Compiler-Enforced Buffer Overflow Elimination
November 2014 • Software
This tool prevents buffer overflows from succeeding in multithreaded code using static and dynamic analysis.
Software Engineering Institute
The Compiler-Enforced Buffer Overflow Elimination tool is a research prototype designed to prevent buffer overflows from succeeding in multithreaded code. Our researchers combine static and dynamic analysis to find language constructs that can result in out-of-bounds accesses and modify the compiler to eliminate potential buffer overflows. This memory safety compiler prevents buffer overflows from successfully executing and has the following features that go beyond those of other memory safety mechanisms:
- hoists bounds checks out of some loops for increased performance
- generates code that works in a multithreaded environment
- can either abort the program upon encountering an attempted buffer overflow or print a message and continue executing to aid in debugging applications
The Compiler-Enforced Buffer Overflow Elimination tool addresses only spatial safety (wandering outside the address range of the intended object). It does not address temporal safety (such as dangling pointers).