2014 IEEE 25th International Symposium on Software Reliability Engineering (ISSRE) (2014)
Nov. 3, 2014 to Nov. 6, 2014
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/ISSRE.2014.20
Spatial errors (e.g., Buffer overflows) continue to be one of the dominant threats to software reliability and security in C/C++ programs. Presently, the software industry typically enforces spatial memory safety by instrumentation. Due to high overheads incurred in bounds checking at runtime, many program inputs cannot be exercised, causing some input-specific spatial errors to go undetected in today's commercial software. This paper introduces a new compile-time optimisation for reducing bounds checking overheads based on the notion of Weakest Precondition (WP). The basic idea is to guard a bounds check at a pointer dereference inside a loop, where the WP-based guard is hoisted outside the loop, so that its falsehood implies the absence of out-of-bounds errors at the dereference, thereby avoiding the corresponding bounds check inside the loop. This WP-based optimisation is applicable to any spatial-error detection approach (in software or hardware or both). To evaluate the effectiveness of our optimisation, we take SOFTBOUND, a compile-time tool with an open-source implementation in LLVM, as our baseline. SOFTBOUND adopts a pointer-based checking approach with disjoint metadata, making it a state-of-the-art tool in providing compatible and complete spatial safety for C. Our new tool, called WPBOUND, is a refined version of SOFTBOUND, also implemented in LLVM, by incorporating our WP-based optimisation. For a set of 12 SPEC C benchmarks evaluated, WPBOUND reduces the average (geometric mean) slowdown of SOFTBOUND from 71% to 45% (by a reduction of 37%), with small code size increases.
Instruments, Optimization, Runtime, Software, Safety, Hardware, Upper bound
D. Ye, Y. Su, Y. Sui and J. Xue, "WPBOUND: Enforcing Spatial Memory Safety Efficiently at Runtime with Weakest Preconditions," 2014 IEEE 25th International Symposium on Software Reliability Engineering (ISSRE), Naples, Italy, 2014, pp. 88-99.