A Hybrid Approach to Memory Safety of C Programs
Jens Troeger and Chenyi Zhang

Unlike for managed programming languages, memory safety problem is critical
and is always a headache for C programmers. In the price of more flexibility
at  low-level control, "undefined behaviours" that are defined in the C
programming language  and standard C libraries allow direct access and
modification to memory at system  and user space, which if carelessly or
illegally used, may cause leak of information  or bizarre program behaviour. A
typical example is the notorious HEARTBLEED of openssl-1.0.1

In this talk we present a framework that combines the power of both static and
dynamic  analyses. Static analysis is used to determine locations in a program
where memory  accesses may be problematic. These locations are subsequently
instrumented and let run inside the sandbox that monitors memory access. The
sandbox reports a warning at the location where illegal memory access does
happen at runtime. The type of  violations we detect include buffer overflow
(as spatial violations) and  use-after-free (as temporal violations).