Evgenii Stepanov

Evgenii Stepanov

Evgenii Stepanov is a Software Engineer at Google. His main focus is compiler-based bug detection tools like AddressSanitizer and MemorySanitizer as well as vulnerability mitigation techniques such as Control Flow Integrity and Memory Tagging. Evgenii is a graduate of the Moscow State University and has a PhD from ISP RAS (www.ispras.ru).
Authored Publications
Sort By
  • Title
  • Title, descending
  • Year
  • Year, descending
    Memory Tagging and how it improves C/C++ memory safety
    Kostya Serebryany
    Aleksey Shlyapnikov
    Vlad Tsyrklevich
    (2018)
    Preview abstract Memory safety in C and C++ remains largely unresolved. A technique usually called “memory tagging” may dramatically improve the situation if implemented in hardware with reasonable overhead. This paper describes two existing implementations of memory tagging: one is the full hardware implementation in SPARC; the other is a partially hardware-assisted compiler-based tool for AArch64. We describe the basic idea, evaluate the two implementations, and explain how they improve memory safety. This paper is intended to initiate a wider discussion of memory tagging and to motivate the CPU and OS vendors to add support for it in the near future. View details
    MemorySanitizer: fast detector of uninitialized memory use in C++
    Konstantin Serebryany
    Proceedings of the 2015 IEEE/ACM International Symposium on Code Generation and Optimization (CGO), CGO 2015, San Francisco, CA, USA, pp. 46-55
    Preview abstract This paper presents MemorySanitizer, a dynamic tool that detects uses of uninitialized memory in C and C++. The tool is based on compile time instrumentation and relies on bit-precise shadow memory at run-time. Shadow propagation technique is used to avoid false positive reports on copying of uninitialized memory. MemorySanitizer finds bugs at a modest cost of 2.5x in execution time and 2x in memory usage; the tool has an optional origin tracking mode that provides better reports with moderate extra overhead. The reports with origins are more detailed compared to reports from other similar tools; such reports contain names of local variables and the entire history of the uninitialized memory including intermediate stores. In this paper we share our experience in deploying the tool at a large scale and demonstrate the benefits of compile time instrumentation over dynamic binary instrumentation. View details
    Preview abstract Dynamic program analysis and testing tools typically require inserting extra instrumentation code into the program to test. The inserted instrumentation then gathers data about the program execution and hands it off to the analysis algorithm. Various analysis algorithms can be used to perform CPU profiling, processor cache simulation, memory error detection, data race detection, etc. Usually the instrumentation is done either at run time or atcompile time – called dynamic instrumentation and compiler instrumentation, respectively. However, each of these methods has to make a compromise between performance and versatil-ity when used in industry software development. This paper presents a combined approach to instrumentationwhich takes the best of the two worlds – the low run-time overhead and unique features of compile-time instrumentation and the flexibility of dynamic instrumentation. Wepresent modifications of two testing tools that benefit from thisapproach: AddressSanitizer and MemorySanitizer. We propose benchmarks to compare different instrumentation frameworks in conditions specific to hybrid instrumenta-tion. We discuss the changes we made to one of the state-of-the-art instrumentation frameworks to significantly improve the performance of hybrid tools. View details