Applications written in unsafe languages like C and C++ are vulnerable to memory errors such as buffer overflows, dangling pointers, and reads of uninitialized data. These errors, which lead to program crashes, security vulnerabilities, and unpredictable behavior, are both difficult to avoid and costly to repair.
This talk presents two systems that automatically harden unaltered C and C++ programs against heap-based memory errors. The first, DieHard, uses randomization and replication to make programs probabilistically resistant to a wide range of memory errors. Instead of crashing or running amok, DieHard lets programs run correctly in the face of memory errors with high probability. DieHard trades a modest increase in memory consumption (and optionally, the extra processing power of multicore CPUs) for dramatically increased reliability.
While DieHard tolerates errors, our second system, Exterminator, automatically isolates and corrects them. Exterminator exploits randomization to pinpoint errors with high precision. From this information, Exterminator generates patches that fix these errors in current and subsequent executions. In addition, Exterminator enables collaborative bug correction by merging patches generated by multiple users.