Eliminating redundant bounds checks in dynamic buffer overflow detection using weakest preconditions

Sui, Y; Ye, D; Su, Y; Xue, J

Eliminating redundant bounds checks in dynamic buffer overflow detection using weakest preconditions

Sui, Y

Ye, D Su, Y Xue, J

Permalink

Publisher:: IEEE-INST ELECTRICAL ELECTRONICS ENGINEERS INC
Publication Type:: Journal Article
Citation:: IEEE Transactions on Reliability, 2016, 65, (4), pp. 1682-1699
Issue Date:: 2016-12-01

Closed Access

	Filename	Description	Size
	Eliminating_Redundant_Bounds_Checks_in_Dynamic_Buffer_Overflow_Detection_Using_Weakest_Preconditions.pdf	Published version	2.29 MB	Adobe PDF	View/Open

Copyright Clearance Process

Recently Added
In Progress
Closed Access

This item is closed access and not available.

Full metadata record

Field	Value	Language
dc.contributor.author	Sui, Y https://orcid.org/0000-0002-9510-6574
dc.contributor.author	Ye, D
dc.contributor.author	Su, Y
dc.contributor.author	Xue, J
dc.date.accessioned	2022-07-15T22:36:07Z
dc.date.available	2022-07-15T22:36:07Z
dc.date.issued	2016-12-01
dc.identifier.citation	IEEE Transactions on Reliability, 2016, 65, (4), pp. 1682-1699
dc.identifier.issn	0018-9529
dc.identifier.issn	1558-1721
dc.identifier.uri	http://hdl.handle.net/10453/158952
dc.description.abstract	Spatial errors (e.g., buffer overflows) continue to be one of the dominant threats to software reliability and security in C/C++ programs. Presently, the software industry typically enforces spatial memory safety by instrumentation. Due to high overheads incurred in bounds checking at runtime, many program inputs cannot be exercised, causing some input-specific spatial errors to go undetected in today's commercial software. This paper introduces a new compile-time approach for reducing bounds checking overheads based on the notion of weakest precondition (WP). The basic idea is to guard a bounds check at a pointer dereference inside a loop, where the WP-based guard is hoisted outside the loop, so that its falsehood implies the absence of out-of-bounds errors at the dereference, thereby avoiding the corresponding bounds check inside the loop. This WP-based approach is applicable to any spatial-error detection approach (in software or hardware or both). To evaluate the effectiveness of our approach, we take SoftBound, a compile-time tool with an open-source implementation in low-level virtual machine (LLVM), as our baseline. SoftBound adopts a pointer-based checking scheme with disjoint metadata, making it a state-of-the-art tool in providing compatible and complete spatial safety for C. Our new tool, called WPBound, is a refined version of SoftBound, also implemented in LLVM, by incorporating our WP-based compiler approach comprising both intra and interprocedural optimizations. For a set of 20 C benchmarks selected from SPEC and MiBench,WPBound reduces the average runtime overhead of SoftB ound from 77% to 47% (by a reduction of 39%), with small code size increases.
dc.language	English
dc.publisher	IEEE-INST ELECTRICAL ELECTRONICS ENGINEERS INC
dc.relation.ispartof	IEEE Transactions on Reliability
dc.relation.isbasedon	10.1109/TR.2016.2570538
dc.rights	info:eu-repo/semantics/closedAccess
dc.subject	0803 Computer Software, 0906 Electrical and Electronic Engineering
dc.subject.classification	Operations Research
dc.title	Eliminating redundant bounds checks in dynamic buffer overflow detection using weakest preconditions
dc.type	Journal Article
utslib.citation.volume	65
utslib.for	0803 Computer Software
utslib.for	0906 Electrical and Electronic Engineering
pubs.organisational-group	/University of Technology Sydney
pubs.organisational-group	/University of Technology Sydney/Faculty of Engineering and Information Technology
pubs.organisational-group	/University of Technology Sydney/Strength - AAII - Australian Artificial Intelligence Institute
pubs.organisational-group	/University of Technology Sydney/Faculty of Engineering and Information Technology/School of Computer Science
utslib.copyright.status	closed_access	*
dc.date.updated	2022-07-15T22:36:05Z
pubs.issue	4
pubs.publication-status	Published
pubs.volume	65
utslib.citation.issue	4

Abstract:

Spatial errors (e.g., buffer overflows) continue to be one of the dominant threats to software reliability and security in C/C++ programs. Presently, the software industry typically enforces spatial memory safety by instrumentation. Due to high overheads incurred in bounds checking at runtime, many program inputs cannot be exercised, causing some input-specific spatial errors to go undetected in today's commercial software. This paper introduces a new compile-time approach for reducing bounds checking overheads based on the notion of weakest precondition (WP). The basic idea is to guard a bounds check at a pointer dereference inside a loop, where the WP-based guard is hoisted outside the loop, so that its falsehood implies the absence of out-of-bounds errors at the dereference, thereby avoiding the corresponding bounds check inside the loop. This WP-based approach is applicable to any spatial-error detection approach (in software or hardware or both). To evaluate the effectiveness of our approach, we take SoftBound, a compile-time tool with an open-source implementation in low-level virtual machine (LLVM), as our baseline. SoftBound adopts a pointer-based checking scheme with disjoint metadata, making it a state-of-the-art tool in providing compatible and complete spatial safety for C. Our new tool, called WPBound, is a refined version of SoftBound, also implemented in LLVM, by incorporating our WP-based compiler approach comprising both intra and interprocedural optimizations. For a set of 20 C benchmarks selected from SPEC and MiBench,WPBound reduces the average runtime overhead of SoftB ound from 77% to 47% (by a reduction of 39%), with small code size increases.

Please use this identifier to cite or link to this item:

http://hdl.handle.net/10453/158952