tutorial

WatchdogLite: Hardware-Accelerated Compiler-Based Pointer Checking

Authors:

Santosh Nagarakatte,

Milo M. K. Martin,

Steve ZdancewicAuthors Info & Claims

CGO '14: Proceedings of Annual IEEE/ACM International Symposium on Code Generation and Optimization

Pages 175 - 184

https://doi.org/10.1145/2544137.2544147

Published: 16 October 2018 Publication History

Abstract

Lack of memory safety in C is the root cause of a multitude of serious bugs and security vulnerabilities. Numerous software-only and hardware-based schemes have been proposed to enforce memory safety. Among these approaches, pointer-based checking, which maintains per-pointer metadata in a disjoint metadata space, has been recognized as providing comprehensive memory safety. Software approaches for pointer-based checking have high performance overheads. In contrast, hardware approaches introduce a myriad of hardware structures and widgets to mitigate those performance overheads.

This paper proposes WatchdogLite, an ISA extension that provides hardware acceleration for a compiler implementation of pointer-based checking. This division of labor between the compiler and the hardware allows for hardware acceleration while using only preexisting architectural registers. By leveraging the compiler to identify pointers, perform check elimination, and insert the new instructions, this approach attains performance similar to prior hardware-intensive approaches without adding any hardware structures for tracking metadata.

References

[1]

P. Akritidis, M. Costa, M. Castro, and S. Hand. Baggy Bounds Checking: An Efficient and Backwards-Compatible Defense Against Out-of-Bounds Errors. In Proceedings of the 18th USENIX Security Symposium, Aug. 2009.

Digital Library

[2]

T. M. Austin, S. E. Breach, and G. S. Sohi. Efficient Detection of All Pointer and Array Access Errors. In Proceedings of the SIGPLAN 1994 Conference on Programming Language Design and Implementation, June 1994.

Digital Library

[3]

E. G. Barrantes, D. H. Ackley, T. S. Palmer, D. Stefanovic, and D. D. Zovi. Randomized Instruction Set Emulation to Disrupt Binary Code Inject Attacks. In Proceedings of the 10th ACM Conference on Computer and Communications Security, 2003.

Digital Library

[4]

E. D. Berger and B. G. Zorn. DieHard: Probabilistic Memory Safety for Unsafe Languages. In Proceedings of the SIGPLAN 2006 Conference on Programming Language Design and Implementation, June 2006.

Digital Library

[5]

S. Bhatkar and R. Sekar. Data Space Randomization. In Proceedings of the 5th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, 2008.

Digital Library

[6]

R. Bodík, R. Gupta, and V. Sarkar. ABCD: Eliminating Array Bounds Checks on Demand. In Proceedings of the SIGPLAN 2000 Conference on Programming Language Design and Implementation, June 2000.

Digital Library

[7]

S. Bradshaw. Heap Spray Exploit Tutorial: Internet Explorer Use After Free Aurora Vulnerability. http://www.thegreycorner.com/2010/01/heap-spray-exploit-tutorial-internet.html.

[8]

M. Castro, M. Costa, and T. Harris. Securing Software by Enforcing Data-Flow Integrity. In Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation, Nov. 2006.

Digital Library

[9]

S. Chen, M. Kozuch, T. Strigkos, B. Falsafi, P. B. Gibbons, T. C. Mowry, V. Ramachandran, O. Ruwase, M. Ryan, and E. Vlachos. Flexible Hardware Acceleration for Instruction-Grain Program Monitoring. In Proceedings of the 35th Annual International Symposium on Computer Architecture, June 2008.

Digital Library

[10]

W. Chuang, S. Narayanasamy, and B. Calder. Accelerating Meta Data Checks for Software Correctness and Security. Journal of Instruction-Level Parallelism, 9, June 2007.

[11]

J. Condit, M. Harren, Z. Anderson, D. Gay, and G. C. Necula. Dependent Types for Low-Level Programming. In Proceedings of the 16th European Symposium on Programming, Apr. 2007.

