Abstract | ||
---|---|---|
The serious bugs and security vulnerabilities facilitated by C/C++'s lack of bounds checking are well known, yet C and C++ remain in widespread use. Unfortunately, C's arbitrary pointer arithmetic, conflation of pointers and arrays, and programmer-visible memory layout make retrofitting C/C++ with spatial safety guarantees extremely challenging. Existing approaches suffer from incompleteness, have high runtime overhead, or require non-trivial changes to the C source code. Thus far, these deficiencies have prevented widespread adoption of such techniques. This paper proposes SoftBound, a compile-time transformation for enforcing spatial safety of C. Inspired by HardBound, a previously proposed hardware-assisted approach, SoftBound similarly records base and bound information for every pointer as disjoint metadata. This decoupling enables SoftBound to provide spatial safety without requiring changes to C source code. Unlike HardBound, SoftBound is a software-only approach and performs metadata manipulation only when loading or storing pointer values. A formal proof shows that this is sufficient to provide spatial safety even in the presence of arbitrary casts. SoftBound's full checking mode provides complete spatial violation detection with 67% runtime overhead on average. To further reduce overheads, SoftBound has a store-only checking mode that successfully detects all the security vulnerabilities in a test suite at the cost of only 22% runtime overhead on average. |
Year | DOI | Venue |
---|---|---|
2009 | 10.1145/1542476.1542504 | Proceedings of the 2008 ACM SIGPLAN conference on Programming language design and implementation |
Keywords | Field | DocType |
spatial memory,buffer overflows,source code,c,buffer overflow | Pointer (computer programming),Memory safety,Memory corruption,Source code,Computer science,Parallel computing,Smart pointer,Bounds checking,Formal verification,Buffer overflow | Conference |
Volume | Issue | ISSN |
44 | 6 | 0362-1340 |
Citations | PageRank | References |
187 | 4.64 | 31 |
Authors | ||
4 |
Name | Order | Citations | PageRank |
---|---|---|---|
Santosh Nagarakatte | 1 | 569 | 23.95 |
Jianzhou Zhao | 2 | 465 | 13.99 |
Milo M. K. Martin | 3 | 2677 | 125.22 |
Steve Zdancewic | 4 | 1702 | 81.35 |