This paper presents BoundWarden, a novel spatial memory safety enforcement approach that utilizes a combination of compile-time transformation and runtime concurrent monitoring techniques. The compiler extension component of BoundWarden transparently instruments source code of C programs with the code that allows the runtime component of BoundWarden to comprehensively detect and prevent buffer overflow and other out-of-bound errors in buffers on the stack, heap, as well as BSS and data segments of memory. To reduce runtime overhead of bound checking, the runtime component of BoundWarden leverages the ubiquity of multi-core processors by offloading most of the work to a dedicated bound checking thread, which is responsible for performing bound checking and managing metadata. To preserve memory layout and maintain compatibility with existing libraries and binaries, BoundWarden stores the base and the bound of buffers in a separated dedicated bound table. Experiments showed that the prototype of BoundWarden is effective at enforcing spatial memory safety by successfully passing all 850 tests of RIPE test suite, and 94% of NIST's SARD test suite 89, while the results from the Olden benchmark suite showed that on average BoundWarden introduced roughly 1.85x overhead, compared to the uninstrumented code.

本文介绍了BoundWarden，这是一种新颖的空间内存安全实施方法，该方法结合了编译时转换和运行时并发监视技术。BoundWarden的编译器扩展组件使用允许BoundWarden的运行时组件全面检测并防止堆栈，堆以及BSS上的缓冲区溢出和缓冲区溢出的代码来透明地检测C程序的源代码。和内存的数据段。为了减少边界检查的运行时开销，BoundWarden的运行时组件通过将大部分工作卸载到专用的边界检查线程来利用多核处理器的普遍性，该线程负责执行边界检查和管理元数据。为了保留内存布局并保持与现有库和二进制文件的兼容性，BoundWarden将缓冲区的基数和边界存储在单独的专用绑定表中。实验表明，BoundWarden的原型通过成功通过850个RIPE测试套件和94％的NIST SARD测试套件89个测试，成功地增强了空间内存安全性，而Olden基准套件的结果表明，BoundWarden平均引入了大约与非仪器代码相比，开销为1.85倍。