Digital Library

[12]

J. Devietti, C. Blundell, M. M. K. Martin, and S. Zdancewic. Hardbound: Architectural Support for Spatial Safety of the C Programming Language. In Proceedings of the 13th International Conference on Architectural Support for Programming Languages and Operating Systems, Mar. 2008.

Digital Library

[13]

D. Dhurjati and V. Adve. Backwards-Compatible Array Bounds Checking for C with Very Low Overhead. In Proceedings of the 28th International Conference on Software Engineering (ICSE), 2006.

Digital Library

[14]

F. C. Eigler. Mudflap: Pointer Use Checking for C/C++. In GCC Developer's Summit, 2003.

[15]

K. Ganesh. Pointer Checker: Easily Catch Out-of-Bounds Memory Accesses. Intel Corporation, 2012. http://software.intel.com/sites/products/parallelmag/singlearticles/issue11/7080_2_IN_ParallelMag_Issue11_Pointer_Checker.pdf.

[16]

S. Ghose, L. Gilgeous, P. Dudnik, A. Aggarwal, and C. Waxman. Architectural Support for Low Overhead Detection of Memory Viloations. In Proceedings of the Design, Automation and Test in Europe, Mar. 2009.

Digital Library

[17]

A. Hilton and A. Roth. Decoupled Store Completion/Silent Deterministic Replay: Enabling Scalable Data Memory for CPR/CFP Processors. In Proceedings of the 37th Annual International Symposium on Computer Architecture, June 2010.

Digital Library

[18]

A. D. Hilton, S. Nagarakatte, and A. Roth. iCFP: Tolerating All-Level Cache Misses in In-Order Processors. In Proceedings of the 15th Symposium on High-Performance Computer Architecture, Feb. 2009.

[19]

Intel Corporation. Intel Architecture Instruction Set Extensions Programming Reference, 319433-015 edition, July 2013. http://download-software.intel.com/sites/default/files/319433-015.pdf.

[20]

R. W. M. Jones and P. H. J. Kelly. Backwards-Compatible Bounds Checking for Arrays and Pointers in C Programs. In Third International Workshop on Automated Debugging, Nov. 1997.

[21]

G. S. Kc, A. D. Keromytis, and V. Prevelakis. Countering Code-Injection Attacks With Instruction-Set Randomization. In Proceedings of the 10th ACM Conference on Computer and Communications Security, 2003.

Digital Library

[22]

M. Kharbutli, X. Jiang, Y. Solihin, G. Venkataramani, and M. Prvulovic. Comprehensively and Efficiently Protecting the Heap. In Proceedings of the 12th International Conference on Architectural Support for Programming Languages and Operating Systems, Oct. 2006.

Digital Library

[23]

V. Markstein, J. Cocke, and P. Markstein. Optimization of Range Checking. In Proceedings of the 1982 SIGPLAN symposium on Compiler Construction, 1982.

Digital Library

[24]

S. Nagarakatte. Practical Low-Overhead Enforcement of Memory Safety for C Programs. PhD thesis, University of Pennsylvania, 2012.

Digital Library

[25]

S. Nagarakatte, M. M. K. Martin, and S. Zdancewic. Watchdog: Hardware for Safe and Secure Manual Memory Management and Full Memory Safety. In Proceedings of the 39th Annual International Symposium on Computer Architecture, June 2012.

Digital Library

[26]

S. Nagarakatte, M. M. K. Martin, and S. Zdancewic. Hardware-Enforced Comprehensive Memory Safety. IEEE Micro, 33(3), May/June 2013.

Digital Library

[27]

S. Nagarakatte, J. Zhao, M. M. K. Martin, and S. Zdancewic. Soft-Bound: Highly Compatible and Complete Spatial Memory Safety for C. In Proceedings of the SIGPLAN 2009 Conference on Programming Language Design and Implementation, June 2009.

