC 3 34 8.82% 5 732 0.68% 22

  23. Runtime Overhead Original Allocator Overall 1.2 1.09 1.12 1.09 1.02 1.04 1.04 1.05 1.03 1.06 1.06 1.04 1.02 1.02 1.02 1.02 1.00 1.00 1.02 1.02 1.02 1.03 1.03 1.01 1 0.8 0.6 0.4 0.2 0 CVS BC 176.gcc cfrac p2c Apache Squid Pine M4 164.gzip 175.vpr 181.mcf 186.crafty 197.parser 252.eon 253.perlbmk 255.vortex 256.bzip2 300.twolf espresso lindsay Average Mutt Allocation Applications SPEC I NT2 0 0 0 23 I ntensive

  24. Conclusions and Limitations  Avoidance-based methods with accurate diagnosis can efficiently and effectively survive and prevent memory management bugs.  Limitations:  Cannot handle all types of memory bugs (e.g. memory leaks, incorrect pointer arithmetics)  Cannot handle memory bugs that manifest themselves silently  Need more powerful error checkers 24

  25. Future Work and Acknowledgements  Future Work  Evaluate First-Aid with more types of memory bugs in more applications  Extend First-Aid to support multi-tier server applications  Acknowledgements  Our shepherd: Julia Lawall  Anonymous reviewers  Wei Huang, Matthew Koop, Chris Stewart, Guoqing Xu, and Yuanyuan Zhou 25

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Jian Tang, Yibing Zhang Sun Yat-Sen University, Guangzhou Yu-Feng Li Institute of High-Energy

Jian Tang, Yibing Zhang Sun Yat-Sen University, Guangzhou Yu-Feng Li Institute of High-Energy

Search for new physics with accelerator neutrino experiments Jian Tang, Yibing Zhang Sun Yat-Sen University, Guangzhou Yu-Feng Li Institute of High-Energy Physics, CAS Emilio Ciuffoli, Jarah Evslin, Qiang Fu Institute of Modern Physics, CAS

803 views • 23 slides
in Large Networks Wenbin Tang, Honglei Zhuang, Jie Tang Dept. of Computer Science Tsinghua

in Large Networks Wenbin Tang, Honglei Zhuang, Jie Tang Dept. of Computer Science Tsinghua

Learning to Infer Social Ties in Large Networks Wenbin Tang, Honglei Zhuang, Jie Tang Dept. of Computer Science Tsinghua University Real social networks are complex... Nobody exists only in one social network. Public network vs.

587 views • 25 slides
yCAT: : Young Childrens Assistive Technology DRS. JOZKOWSKI, TANG AND FENG Introduction

yCAT: : Young Childrens Assistive Technology DRS. JOZKOWSKI, TANG AND FENG Introduction

yCAT: : Young Childrens Assistive Technology DRS. JOZKOWSKI, TANG AND FENG Introduction Spinal Muscular Atrophy (SMA) is a rare genetic disease The incidence of SMA is approximately 1 in 6,000 to 10,000 and there are more than 750,000

537 views • 12 slides
TRECVID 2008 CBCD TRECVID 2008. CBCD MCG-ICT-CAS MCG-ICT-CAS Sheng Tang Yongdong Zhang Ke Gao

TRECVID 2008 CBCD TRECVID 2008. CBCD MCG-ICT-CAS MCG-ICT-CAS Sheng Tang Yongdong Zhang Ke Gao

TRECVID 2008 CBCD TRECVID 2008. CBCD MCG-ICT-CAS MCG-ICT-CAS Sheng Tang Yongdong Zhang Ke Gao Xiao Wu Sheng Tang, Yongdong Zhang, Ke Gao, Xiao Wu, Xiaoyuan Cao, Huamin Ren,Yufen Wu, Jian Yang Institute of Computing Technology, Chinese

705 views • 31 slides
Large-Scale Data Management and Analysis for Astronomical Research Presenter: Cheng-Hsien Tang

Large-Scale Data Management and Analysis for Astronomical Research Presenter: Cheng-Hsien Tang

Large-Scale Data Management and Analysis for Astronomical Research Presenter: Cheng-Hsien Tang Authors: Cheng-Hsien Tang, Min-Feng Wang, Wei-Jen Wang, Meng-Feng Tsai*, Yuji Urata,

1.07k views • 59 slides
Sampling Representative Users from Large Social Networks Jie Tang, Chenhui Zhang Tsinghua

Sampling Representative Users from Large Social Networks Jie Tang, Chenhui Zhang Tsinghua

Sampling Representative Users from Large Social Networks Jie Tang, Chenhui Zhang Tsinghua University Keke Cai, Li Zhang, Zhong Su IBM, China Research Lab Download Code&Data here: http://aminer.org/repuser 1 Sampling Representative Users

