Abstract:Unsafe memory accesses in programs written using popular programming languages like C/C++ have been among the leading causes for software vulnerability. Prior memory safety checkers such as SoftBound enforce memory spatial safety by checking if every access to array elements are within the corresponding array bounds. However, it often results in high execution time overhead due to the cost of executing the instructions associated with bounds checking. To mitigate this problem, redundant bounds check elimination techniques are needed. In this paper, we propose CHOP, a Convex Hull Optimization based framework, for bypassing redundant memory bounds checking via profile-guided inferences. In contrast to existing check elimination techniques that are limited by static code analysis, our solution leverages a model-based inference to identify redundant bounds checking based on runtime data from past program executions. For a given function, it rapidly derives and updates a knowledge base containing sufficient conditions for identifying redundant array bounds checking. We evaluate CHOP on real-world applications and benchmark (such as SPEC) and the experimental results show that on average 80.12% of dynamic bounds check instructions can be avoided, resulting in improved performance up to 95.80% over SoftBound.

CHOP: Bypassing Runtime Bounds Checking Through Convex Hull Optimization.