Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University

Digital Library

Javascript is currently disabled for your browser. For an optimal search experience, please enable javascript.

Advanced Search

Basic Search

Content Type

Topics

Publication Date

Technical Note

Performance of Compiler-Assisted Memory Safety Checking

  • July 2014
  • By David Keaton , Robert C. Seacord
  • This technical note describes the criteria for deploying a compiler-based memory safety checking tool and the performance that can be achieved with two such tools whose source code is freely available.
  • Secure Coding
  • Publisher: CERT
  • Abstract

    Buffer overflows affect a large installed base of C code. This technical note describes the criteria for deploying a compiler-based memory safety checking tool and the performance that can be achieved with two such tools whose source code is freely available. The note then describes a modification to the LLVM compiler to enable hoisting bounds checks from loops and functions. This proof-of-concept prototype has been used to demonstrate how these optimizations can be performed reliably on bounds checks to improve their performance. However, the performance of bounds propagation is the dominant cost, and the overall runtime cost for bounds checking for C remains expensive, even after these optimizations are applied. Nevertheless, optimized bounds checks are adequate for non-performance-critical applications, and improvements in processor technology may allow optimized bounds checking to be used with performance-critical applications.

  • Download

Cite This Report

SEI

Keaton, David; & Seacord, Robert. Performance of Compiler-Assisted Memory Safety Checking (CMU/SEI-2014-TN-014). Software Engineering Institute, Carnegie Mellon University, 2014. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=299175

IEEE

Keaton. David, and Seacord. Robert, "Performance of Compiler-Assisted Memory Safety Checking," Software Engineering Institute, Carnegie Mellon University, Pittsburgh, Pennsylvania, Technical Note CMU/SEI-2014-TN-014, 2014. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=299175

APA

Keaton, David., & Seacord, Robert. (2014). Performance of Compiler-Assisted Memory Safety Checking (CMU/SEI-2014-TN-014). Retrieved December 22, 2014, from the Software Engineering Institute, Carnegie Mellon University website: http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=299175

CHI

David Keaton, & Robert Seacord. Performance of Compiler-Assisted Memory Safety Checking (CMU/SEI-2014-TN-014). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2014. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=299175

MLA

Keaton, David., & Seacord, Robert. 2014. Performance of Compiler-Assisted Memory Safety Checking (Technical Report CMU/SEI-2014-TN-014). Pittsburgh: Software Engineering Institute, Carnegie Mellon University. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=299175