409 views • 22 slides
and Deformable Objects in Hand-object Interactions Hao Zhang, Zi-Hao Bo, Jun-Hai Yong, Feng Xu *

and Deformable Objects in Hand-object Interactions Hao Zhang, Zi-Hao Bo, Jun-Hai Yong, Feng Xu *

InteractionFusion: Real-time Reconstruction of Hand Poses and Deformable Objects in Hand-object Interactions Hao Zhang, Zi-Hao Bo, Jun-Hai Yong, Feng Xu * School of Software, Tsinghua University Outline Background Overview LSTM-based

315 views • 29 slides
Geovisualization of Air-Sea CO 2 Flux Using Volume Rendring Feng Zhang Zhejiang University, China

Geovisualization of Air-Sea CO 2 Flux Using Volume Rendring Feng Zhang Zhejiang University, China

Geovisualization of Air-Sea CO 2 Flux Using Volume Rendring Feng Zhang Zhejiang University, China 4808 Ellison Hall Zhangfeng.zju@gmail.com Human impacts on the carbon cycle are the most important cause of climate change. About 26% of the total

245 views • 13 slides
Diffusion of Following Links in Microblogging Networks Jing Zhang Tsinghua University

Diffusion of Following Links in Microblogging Networks Jing Zhang Tsinghua University

Diffusion of Following Links in Microblogging Networks Jing Zhang Tsinghua University Collaborate with Wei Chen ( MSRA ) Zhanpeng Fang and Jie Tang ( THU ) Jing Zhang, ZhanpengFang, Wei Chen, and Jie Tang. Diffusion of Following

765 views • 25 slides
Yutao Zhang + , Jie Tang + , Zhilin Yang + , Jian Pei # , and Philip S. Yu* + Tsinghua University #

Yutao Zhang + , Jie Tang + , Zhilin Yang + , Jian Pei # , and Philip S. Yu* + Tsinghua University #

COSNET: Connecting Heterogeneous Social Networks with Local and Global Consistency Yutao Zhang + , Jie Tang + , Zhilin Yang + , Jian Pei # , and Philip S. Yu* + Tsinghua University # Simon Fraser University * University of Illinois at Chicago 1

471 views • 30 slides
Buddy Memory Allocation in Zephyr RTOS L o L o g o g o Authors: Feng Zhang , Yongwang Zhao

Buddy Memory Allocation in Zephyr RTOS L o L o g o g o Authors: Feng Zhang , Yongwang Zhao

Fine-Grained Formal Specification and Analysis of Buddy Memory Allocation in Zephyr RTOS L o L o g o g o Authors: Feng Zhang , Yongwang Zhao , , Dianfu Ma , Wensheng Niu *. Corresponding Author 1. School of Computer

475 views • 31 slides
Learning from and Disclosing to the Crowd Lin Nan Chao Tang Xin Wang Gaoqing Zhang Purdue

Learning from and Disclosing to the Crowd Lin Nan Chao Tang Xin Wang Gaoqing Zhang Purdue

Learning from and Disclosing to the Crowd Lin Nan Chao Tang Xin Wang Gaoqing Zhang Purdue HKUST HKUST Minnesota lnan@purdue.edu actang@ust.hk xinwang@ust.hk zhangg@umn.edu October 2019 Abstract We investigate the role of mandatory

613 views • 33 slides
Bubbly Firm Dynamics and Aggregate Fluctuations Haozhou Tang 1 Donghai Zhang 2 1 Bank of Mexico 2

Bubbly Firm Dynamics and Aggregate Fluctuations Haozhou Tang 1 Donghai Zhang 2 1 Bank of Mexico 2

Bubbly Firm Dynamics and Aggregate Fluctuations Haozhou Tang 1 Donghai Zhang 2 1 Bank of Mexico 2 University of Bonn XXV Meeting of the Central Bank Researchers Network Oct 30. 2020 The views expressed in this paper are the sole responsibility of

260 views • 24 slides
Thompson Sampling based Monte-Carlo Planning in POMDPs Aijun Bai 1 Feng Wu 2 Zongzhang Zhang 3

Thompson Sampling based Monte-Carlo Planning in POMDPs Aijun Bai 1 Feng Wu 2 Zongzhang Zhang 3

The 24th International Conference on Automated Planning and Scheduling, ICAPS 2014 Thompson Sampling based Monte-Carlo Planning in POMDPs Aijun Bai 1 Feng Wu 2 Zongzhang Zhang 3 Xiaoping Chen 1 1 University of Science & Technology of China 2

475 views • 22 slides
Mixture of g Priors for Bayesian Variable Selection Feng Liang, Rui Paulo et al. Sheng Zhang

Mixture of g Priors for Bayesian Variable Selection Feng Liang, Rui Paulo et al. Sheng Zhang

