Abstract
The C programming language is not memory safe, that is to say that the semantics of out-of-bounds memory accesses are undefined. There are tools that make certain guarantees about memory safety for C programs. Amongst these are SAFECode and AddressSanitizer. The latter instruments C programs with runtime checks to guarantee that no invalid memory accesses are allowed to execute. As is to be expected, this incurs in a notable performance decrease in instrumented programs. Our work consists in hoisting these checks out of loops in such a way that we maintain AddressSanitizer’s semantics, but, by providing increased locality of access and by increasing the stride of bounds checks, we make said checks notably cheaper. Unlike previous approaches to bounds check hoisting, we use a parametric interval analysis to bound the index ranges used in array accesses. We evaluated our method on a collection of benchmarks from Polybench and from the domain of scientific computing. The optimization recovers 60.6 % of the overhead introduced by AddressSanitizer on average. Since energy performance is a crucial factor on mobile systems, we have also evaluated our proposed solution on embedded systems in this regard. We observed a 31.7 % reduction in energy consumption in programs instrumented with AddressSanitizer.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Akritidis, P., Costa, M., Castro, M., Hand, S.: Baggy bounds checking: An efficient and backwards-compatible defense against out-of-bounds errors. In: Proceedings of the 18th Conference on USENIX Security Symposium, SSYM 2009, pp. 51–66. USENIX Association, Berkeley (2009), http://dl.acm.org/citation.cfm?id=1855768.1855772
Bodik, R., Gupta, R., Sarkar, V.: ABCD: eliminating array bounds checks on demand. In: PLDI, pp. 321–333. ACM (2000)
Burke, M.G., Choi, J.D., Fink, S., Grove, D., Hind, M., Sarkar, V., Serrano, M.J., Sreedhar, V.C., Srinivasan, H., Whaley, J.: The jalapeno dynamic optimizing compiler for java. In: Proceedings of the ACM 1999 Conference on Java Grande, JAVA 1999, pp. 129–141. ACM, New York (1999), http://doi.acm.org/10.1145/304065.304113
Cousot, P., Cousot, R.: Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints. In: POPL, pp. 238–252. ACM (1977)
Cousot, P., Cousot, R., Feret, J., Mauborgne, L., Miné, A., Monniaux, D., Rival, X.: The ASTREÉ analyzer. In: Sagiv, M. (ed.) ESOP 2005. LNCS, vol. 3444, pp. 21–30. Springer, Heidelberg (2005)
Dhurjati, D., Kowshik, S., Adve, V.: Safecode: enforcing alias analysis for weakly typed languages. In: PLDI 2006: Proceedings of the 2006 ACM SIGPLAN Conference on Programming Language Design and Implementation, pp. 144–157. ACM, New York (2006)
Eichin, M.W., Rochlis, J.A.: With microscope and tweezers: An analysis of the internet virus of november 1988. In: Proceedings of 1989 IEEE Symposium on Research in Security and Privacy (1988)
Lattner, C., Adve, V.S.: LLVM: A compilation framework for lifelong program analysis & transformation. In: CGO, pp. 75–88. IEEE (2004)
Logozzo, F., Fähndrich, M.: Pentagons: A weakly relational abstract domain for the efficient validation of array accesses. Sci. Comput. Program. 75(9), 796–807 (2010)
Nagarakatte, S., Zhao, J., Martin, M.M., Zdancewic, S.: Softbound: Highly compatible and complete spatial safety for C. In: Proceedings of the 2009 ACM SIGPLAN Conference on Programming Language Design and Implementation (June 2009)
National Instruments Corporation: User Guide and Specifications NI USB-6008/6009: Bus-powered multifunction DAQ USB device (2004)
Nazaré, H., Maffra, I., Santos, W., Barbosa, L., Pereira, F., Gonnord, L.: Validation of memory accesses through symbolic analyses. In: Proceedings of the 2014 ACM SIGPLAN International Conference on Object Oriented Programming Systems Languages & Applications, OOPSLA 2014. ACM (to appear, 2014), Invited paper with publication expected for 2014
Nethercote, N., Seward, J.: Valgrind: A framework for heavyweight dynamic binary instrumentation. SIGPLAN Not. 42(6), 89–100 (2007), http://doi.acm.org/10.1145/1273442.1250746
Noorman, J., Nikiforakis, N., Piessens, F.: There is safety in numbers: Preventing control-flow hijacking by duplication. In: Jøsang, A., Carlsson, B. (eds.) NordSec 2012. LNCS, vol. 7617, pp. 105–120. Springer, Heidelberg (2012)
Pearce, D.J., Kelly, P.H., Hankin, C.: Efficient field-sensitive pointer analysis of C. ACM Transactions on Programming Languages and Systems (TOPLAS)Â 30(1), 4 (2007)
Pouchet, L.N.: PolyBench: The Polyhedral Benchmark suite
Rugina, R., Rinard, M.: Symbolic bounds analysis of pointers, array indices, and accessed memory regions. SIGPLAN Not. 35(5), 182–195 (2000)
Ruwase, O., Lam, M.S.: A practical dynamic buffer overflow detector. In: Proceedings of the 11th Annual Network and Distributed System Security Symposium, pp. 159–169 (2004)
Serebryany, K., Bruening, D., Potapenko, A., Vyukov, D.: Addresssanitizer: A fast address sanity checker. In: Proceedings of the 2012 USENIX Conference on Annual Technical Conference, USENIX ATC 2012, p. 28. USENIX Association, Berkeley (2012), http://dl.acm.org/citation.cfm?id=2342821.2342849
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Moll, S., Nazaré, H., Machado, G.V., Rodrigues, R.E. (2014). Bounds Check Hoisting for AddressSanitizer. In: Quintão Pereira, F.M. (eds) Programming Languages. SBLP 2014. Lecture Notes in Computer Science, vol 8771. Springer, Cham. https://doi.org/10.1007/978-3-319-11863-5_4
Download citation
DOI: https://doi.org/10.1007/978-3-319-11863-5_4
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-11862-8
Online ISBN: 978-3-319-11863-5
eBook Packages: Computer ScienceComputer Science (R0)