Program Analysis for Securing C/C++ Code

Tapti Palit
UC Davis

Stevenson 1300
12:00 PM

C and C++ remain two of the most widely used programming languages, powering everything from operating systems to critical infrastructure. However, their lack of built-in memory safety leaves applications vulnerable to exploitation, and memory corruption vulnerabilities cost the industry billions of dollars annually. To mitigate these risks, software defenses such as Control Flow Integrity (CFI) are deployed, but their effectiveness depends heavily on the precision of underlying program analysis.

In this talk, I will present my research on advancing program analysis techniques to improve software security. First, I will introduce the Invariant-Guided Pointer Analysis technique, which enhances the precision of CFI mechanisms by 59%, thus significantly improving its security guarantees. Then, I will discuss our lab's latest research on automatically transpiling C/C++ code into memory-safe languages, like Rust. Specifically, I will describe our hybrid approach, which combines Large Language Models (LLMs) with program analysis techniques to achieve high-accuracy C-to-Rust transpilation. Together, these efforts improve software security for legacy software and building a foundation for safer, more reliable software systems.