TUM Logo

Optimizing Memory Safety for C with Whole Program Analysis

Optimizing Memory Safety for C with Whole Program Analysis

Supervisor(s): Philip Zieris, Julian Horsch
Status: finished
Topic: Others
Author: Simon Berger
Submission: 2023-08-15
Type of Thesis: Masterthesis
Thesis topic in co-operation with the Fraunhofer Institute for Applied and Integrated Security AISEC, Garching

Description

The programming language C is not memory-safe and is therefore
vulnerable to attacks exploiting memory bugs. To thwart such attacks,
several tools have already been developed to retrofit programs written
in C with memory safety. A typical approach is to instrument the program
with sanitizer checks at compile-time, which detect memory errors at
run-time. Well-known solutions that provide both spatial and temporal
memory safety are SafeC, ASan, and SoftBound+CETS. These tools differ in
how they handle metadata containing information about the bounds and
lifetime of memory regions and the resulting compatibility and
completeness of memory safety. In this context, SoftBound and CETS stand
out by achieving complete memory safety without changing the memory
layout visible to the programmer and thus being fully compatible with
existing C code and instrumented dynamically linked libraries. However,
the required instrumentation imposes significant run time, memory, and
code size overheads limiting the practical use of such solutions. In
previous work, different approaches have been applied to reduce this
overhead by removing memory safety checks for memory regions proven to
be accessed safely during run-time. However, none of these approaches
optimizes metadata, and most focus solely on spatial memory safety or
introduce false negatives. In this work, we extend the temporal memory
safety solution CETS with static whole program analysis performed by the
LLVM static analysis framework SVF. We do not only remove checks for
safely accessed memory regions but also eliminate related metadata
operations that perform propagation, creation, or invalidation. This
approach allows us to remove 66% of all inserted checks and 36% of all
metadata-related operations, on average, for SPEC CPU 2017 benchmarks.
These reductions allow us to decrease the average run time overhead by
42% without impacting the memory safety guarantees of CETS. Our work
demonstrates the capabilities of applying whole program analysis to
perform an optimized instrumentation for temporal memory safety. In
addition, our overhead reductions make CETS a more viable tool in practice.