Compiler-Enforced Buffer Overflow Elimination Download

License Agreement

This is a license agreement ("Agreement") between your company (if being installed and used at a company) or self (if being installed and used by an individual) (the user is called "Licensee" or "you" in this Agreement) and Carnegie Mellon University (called "Carnegie Mellon" or "Licensor" in this Agreement). All rights not specifically granted to you in this Agreement are reserved to Licensor. By Clicking the "I Agree" button below, you are agreeing to fully comply with the terms and conditions of this Agreement, without modification by you. If you do not agree with these terms and conditions as originally stated, your only recourse is to discontinue using this software. Unless explicitly stated otherwise, any new features that augment or enhance this software, shall be subject to the terms of this Agreement.

Copyright © 2012 Carnegie Mellon University. All Rights Reserved.

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following acknowledgments and disclaimers.
2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
3. The names "Department of Homeland Security," "Carnegie Mellon University," "CERT" and/or "Software Engineering Institute" shall not be used to endorse or promote products derived from this software without prior written permission. For written permission, please contact permission@sei.cmu.edu.
4. Products derived from this software may not be called "CERT" nor may "CERT" appear in their names without prior written permission of permission@sei.cmu.edu.
5. Redistributions of any form whatsoever must retain the following acknowledgment:
   "This product includes software developed by CERT with funding and support from the Department of Homeland Security under Contract No. FA 8721-05-C-0003."

THIS SOFTWARE IS PROVIDED BY CARNEGIE MELLON UNIVERSITY 'AS IS' AND CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED, AS TO ANY MATTER, AND ALL SUCH WARRANTIES, INCLUDING WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, ARE EXPRESSLY DISCLAIMED. WITHOUT LIMITING THE GENERALITY OF THE FOREGOING, CARNEGIE MELLON UNIVERSITY DOES NOT MAKE ANY WARRANTY OF ANY KIND RELATING TO EXCLUSIVITY, INFORMATIONAL CONTENT, ERROR-FREE OPERATION, RESULTS TO BE OBTAINED FROM USE, FREEDOM FROM PATENT, TRADEMARK AND COPYRIGHT INFRINGEMENT AND/OR FREEDOM FROM THEFT OF TRADE SECRETS.

Note:

This is a research prototype for the purpose of preventing buffer overflows from succeeding in multithreaded code.  It is based on the SoftBound spatial memory safety mechanism, as distributed with the SAFECode project.

Features:

This prototype augments SoftBound with the following features.

• Hoists bounds checks out of some loops for increased performance.
• Has been made thread safe.
• Works for calls to memory intrinsic functions such as memcpy.
• Can be compiled to generate checks only for strings, or only for stores, or only for stores to strings, to increase performance at the expense of missing some potential problems.
• Can be tuned to abort the program on an attempted buffer overflow (the default), or print a message but continue executing, or quietly continue without printing a message.  This is achieved by setting the environment variable SOFTBOUNDCETS_ABORT_MODE to abort, continue, or quiet respectively when running the compiled program.

Some minor corrections to SAFECode function declarations are also included, so that SAFECode and SoftBound results can be compared.

The following are not included.

• Hoisting bounds checks out of functions has not been included, to avoid using proprietary mechanisms.
• This prototype only works within SoftBound's spatial safety framework, and not SoftBound+CETS temporal safety.

Prerequisites:

The current version of SAFECode at the time of this release is built on LLVM 3.2.  LLVM 3.4 and later are not capable of compiling LLVM 3.2, so it will be necessary to have GCC, or LLVM 3.3 or earlier, installed on the system to perform the compilation.

This prototype is intended for x86-64 Linux.  It may run on Mac OS X, but Apple's default version of LLVM is later than 3.3.

Downloading:

First, download bofelim.tar.  Then type the following commands into a terminal window (typically launched with Ctrl+Alt+T).

$ tar xf bofelim.tar
$ svn co http://llvm.org/svn/llvm-project/llvm/branches/release_32 llvm
$ cd llvm
$ patch -p0 -i ../llvm.patch
$ cd projects
$ svn co http://llvm.org/svn/llvm-project/poolalloc/branches/release_32 poolalloc
$ svn co http://llvm.org/svn/llvm-project/safecode/branches/release_32 safecode
$ cd safecode
$ patch -p0 -i ../../../llvm_projects_safecode.patch
$ cd ../../..

Building:

The following commands will build the compiler.  The -j options to parallelize make are optional, but are recommended because the compiler build is slow.

$ mkdir llvm_build
$ cd llvm_build
$ ../llvm/configure --enable-optimized --prefix=<your preferred install location>
$ make -j <number-of-cores> -k tools-only
$ cd projects/poolalloc
$ make -j <number-of-cores> -k
$ cd ../safecode
$ make -j <number-of-cores> -k
$ cd ../../..

Installing:

The following commands will install the compiler built above.

$ cd llvm_build
$ make install
$ cd projects/poolalloc
$ make install
$ cd ../safecode
$ make install
$ cd ../../..

Running:

Use the -fsoftbound flag to insert SoftBound checks, and use the -L flag to specify the location of the SoftBound runtime.

$ clang -g -O -fsoftbound foo.c -o foo -L<your preferred install location>/lib

Links:

• SoftBound
• SAFECode
• LLVM