Introduction Zellners g priors Mixture of g priors Consistency Discussion Mixture of g Priors for Bayesian Variable Selection Feng Liang, Rui Paulo et al. Sheng Zhang Department of Statistics, University of Wisconsin Madison April 30, 2010

384 views • 35 slides
Emittance Growth Caused by Surface Roughness Zhe Zhang, Chuanxiang Tang Tsinghua University,

Emittance Growth Caused by Surface Roughness Zhe Zhang, Chuanxiang Tang Tsinghua University,

Emittance Growth Caused by Surface Roughness Zhe Zhang, Chuanxiang Tang Tsinghua University, Beijing Oct. 17th, 2016 Motivation What causes the emittance growth Dowells equations of QE & emittance for bulk emission Dowell, 2009,

560 views • 33 slides
PHP PHPQuebec March 20, 2003. Montreal Rasmus Lerdorf <rasmus@php.net>

PHP PHPQuebec March 20, 2003. Montreal Rasmus Lerdorf <rasmus@php.net>

PHP PHPQuebec March 20, 2003. Montreal Rasmus Lerdorf <rasmus@php.net> http://lerdorf.com/phpquebec.pdf Slide 1/41 March 20, 2003 The Good Old Days Handling simple data coming from a form took something like this to do in C:

868 views • 52 slides
Apache Hadoop, Big Data, and You Philip Zeyliger philip@cloudera.com @philz42 @cloudera

Apache Hadoop, Big Data, and You Philip Zeyliger philip@cloudera.com @philz42 @cloudera

Apache Hadoop, Big Data, and You Philip Zeyliger philip@cloudera.com @philz42 @cloudera November 18, 2009 Wednesday, November 18, 2009 Hi there! Software Engineer Worked at Wednesday, November 18, 2009 I work on stuff... Wednesday,

1.04k views • 40 slides
MMOWGLI Game Overview CENIC, 12 March 2012 Don Brutzman Modeling Virtual Environments Simulation

MMOWGLI Game Overview CENIC, 12 March 2012 Don Brutzman Modeling Virtual Environments Simulation

MMOWGLI Game Overview CENIC, 12 March 2012 Don Brutzman Modeling Virtual Environments Simulation (MOVES) Institute Naval Postgraduate School Knowledge accidents word cloud Web-based collaboration game for brainstorming ideas Example dialog:

687 views • 33 slides
D R a f t Learning from the Past: Tools and Techniques for Timeline Analysis Andreas Schuster

D R a f t Learning from the Past: Tools and Techniques for Timeline Analysis Andreas Schuster

D R a f t Learning from the Past: Tools and Techniques for Timeline Analysis Andreas Schuster andreas.schuster@telekom.de Agenda What can we learn from the past? Timestamps Classic data sources Formats How to find more

649 views • 20 slides
its impact on the profession THE PROFESSION The AOLS as a self-governing profession

its impact on the profession THE PROFESSION The AOLS as a self-governing profession

The Survey Review Department (SRD) and its impact on the profession THE PROFESSION The AOLS as a self-governing profession Obligations Responsibilities; and The AOLS Code of Ethics THE PROFESSION The Association structure

818 views • 7 slides
The Software Development Standards Instructor: Dr. Hany H. Ammar Dept. of Computer Science and

The Software Development Standards Instructor: Dr. Hany H. Ammar Dept. of Computer Science and

The Software Development Standards Instructor: Dr. Hany H. Ammar Dept. of Computer Science and Electrical Engineering, WVU OUTLINE The System Life Cycle Model and the System Development Process. Software Engineering and the Software

598 views • 31 slides
GPAC: delivery of VR/360 videos using Tiles Ahmed Rida SEKKAT Ahmed JELIJLI Telecom ParisTech

GPAC: delivery of VR/360 videos using Tiles Ahmed Rida SEKKAT Ahmed JELIJLI Telecom ParisTech

GPAC: delivery of VR/360 videos using Tiles Ahmed Rida SEKKAT Ahmed JELIJLI Telecom ParisTech FOSDEM17 05/02/2017 Institut Mines-Tlcom What is GPAC? Multimedia Packagers, Streamers and Player Multi-platform: all

563 views • 17 slides
Is Reuse Distance Applicable to Data Locality Analysis on Chip Multiprocessors? Yunlian Jiang

Is Reuse Distance Applicable to Data Locality Analysis on Chip Multiprocessors? Yunlian Jiang

Is Reuse Distance Applicable to Data Locality Analysis on Chip Multiprocessors? Yunlian Jiang Eddy Z. Zhang Kai Tian Xipeng Shen (presenter) Department of Computer Science The College of William and Mary, VA, USA Cache Sharing A common

1.08k views • 32 slides

More recommend