Light-weight Bounds Checking

Abstract

Memory-related errors such as buffer overflows and dangling pointers remain oneof the principle reasons for the failure of C programs. Such failures do notalways manifest as program crashes but also as incorrect outputs. Well-testedprograms do run error free in most cases, but studies have shown thateven such programs can crash when presented with unexpected data. Out of boundsarray and pointer accesses are an important subclass of memory-related errors.Despite many years of research in bounds-checking, current solutions aremostly deployed as debugging and testing aids. This is because the currenttechniques for bounds protection are either too performance intensive to be usedin production software or are unable to process all valid C programs. Hence, in this thesis, we present a backwards compatible lightweight boundschecking technique that aims to provide practical protection to Cprograms that can be deployed in production software. Our technique involvesflanking memory objects with guard zones. We generate instrumentation tocheck that memory references do not access these guard zones. We are ableto avoid some of the compatibility problems associated with previousbounds-checking techniques by avoiding pointer arithmetic checks, andinstead relying on checks on the values of dereferenced pointers.To obtain good performance, we partition these runtimechecks into two parts. The first part is always performed, and is veryfast because it does not introduce additional memory dereferences. Themore expensive second part is triggered only if the first check succeeds,which is relatively rare. We present an efficient implementation of ourtechnique. Our results show that the technique has a relatively low overheadin CPU intensive benchmarks. Furthermore, by instrumenting real worldapplications, we prove the practical utility of our approach.