Skip to Main content Skip to Navigation
Conference papers

SIMBER: Eliminating Redundant Memory Bound Checks via Statistical Inference

Abstract : Unsafe memory accesses in programs written using popular programming languages like C and C++ have been among the leading causes of software vulnerability. Memory safety checkers, such as Softbound, enforce memory spatial safety by checking if accesses to array elements are within the corresponding array bounds. However, such checks often result in high execution time overhead due to the cost of executing the instructions associated with the bound checks. To mitigate this problem, techniques to eliminate redundant bound checks are needed. In this paper, we propose a novel framework, SIMBER, to eliminate redundant memory bound checks via statistical inference. In contrast to the existing techniques that primarily rely on static code analysis, our solution leverages a simple, model-based inference to identify redundant bound checks based on runtime statistics from past program executions. We construct a knowledge base containing sufficient conditions using variables inside functions, which are then applied adaptively to avoid future redundant checks at a function-level granularity. Our experimental results on real-world applications show that SIMBER achieves zero false positives. Also, our approach reduces the performance overhead by up to 86.94% over Softbound, and incurs a modest 1.7% code size increase on average to circumvent the redundant bound checks inserted by Softbound.
Document type :
Conference papers
Complete list of metadata

Cited literature [18 references]  Display  Hide  Download
Contributor : Hal Ifip Connect in order to contact the contributor
Submitted on : Monday, November 27, 2017 - 10:30:49 AM
Last modification on : Thursday, April 15, 2021 - 6:04:01 PM


Files produced by the author(s)


Distributed under a Creative Commons Attribution 4.0 International License



Hongfa Xue, Yurong Chen, Fan Yao, Yongbo Li, Tian Lan, et al.. SIMBER: Eliminating Redundant Memory Bound Checks via Statistical Inference. 32th IFIP International Conference on ICT Systems Security and Privacy Protection (SEC), May 2017, Rome, Italy. pp.413-426, ⟨10.1007/978-3-319-58469-0_28⟩. ⟨hal-01648985⟩



Record views


Files downloads