-
Notifications
You must be signed in to change notification settings - Fork 19
Home
UFO (Use-After-Free Finder Optimal) is a dynamic analysis tool used to predictively detect concurrent use-after-free vulnerabilities. The UFO tracing library is implemented on top of ThreadSanitizer(TSan) [1] and the offline analysis Java tool uses Z3 [2].
UFO consists of two main phases: online program tracing and offline trace analysis. To clarify, the usage of UFO looks as follows: First, we build LLVM [3] containing our TSan module. This will create an executable, clang(among many other things), which is a C/C++ compiler. When we use the flag -fsanitize=thread with clang to compile a program, clang will instrument the compiled code (if you are unfamiliar with instrumentation, see [4]). Put simply, we monitor events (memory reads and writes, function entry and exit, memory allocation and deallocation, thread creation, start, end, and join, condition wait and signal, mutex lock and unlock, and fork) and insert calls to our UFO tracing library in order to produce execution traces according to the observed program execution. Consequently, running our newly compiled program should generate execution traces for each thread. We then feed these execution traces to the offline analyzer, which will build and solve constraints to predictively detect UAFs, more specifically more UAFs than those observed.
For technical details, please read our ICSE '18 paper [5], and cite it if you used our resource.
[1] https://github.com/google/sanitizers/wiki/ThreadSanitizerCppManual
[2] https://github.com/Z3Prover/z3
[3] http://llvm.org/
[4] https://en.wikipedia.org/wiki/Instrumentation_(computer_programming)