SoftBound

bearophile bearophileHUGS at lycos.com
Thu Oct 1 08:35:58 PDT 2009


"SoftBound: Highly Compatible and Complete Spatial Memory Safety for C" by  Santosh Nagarakatte, Jianzhou Zhao, Milo M K Martin and Steve Zdancewic:
http://llvm.org/pubs/2009-06-PLDI-SoftBound.html

It's a block of about 6000 lines of C++ code that augment the LLVM compiler, adding extra tests. It avoids out-of-bound situations with pointers. It works after the compilation stage, on the LL code produced by LLVM, so it can be used equally for C or D. Conceptually looks like a simple thing. Currently can't be used yet, but I'd like to have a compilation flag in LDC to activate this. In in nonrelease mode some of the tests are already present (the bound tests of arrays), so it can avoid to put them in twice (in LDC you can disable only bound tests, and keep assertions, etc).

>From the abstract:
>SoftBound similarly records base and bound information for every pointer as disjoint metadata. This decoupling enables SoftBound to provide spatial safety without requiring changes to C source code. Unlike HardBound, SoftBound is a software-only approach and performs metadata manipulation only when loading or storing pointer values. A formal proof shows that this is sufficient to provide spatial safety even in the presence of arbitrary casts. SoftBound's full checking mode provides complete spatial violation detection with 67% runtime overhead on average. To further reduce overheads, SoftBound has a store-only checking mode that successfully detects all the security vulnerabilities in a test suite at the cost of only 21% runtime overhead on average.<

Bye,
bearophile



More information about the Digitalmars-d mailing list