Department of Computer Science & Engineering

Bounds checking can be used to significantly increase software quality control and security. Bounds checking is the process of keeping track of the address boundaries for an object, buffer, or array, and checking loads and stores that access that structure to make sure that they do not stray outside of the bounds. Run-time bounds checking for C has resulted in high overheads. This has prevented its inclusion in most released software due to its overhead, and has limited it to being used for just debugging. In this paper we examine several approaches to reduce this overhead for general purpose C programs. We first examine code generation optimizations to generate efficient code using x86 bounds instruction which incurs about 36% performance overhead which is a significant reduction over baseline bounds checking compiler which incurs about a 73% overhead. Then we evaluate the performance of x86 bound instruction on two different processors and examine what the bound checking overhead should be with an efficient x86 bound implementation. Finally we examine two compiler optimization techniques focused at performing bounds checking only for accesses to strings and at interfaces which are traditional targets for buffer overflow attacks. For these two approaches, the overhead incurred is about 20% on an average.

Pre-2018 CSE ID: CS2004-0805