BoundWarden: Thread-enforced spatial memory safety through compile-time transformations

Abstract

This paper presents BoundWarden, a novel spatial memory safety enforcement approach that utilizes a combination of compile-time transformation and runtime concurrent monitoring techniques. The compiler extension component of BoundWarden transparently instruments source code of C programs with the code that allows the runtime component of BoundWarden to comprehensively detect and prevent buffer overflow and other out-of-bound errors in buffers on the stack, heap, as well as BSS and data segments of memory. To reduce runtime overhead of bound checking, the runtime component of BoundWarden leverages the ubiquity of multi-core processors by offloading most of the work to a dedicated bound checking thread, which is responsible for performing bound checking and managing metadata. To preserve memory layout and maintain compatibility with existing libraries and binaries, BoundWarden stores the base and the bound of buffers in a separated dedicated bound table. Experiments showed that the prototype of BoundWarden is effective at enforcing spatial memory safety by successfully passing all 850 tests of RIPE test suite, and 94% of NIST's SARD test suite 89, while the results from the Olden benchmark suite showed that on average BoundWarden introduced roughly 1.85x overhead, compared to the uninstrumented code. • We propose BoundWarden, a spatial memory safety enforcement system. • BoundWarden utilizes compile-time transformation and concurrent monitoring techniques. • BoundWarden enforces spatial memory safety in buffers on stack, heap, BSS, and data segments. • BoundWarden offloads runtime overhead to the bound checking thread. • We evaluate BoundWarden using two test suites and one benchmark.