Digital Library

[28]

S. Nagarakatte, J. Zhao, M. M. K. Martin, and S. Zdancewic. CETS: Compiler Enforced Temporal Safety for C. In Proceedings of the 2010 International Symposium on Memory Management, June 2010.

Digital Library

[29]

G. C. Necula, J. Condit, M. Harren, S. McPeak, and W. Weimer. CCured: Type-Safe Retrofitting of Legacy Software. ACM Transactions on Programming Languages and Systems, 27(3), May 2005.

Digital Library

[30]

N. Nethercote and J. Seward. How to Shadow Every Byte of Memory Used by a Program. In Proceedings of the 3rd ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments, 2007.

Digital Library

[31]

N. Nethercote and J. Seward. Valgrind: A Framework for Heavyweight Dynamic Binary Instrumentation. In Proceedings of the SIGPLAN 2007 Conference on Programming Language Design and Implementation, June 2007.

Digital Library

[32]

NIST. NIST Juliet Test Suite for C/C++, 2010. http://samate.nist.gov/SRD/.

[33]

G. Novark and E. D. Berger. DieHarder: Securing the Heap. In Proceedings of the 17th ACM Conference on Computer and Communications Security, 2010.

Digital Library

[34]

G. Novark, E. D. Berger, and B. G. Zorn. Exterminator: Automatically Correcting Memory Errors with High Probability. In Proceedings of the SIGPLAN 2007 Conference on Programming Language Design and Implementation, June 2007.

Digital Library

[35]

B. V. Patel, R. Gopalakrishna, A. F. Glew, R. J. Kushlis, D. A. V. Dyke, J. F. Cihula, A. K. Mallick, J. B. Crossland, G. Nelger, S. D. Rodgers, M. G. Dixon, M. J. Charney, and J. Gottelieb. Managing and Implementing Metadata in Central Processing Unit Using Register Extensions, Mar. 2011. US Patent Pub No: US 2011/0078389 A1.

[36]

H. Patil and C. N. Fischer. Low-Cost, Concurrent Checking of Pointer and Array Accesses in C Programs. Software --- Practice & Experience, 27(1):87--110, 1997.

[37]

J. Pincus and B. Baker. Beyond Stack Smashing: Recent Advances in Exploiting Buffer Overruns. IEEE Security & Privacy, 2(4):20--27, 2004.

Digital Library

[38]

P. Porras, H. Saidi, and V. Yegneswaran. An Analysis of Conficker's Logic and Rendezvous Points. Technical report, SRI International, Feb. 2009.

[39]

F. Qin, S. Lu, and Y. Zhou. SafeMem: Exploiting ECC-Memory for Detecting Memory Leaks and Memory Corruption During Production Runs. In Proceedings of the 11th Symposium on High-Performance Computer Architecture, Feb. 2005.

Digital Library

[40]

K. Serebryany, D. Bruening, A. Potapenko, and D. Vyukov. AddressSanitizer: A Fast Address Sanity Checker. In Proceedings of the USENIX Annual Technical Conference, 2012.

Digital Library

[41]

J. Seward and N. Nethercote. Using Valgrind to Detect Undefined Value Errors with Bit-Precision. In Proceedings of the 2005 USENIX Annual Technical Conference, Apr. 2005.

Digital Library

[42]

M. S. Simpson and R. K. Barua. MemSafe: Ensuring the Spatial and Temporal Memory Safety of C at Runtime. In IEEE International Workshop on Source Code Analysis and Manipulation, 2010.

Digital Library

[43]

L. Szekeres, M. Payer, T. Wei, and D. Song. SoK: Eternal War in Memory. In Proceedings of the 2013 IEEE Symposium on Security and Privacy, 2013.

