Union Type Confusion Detection System

Abstract

Since the initial development of the C programming language, unions have been widely used as a lan- guage construct that allows multiple data types to share a single memory location even in modern pro- gramming. At first, union designed to overcome limitations of early hardware resource but modern union is used for system optimization and memory efficiency. However, shared memory characteristic of union can occur memory corruption or undefined behavior when programmer misinterpret the type or access union members incorrectly. These problem can lead to union type safety violation vulnera- bility. Existing work of type safety violation vulnerability detection usually focused on class casting vulnerability or only target COM(Component Object Model) environment. It means that union type safety violation vulnerability detection research at C/C++ programming language does not exist. Fur- thermore, the usage of union at C/C++ is often implicit and different according to the context, so it is hard to exactly detect all vulnerability only with static analysis. To overcome these limitation, I propose UnionTypeSan, a dynamic runtime tool for union type safety violation in C/C++. UnionTypeSan detects inconsistencies between the stored and accessed member types through the integration of a Clang-based static instrumentation framework and a runtime verification component. When evaluated on the SPEC CPU 2017 benchmark suite, UnionTypeSan demonstrated reliable tracking and verification of all union access patterns, incurring an average runtime overhead of 1.9%.