STACK (original) (raw)

Optimization-unstable code

Overview

Optimization-unstable code (unstable code for short) is an emerging class of software bugs: code that is unexpectedly eliminated by compiler optimizations due to undefined behavior in the program. Unstable code is present in many systems, including the Linux kernel and the Postgres database server. The consequences of unstable code range from incorrect functionality to missing security checks.

STACK is a static checker that detects unstable code in C/C++ programs. Applying STACK to widely used systems has uncovered 160 new bugs that have been confirmed and fixed by developers.

Publications

• Towards Optimization-Safe Systems: Analyzing the Impact of Undefined Behavior
  Xi Wang, Nickolai Zeldovich, M. Frans Kaashoek, and Armando Solar-Lezama.
  Proceedings of the24th ACM Symposium on Operating Systems Principles (SOSP 2013), Farmington, PA, USA, November 2013.

• Undefined Behavior: What Happened to My Code?
  Xi Wang, Haogang Chen, Alvin Cheung, Zhihao Jia, Nickolai Zeldovich, and M. Frans Kaashoek.
  Proceedings of the3rd ACM SIGOPS Asia-Pacific Workshop on Systems (APSys 2012), Seoul, South Korea, July 2012.

Articles

• How your compiler may be compromising application security, ITworld.
• Dude, where's my code? by the MIT News Office.
• Finding Undefined Behavior Bugs by Finding Dead Code by John Regehr.

Software

Our software is hosted on Github athttps://github.com/xiw/stack/.

Obtain the latest code of STACK using:

git clone git://github.com/xiw/stack

See README and INSTALL for more information.

People

• Xi Wang
• Nickolai Zeldovich
• M. Frans Kaashoek
• Armando Solar-Lezama