Don’t Look UB: Exposing Sanitizer-Eliding Compiler Optimizations
Sanitizers are widely used compiler features that detect undefined behavior and resulting vulnerabilities by injecting runtime checks into programs. For better performance, sanitizers are often used in conjunction with optimization passes. But doing so combines two compiler features with conflicting objectives. While sanitizers want to expose undefined behavior, optimizers often exploit these same properties for performance. In this paper, we show that this clash can have serious consequences: optimizations can remove sanitizer failures, thereby hiding the presence of bugs or even introducing new ones.
We present LookUB, a differential-testing based framework for finding optimizer transformations that elide sanitizer failures. We used our method to find 17 such sanitizer-eliding optimizations in Clang. Next, we used static analysis and fuzzing to search for bugs in open-source projects that were previously hidden due to sanitizer-eliding optimizations. This led us to discover 20 new bugs in Linux Containers, libmpeg2, NTFS-3G, and WINE. Finally, we present an effective mitigation strategy based on a customization of the Clang optimizer with an overhead increase of 4%.
Mon 19 JunDisplayed time zone: Eastern Time (US & Canada) change
13:40 - 15:20 | PLDI: CompilationPLDI Research Papers at Cypress 2 Chair(s): Chung-Kil Hur Seoul National University | ||
13:40 20mTalk | Don’t Look UB: Exposing Sanitizer-Eliding Compiler Optimizations PLDI Research Papers Raphael Isemann Vrije Universiteit Amsterdam, Cristiano Giuffrida Vrije Universiteit Amsterdam, Herbert Bos Vrije Universiteit Amsterdam, Erik van der Kouwe Vrije Universiteit Amsterdam, Klaus von Gleissenthall Vrije Universiteit Amsterdam DOI | ||
14:00 20mTalk | Better Together: Unifying Datalog and Equality Saturation PLDI Research Papers Yihong Zhang University of Washington, Yisu Remy Wang University of Washington, Oliver Flatt University of Washington, David Cao University of California at San Diego, Philip Zucker Draper, Eli Rosenthal Google, Zachary Tatlock University of Washington, Max Willsey University of Washington DOI Pre-print | ||
14:20 20mTalk | HEaaN.MLIR: An Optimizing Compiler for Fast Ring-Based Homomorphic Encryption PLDI Research Papers Sunjae Park Seoul National University, Woosung Song Google, Seunghyeon Nam Seoul National University, Hyeongyu Kim Seoul National University, Junbum Shin CryptoLab, Juneyoung Lee AWS DOI | ||
14:40 20mTalk | Indexed Streams: A Formal Intermediate Representation for Fused Contraction Programs PLDI Research Papers Scott Kovach Stanford University, Praneeth Kolichala Stanford University, Tiancheng “Timothy” Gu Stanford University, Fredrik Kjolstad Stanford University DOI Pre-print | ||
15:00 20mTalk | Fuzzing Loop Optimizations in Compilers for C++ and Data-Parallel Languages PLDI Research Papers Vsevolod Livinskii University of Utah, Dmitry Babokin Intel Corporation, John Regehr University of Utah DOI Pre-print |