Digital Library

[44]

G. Venkataramani, B. Roemer, M. Prvulovic, and Y. Solihin. Mem-Tracker: Efficient and Programmable Support for Memory Access Monitoring and Debugging. In Proceedings of the 13th Symposium on High-Performance Computer Architecture, Feb. 2007.

Digital Library

[45]

J. Wilander and M. Kamkar. A Comparison of Publicly Available Tools for Dynamic Buffer Overflow Prevention. In Proceedings of the Network and Distributed Systems Security Symposium, 2003.

[46]

R. E. Wunderlich, T. F. Wenisch, B. Falsafi, and J. C. Hoe. SMARTS: Accelerating Microarchitecture Simulation via Rigorous Statistical Sampling. In Proceedings of the 30th Annual International Symposium on Computer Architecture, June 2003.

Digital Library

[47]

W. Xu, D. C. DuVarney, and R. Sekar. An Efficient and Backwards-Compatible Transformation to Ensure Memory Safety of C Programs. In Proceedings of the 12th ACM SIGSOFT International Symposium on Foundations of Software Engineering, 2004.

Digital Library

[48]

J. Zhao, S. Nagarakatte, M. M. K. Martin, and S. Zdancewic. Formalizing the LLVM Intermediate Representation for Verified Program Transformations. In Proceedings of The 39th ACM SIGPLAN/SIGACT Symposium on Principles of Programming Languages, Jan. 2012.

Digital Library

Cited By

Nagarakatte S(2024)Full Spatial and Temporal Memory Safety for CIEEE Security & Privacy10.1109/MSEC.2024.336314222:4(30-39)Online publication date: Jul-2024
https://doi.org/10.1109/MSEC.2024.3363142
Stavrakakis DPanfil ANam MBhatotia P(2024)SPP: Safe Persistent Pointers for Memory Safety2024 54th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)10.1109/DSN58291.2024.00019(37-52)Online publication date: 24-Jun-2024
https://doi.org/10.1109/DSN58291.2024.00019
Xu SLiu EHuang WLie D(2023)MIFP: Selective Fat-Pointer Bounds Compression for Accurate Bounds CheckingProceedings of the 26th International Symposium on Research in Attacks, Intrusions and Defenses10.1145/3607199.3607212(609-622)Online publication date: 16-Oct-2023
https://dl.acm.org/doi/10.1145/3607199.3607212
Show More Cited By

Index Terms

WatchdogLite: Hardware-Accelerated Compiler-Based Pointer Checking
1. Computer systems organization
  1. Architectures
2. Software and its engineering
  1. Software creation and management
    1. Software verification and validation
      1. Software defect analysis
        Software testing and debugging
  2. Software notations and tools
    1. Compilers

Recommendations

WatchdogLite: Hardware-Accelerated Compiler-Based Pointer Checking
CGO '14: Proceedings of Annual IEEE/ACM International Symposium on Code Generation and Optimization

Lack of memory safety in C is the root cause of a multitude of serious bugs and security vulnerabilities. Numerous software-only and hardware-based schemes have been proposed to enforce memory safety. Among these approaches, pointer-based checking, ...
Beyond spatial and temporal memory safety
ICSE '18: Proceedings of the 40th International Conference on Software Engineering: Companion Proceeedings

The unsafe features of C often lead to memory errors that can result in vulnerabilities. Dynamic analysis tools are widely used to detect such errors at runtime and enforce memory safety. It is widely believed that memory safety exactly consists of ...
No-FAT: architectural support for low overhead memory safety checks
ISCA '21: Proceedings of the 48th Annual International Symposium on Computer Architecture

Memory safety continues to be a significant software reliability and security problem, and low overhead and low complexity hardware solutions have eluded computer designers. In this paper, we explore a pathway to deployable memory safety defenses. Our ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CGO '14: Proceedings of Annual IEEE/ACM International Symposium on Code Generation and Optimization

February 2014

328 pages

ISBN:9781450326704

DOI:10.1145/2581122

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 16 October 2018

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Tutorial
Refereed limited

Conference

CGO '14

Sponsor:

