Preventing Vulnerabilities Caused by Optimization of Code with Undefined Behavior

Sophisticated optimization in modern compilers can sometimes create vulnerabilities in program code as a result of optimization. The source of these vulnerabilities is in code with undefined behavior. Programmers use constructs with undefined behavior while relying on a particular behavior these constructs exhibited before in their practice. However, the compiler does not have to stick to that behavior and may change it if there is a need for code optimization because this behavior is not defined by language standards. This paper describes some approaches to the discovery and elimination of vulnerabilities caused by optimization in the case where the source code is available, but its modification is undesirable or impossible. We propose the concept of a safe compiler (i.e., a compiler that guarantees that no vulnerability is brought into a program in the process of optimization). We describe the implementation of this compiler on top of GCC. The functionality of the safe compiler is implemented at three security levels, the applicability of which is discussed in this paper. The use of the safe compiler is illustrated on real-world codebases with the estimation of possible performance losses.