Adding Spatial Memory Safety to EDK II through Checked C (Experience Paper) (ISSTA 2025 - Research Papers)

Who

Sourag Cherupattamoolayil, Arunkumar Bhattar, Connor Everett Glosner, Aravind Machiry

Track

ISSTA 2025 Research Papers

Time Zone

The program is currently displayed in (GMT+02:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna.

Use conference time zone: (GMT+02:00) Amsterdam, Berlin, Bern, Rome, Stockholm, ViennaSelect other time zone

The GMT offsets shown reflect the offsets at the moment of the conference.

Time Band

By setting a time band, the program will dim events that are outside this time window. This is useful for (virtual) conferences with a continuous program (with repeated sessions).
The time band will also limit the events that are included in the personal iCalendar subscription service.

Display full programSpecify a time band

Save

When

Wed 25 Jun 2025 14:00 - 14:25 at Aurora C - Runtime Analysis, Verification, and Slicing Chair(s): Heqing Huang

Abstract

Embedded software, predominantly written in C, is prone to memory corruption vulnerabilities due to spatial memory issues. Although various memory safety techniques exist, they are often unsuitable for embedded systems due to resource constraints and a lack of standardized OS support. Checked C, a backward-compatible, memory-safe C dialect, offers a potential solution by using pointer annotations for runtime checks to enhance spatial memory safety with minimal overhead. This paper provides the first experience report of porting EDK2 (an open-source UEFI implementation), an exemplary embedded codebase to Checked C, highlighting challenges and providing insights into applying Checked C to similar embedded systems. We also provide an enhanced automated annotation tool e3c, which improves the conversion rate by 25%, enabling easier conversion to Checked C.

DOI

https://doi.org/10.1145/3728929

Sourag Cherupattamoolayil

Purdue University

Arunkumar Bhattar

Purdue University

Connor Everett Glosner

Purdue University

Aravind Machiry

Purdue University

United States

Time Zone

The program is currently displayed in (GMT+02:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna.

Use conference time zone: (GMT+02:00) Amsterdam, Berlin, Bern, Rome, Stockholm, ViennaSelect other time zone

The GMT offsets shown reflect the offsets at the moment of the conference.

Time Band

Display full programSpecify a time band

Save

Session Program

Wed 25 Jun
Displayed time zone: Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change

14:00 - 15:15	Runtime Analysis, Verification, and SlicingResearch Papers at Aurora C Chair(s): Heqing Huang City University of Hong Kong

14:00 25m Talk		Adding Spatial Memory Safety to EDK II through Checked C (Experience Paper) Research Papers Sourag Cherupattamoolayil Purdue University, Arunkumar Bhattar Purdue University, Connor Everett Glosner Purdue University, Aravind Machiry Purdue University DOI
14:25 25m Talk		LogBase: A Large-Scale Benchmark for Semantic Log Parsing Research Papers Chenbo Zhang Fudan University, Wenying Xu Fudan University, Jinbu Liu Alibaba, Lu Zhang Fudan University, Guiyang Liu Alibaba, Jihong Guan Tongji University, Qi Zhou Alibaba, Shuigeng Zhou Fudan University DOI
14:50 25m Talk		Static Program Reduction via Type-Directed Slicing Research Papers Loi Ngo Duc Nguyen University of California, Riverside, Tahiatul Islam New Jersey Institute of Technology, Theron Wang The Academy for Mathematics, Science & Engineering, USA, Sam Lenz New Jersey Institute of Technology, Martin Kellogg New Jersey Institute of Technology DOI Pre-print

Information for Participants

Wed 25 Jun 2025 14:00 - 15:15 at Aurora C - Runtime Analysis, Verification, and Slicing Chair(s): Heqing Huang

Info for room Aurora C:

Aurora C is the third room in the Aurora wing.

When facing the main Cosmos Hall, access to the Aurora wing is on the right, close to the side entrance of the hotel.