Digital Library[ Search Result ]
Extracting Instruction Set Architecture Semantics from a Processor Register-transfer Level
http://doi.org/10.5626/JOK.2023.50.10.827
Domain-specific processors have specialized instructions tailored for frequently used operations in a particular domain, which enables them to achieve higher performance. This presents a challenge for program analysis, as the specialized instructions make it difficult to formally describe the instruction semantics. To address this, we present SemTracter, a tool that automatically extracts instruction semantics from a processor implemented in a hardware description language (HDL) at the register-transfer level (RTL). SemTracter obtains the semantics by simulating the processor RTL symbolically and compiling the results into formal instruction semantics using the Sail language. Our evaluation of the SemTracter on a small RISC-V processor RTL showed that it was able to extract the semantics of basic instructions from a 5-stage processor. Most of the RISC-V 32-bit integer base user-level ISA (RV32I) instructions were extracted and the generated semantics matched the manually written version.
Operating System Support-Based Prevention Mechanism for Use-After-Free Attacks on the Glibc Memory Allocator
Chanyoung Park, Jaehyu Lee, Daeyeon Kim, Hyungon Moon
http://doi.org/10.5626/JOK.2023.50.7.541
Use-after-free is a longstanding memory safety problem that causes many security-critical software vulnerabilities. The importance of this problem has motivated the development of numerous mitigation and prevention mechanisms. A class of these mechanisms mimics garbage collectors to prevent use-after-free. The mechanisms delay freeing a heap chunk until they verify the absence of dangling pointers to the chunk. An earlier work, MarkUs, has demonstrated that this delayed-free approach could be implemented with relatively low overhead on many benchmarks. We go further in this direction and present MarKern, a delayed-free mechanism for use-after-free prevention backed by the operating system’s kernel-level support. MarkKern discovers limitations caused by existing Mark-and-Sweep approach implemented only at the user level and solves them through kernel-level supports. Moreover, unlike existing approaches, MarkKern supports the glibc(GNU C Library) Allocator. MarKern addresses these problems with the help of kernel-level support, thereby preventing use-after-free for a program running with the glibc malloc with 18.50% overhead in execution time on average(geometric mean).
Search
Journal of KIISE
- ISSN : 2383-630X(Print)
- ISSN : 2383-6296(Electronic)
- KCI Accredited Journal
Editorial Office
- Tel. +82-2-588-9240
- Fax. +82-2-521-1352
- E-mail. chwoo@kiise.or.kr