Baggy Bounds with Accurate Checking

Baggy Bounds Checking is a backward-compatible defense against out-of-bounds errors. It is reported as being faster than any previous bounds checking tool. However, it enforces allocation bounds instead of object bounds and thus cannot detect memory errors that are in padding areas. In this paper, we present BBAC: a technique that extends Baggy Bounds Checking to enforce accurate bounds checking. The key insight behind our approach is to store the object size at the end of the padding area, making it efficient to lookup object bounds meta-data at runtime. We show experimentally that BBAC can detect more memory errors than Baggy Bounds Checking. Our experiments also show that BBAC only adds an additional 4.39% performance overhead over the original Baggy Bounds Checking technique for the Olden benchmarks and 2x overhead at most on the real-world applications we tested.

• Publication year

  2012

• Venue

  2012 IEEE 23rd International Symposium on Software Reliability Engineering Workshops

• Publication date

  2012-11-01

• Fields of study

  Computer Science

• Identifiers
  DOI 10.1109/ISSREW.2012.24
• External record

  Open on Semantic Scholar

• Source metadata

  Semantic Scholar

• No claims are published for this paper.

• No concepts are published for this paper.

• Light-weight bounds checking

  2012cited by this paper
• AddressSanitizer: A Fast Address Sanity Checker

  2012cited by this paper
• RIPE: runtime intrusion prevention evaluator

  2011influential reference
• Practical memory checking with Dr. Memory

  2011cited by this paper
• Boundless memory allocations for memory safety and high availability

  2011cited by this paper
• CETS: compiler enforced temporal safety for C

  2010cited by this paper
• Baggy Bounds Checking: An Efficient and Backwards-Compatible Defense against Out-of-Bounds Errors

  2009cited by this paper
• SoftBound: highly compatible and complete spatial memory safety for c

  2009cited by this paper
• Preventing Memory Error Exploits with WIT

  2008cited by this paper
• Valgrind: a framework for heavyweight dynamic binary instrumentation

  2007cited by this paper
• Securing software by enforcing data-flow integrity

  2006cited by this paper
• DieHard: probabilistic memory safety for unsafe languages

  2006cited by this paper
• Backwards-compatible array bounds checking for C with very low overhead

  2006cited by this paper
• SAFECode: enforcing alias analysis for weakly typed languages

  2005cited by this paper
• BugBench: Benchmarks for Evaluating Bug Detection Tools

  2005cited by this paper
• An efficient and backwards-compatible transformation to ensure memory safety of C programs

  2004cited by this paper
• LLVM: a compilation framework for lifelong program analysis & transformation

  2004cited by this paper
• A Practical Dynamic Buffer Overflow Detector

  2004cited by this paper
• CCured: type-safe retrofitting of legacy code

  2002cited by this paper
• CCured: type-safe retrofitting of legacy code

  2002cited by this paper
• Cyclone: A Safe Dialect of C

  2002cited by this paper
• Understanding the Linux Kernel

  2000cited by this paper
• Backwards-Compatible Bounds Checking for Arrays and Pointers in C Programs

  1997cited by this paper
• Low‐cost, Concurrent Checking of Pointer and Array Accesses in C Programs

  1997cited by this paper
• Software caching and computation migration in Olden

  1995cited by this paper
• Adding run‐time checking to the portable C compiler

  1992cited by this paper
• Fast detection of memory leaks and access errors

  1991cited by this paper

• Highly Comprehensive and Efficient Memory Safety Enforcement with Pointer Tagging

  2024cites this paper
• Memory Tagging using Cryptographic Integrity on Commodity x86 CPUs

  2024cites this paper
• Formal Mechanised Semantics of CHERI C: Capabilities, Undefined Behaviour, and Provenance

  2024cites this paper
• DatAFLow: Toward a Data-flow-guided Fuzzer

  2023cites this paper
• RV-CURE: A RISC-V Capability Architecture for Full Memory Safety

  2023cites this paper
• AOS-RISC-V: Towards Always-On Heap Memory Safety

  2022cites this paper
• In-fat pointer: hardware-assisted tagged-pointer spatial memory safety defense with subobject granularity protection

  2021cites this paper
• A Survey of Exploitation Techniques and Defenses for Program Data Attacks

  2020cites this paper
• Silhouette: Efficient Intra-Address Space Isolation for Protected Shadow Stacks on Embedded Systems

  2019cites this paper
• Silhouette: Efficient Protected Shadow Stacks for Embedded Systems

  2019cites this paper
• Revisiting memory assignment semantics in imperative programming languages

  2019cites this paper
• SafeStack ^+ : Enhanced Dual Stack to Combat Data-Flow Hijacking

  2017cites this paper
• Flexible and efficient memory object metadata

  2017influential citation
• SafeStack + : Enhanced Dual Stack to Combat Data-Flow Hijacking

  2017cites this paper
• Stack Bounds Protection with Low Fat Pointers

  2017cites this paper
• A Novel Data Race Detection Approach based on Buddy Memory Allocator

  2016cites this paper
• Heap bounds protection with low fat pointers

  2016cites this paper
• Asynchronous hardware-enforced memory safety

  2013cites this paper
• Edinburgh Research Explorer Formal Mechanised Semantics of CHERI C: Capabilities, Provenance, and Undefined Behaviour

  year unknowncites this paper
• Edinburgh Research Explorer Formal Mechanised Semantics of CHERI C: Capabilities, Provenance, and Undefined Behaviour

  year unknowncites this paper
• Edinburgh Research Explorer Formal Mechanised Semantics of CHERI C: Capabilities, Provenance, and Undefined Behaviour

  year unknowncites this paper