Silent Bugs Matter: A Study of Compiler-Introduced Security Bugs
Compilers assure that any produced optimized code is semantically equivalent to the original code. However, even "correct" compilers may introduce security bugs as security properties go beyond translation correctness. Security bugs introduced by such correct compiler behaviors can be disputable; compiler developers expect users to strictly follow language specifications and understand all assumptions, while compiler users may incorrectly assume that their code is secure. Such bugs are hard to find and prevent, especially when it is unclear whether they should be fixed on the compiler or user side. Nevertheless, these bugs are real and can be severe, thus should be studied carefully.|We perform a comprehensive study on compiler-introduced security bugs (CISB) and their root causes. We collect a large set of CISB in the wild by manually analyzing 4,827 potential bug reports of the most popular compilers (GCC and Clang), distilling them into a taxonomy of CISB. We further conduct a user study to understand how compiler users view compiler behaviors. Our study shows that compiler-introduced security bugs are common and may have serious security impacts. It is unrealistic to expect compiler users to understand and comply with compiler assumptions. For example, the "no-undefined-behavior" assumption has become a nightmare for users and a major cause of CISB.
WOS:001066451503046
2023-01-01
978-1-939133-37-3
Berkeley
3655
3672
REVIEWED
Event name | Event place | Event date |
Anaheim, CA | AUG 09-11, 2023 | |
Funder | Grant Number |
Chinese National Key RD Program | 2022YFF0604503 |
Chinese National Natural Science Foundation | 62032010 |
China Scholarship Council, Postgraduate Research&Practice Innovation Program of Jiangsu Province | |
NSF | CNS-1931208 |
SNSF | PCEGP2_186974 |
DARPA | HR001119S0089-AMPFP-034 |
ERC | StG 850868 |