Carnegie Mellon University Software Engineering Institute Pittsburgh United States
Automated Code Repair ACR for Memory Safety Problem Software vulnerabilities constitute a major threat to DoD. Memory violations are among the most common and most severe types of vulnerabilities. Static analysis helps find bugs, but the volume of alerts is often overwhelming. Huge amount of code is in use by DoD, with unknown number of security vulnerabilities. Solution Repair code to enable proof of mem safety. Approach Transform source code to an intermediate representation IR. Try to prove that each memory access is within bounds spatial memory safety and not to a deallocated region temporal memory safety. If unable to prove, repair code so that proof succeeds. Map the transformed IR back to source code.