M.I.T. Researchers Debut Integer Overflow Debugger


Students from M.I.T. have devised a new and more efficient way to scour raw code for integer overflows, the troublesome programming bugs that serve as a popular exploit vector for attackers and often lead to the crashing of systems. Researchers from the school’s [Computer Science and Artificial Intelligence Laboratory](<https://www.csail.mit.edu/>) (CSAIL) last week debuted the platform dubbed [DIODE](<http://dspace.mit.edu/handle/1721.1/96155#files-area>), short for Directed Integer Overflow Detection. As part of an experiment, the researchers tested DIODE on code from five different open source applications. While the system was able to generate inputs that triggered three integer overflows that were previously known, the system also found 11 new errors. Four of the 11 overflows the team found are apparently still lingering in the wild, but the developers of those apps have been informed and CSAIL is awaiting confirmation of fixes. Integer overflows result when computers can’t store numbers – usually because they haven’t been sanity checked – in the memory that’s been allocated for them. Sanity checks are simple queries to test functionality. The seven researchers behind DIODE – Stelios Sidiroglou-Douskos, Eric Lahtinen, Nathan Rittenhouse, Paolo Piselli, Fan Long, Deokhwan Kim, and Martin Rinard – presented the system last week at the 20th [ASPLOS](<http://asplos15.bilkent.edu.tr/>) (Architectural Support for Programming Languages and Operating Systems) conference in Istanbul. The tool works by automatically generating inputs that trigger overflow errors at critical sites. DIODE, which is compatible with off-the-shelf x86 binaries, gets right to work and extracts target expressions and branch conditions for each memory allocation site. As Stelios Sidiroglou-Douskos, a research scientist at CSAIL and the lead author of the paper writes, whenever DIODE stumbles upon an integer that may be used in a dangerous operation, the system records the current state of the symbolic expression. The system doesn’t trigger an overflow right off the bat, but characterizes the values around it to better inform the programmer. If DIODE finds a trigger value, it marks it down to help in any future debugging. DIODE’s inputs should identify, then satisfy the requisite sanity checks and “generate an overflow in the target expression, and impose no other constraints on the specific path that the input takes to trigger the overflow,” according to Sidiroglou-Douskos. DIODE, which was supported on behalf of a DARPA grant, isn’t the first debugging tool developed to dig up integer overflows. Researchers with CSAIL previously developed static analysis tools that, like [SIFT](<http://people.csail.mit.edu/stelios/papers/sift-popl14.pdf>) (.PDF) which points out inputs that can lead to overflow errors and [KINT](<http://pdos.csail.mit.edu/papers/kint:osdi12.pdf>), (.PDF) a PHP tool. As the team’s academic paper points out however, unlike SIFT, which requires direct access to source code, DIODE works directly with stripped x86 code. The tool also bests KINT, which often generates a large number of false positives, by omitting false positives. M.I.T. hopes to release DIODE to the public as open source after the program it’s being developed under, DARPA’s Mission-oriented Resilient Clouds (MRC) program, concludes in October 2015.