Software Engineering Institute

This poster describes an automated approach for fixing memory safety vulnerabilities. Software vulnerabilities (especially spatial memory violations) are a major threat to the DoD. Its systems encompass a huge volume of code that contains an unknown number of vulnerabilities. CMU SEI researchers developed an automated technique to repair C source code to eliminate memory safety vulnerabilities. It first transforms source code to an intermediate representation (IR), retaining mapping. A repair program inserts fat pointers to track bounds and perform a bounds check before accessing memory. It then maps the repairs at the IR level back to source code. The output is repaired source code that is still human-readable and maintainable.