Description
The programming language C is not memory-safe and is therefore vulnerable to attacks exploiting memory bugs. To thwart such attacks, several tools have already been developed to retrofit programs written in C with memory safety. A typical approach is to instrument the program with sanitizer checks at compile-time, which detect memory errors at run-time. Well-known solutions that provide both spatial and temporal memory safety are SafeC, ASan, and SoftBound+CETS. These tools differ in how they handle metadata containing information about the bounds and lifetime of memory regions and the resulting compatibility and completeness of memory safety. In this context, SoftBound and CETS stand out by achieving complete memory safety without changing the memory layout visible to the programmer and thus being fully compatible with existing C code and instrumented dynamically linked libraries. However, the required instrumentation imposes significant run time, memory, and code size overheads limiting the practical use of such solutions. In previous work, different approaches have been applied to reduce this overhead by removing memory safety checks for memory regions proven to be accessed safely during run-time. However, none of these approaches optimizes metadata, and most focus solely on spatial memory safety or introduce false negatives. In this work, we extend the temporal memory safety solution CETS with static whole program analysis performed by the LLVM static analysis framework SVF. We do not only remove checks for safely accessed memory regions but also eliminate related metadata operations that perform propagation, creation, or invalidation. This approach allows us to remove 66% of all inserted checks and 36% of all metadata-related operations, on average, for SPEC CPU 2017 benchmarks. These reductions allow us to decrease the average run time overhead by 42% without impacting the memory safety guarantees of CETS. Our work demonstrates the capabilities of applying whole program analysis to perform an optimized instrumentation for temporal memory safety. In addition, our overhead reductions make CETS a more viable tool in practice.
|