CGO '14: 12th Annual IEEE/ACM International Symposium on Code Generation and Optimization

February 15 - 19, 2014

FL, Orlando, USA

Acceptance Rates

CGO '14 Paper Acceptance Rate 29 of 100 submissions, 29%;

Overall Acceptance Rate 312 of 1,061 submissions, 29%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

31
Total Citations
View Citations
27
Total Downloads

Downloads (Last 12 months)4
Downloads (Last 6 weeks)1

Reflects downloads up to 12 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Nagarakatte S(2024)Full Spatial and Temporal Memory Safety for CIEEE Security & Privacy10.1109/MSEC.2024.336314222:4(30-39)Online publication date: Jul-2024
https://doi.org/10.1109/MSEC.2024.3363142
Stavrakakis DPanfil ANam MBhatotia P(2024)SPP: Safe Persistent Pointers for Memory Safety2024 54th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)10.1109/DSN58291.2024.00019(37-52)Online publication date: 24-Jun-2024
https://doi.org/10.1109/DSN58291.2024.00019
Xu SLiu EHuang WLie D(2023)MIFP: Selective Fat-Pointer Bounds Compression for Accurate Bounds CheckingProceedings of the 26th International Symposium on Research in Attacks, Intrusions and Defenses10.1145/3607199.3607212(609-622)Online publication date: 16-Oct-2023
https://dl.acm.org/doi/10.1145/3607199.3607212
Zhou JCriswell JHicks M(2023)Fat Pointers for Temporal Memory Safety of CProceedings of the ACM on Programming Languages10.1145/35860387:OOPSLA1(316-347)Online publication date: 6-Apr-2023
https://dl.acm.org/doi/10.1145/3586038
Gollapudi RYuksek GDemicco DCole MKothari GKulkarni RZhang XGhose KPrakash AUmrigar Z(2023)Control Flow and Pointer Integrity Enforcement in a Secure Tagged Architecture2023 IEEE Symposium on Security and Privacy (SP)10.1109/SP46215.2023.10179416(2974-2989)Online publication date: May-2023
https://doi.org/10.1109/SP46215.2023.10179416
Jero SBurow NWard BSkowyra RKhazan RShrobe HOkhravi H(2022)TAG: Tagged Architecture GuideACM Computing Surveys10.1145/353370455:6(1-34)Online publication date: 7-Dec-2022
https://dl.acm.org/doi/10.1145/3533704
Dow HLi TParameswaran SOshana R(2022)HWST128Proceedings of the 59th ACM/IEEE Design Automation Conference10.1145/3489517.3530548(709-714)Online publication date: 10-Jul-2022
https://dl.acm.org/doi/10.1145/3489517.3530548
Gui BSong WXiong HHuang J(2022)Automated Use-After-Free Detection and Exploit Mitigation: How Far Have We Gone?IEEE Transactions on Software Engineering10.1109/TSE.2021.312199448:11(4569-4589)Online publication date: 1-Nov-2022
https://doi.org/10.1109/TSE.2021.3121994
Bauereiss TCampbell BSewell TArmstrong AEsswood LStark IBarnes GWatson RSewell P(2022)Verified Security for the Morello Capability-enhanced Prototype Arm ArchitectureProgramming Languages and Systems10.1007/978-3-030-99336-8_7(174-203)Online publication date: 29-Mar-2022
https://doi.org/10.1007/978-3-030-99336-8_7
Xu SHuang WLie DSherwood TBerger EKozyrakis C(2021)In-fat pointer: hardware-assisted tagged-pointer spatial memory safety defense with subobject granularity protectionProceedings of the 26th ACM International Conference on Architectural Support for Programming Languages and Operating Systems10.1145/3445814.3446761(224-240)Online publication date: 19-Apr-2021
https://dl.acm.org/doi/10.1145/3445814.3446761
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents