Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University

Digital Library

Javascript is currently disabled for your browser. For an optimal search experience, please enable javascript.

Advanced Search

Basic Search

Content Type

Topics

Publication Date

Software

Compiler-Enforced Buffer Overflow Elimination

  • November 2014
  • This tool prevents buffer overflows from succeeding in multithreaded code using static and dynamic analysis.
  • Secure Coding
  • Publisher: Software Engineering Institute
  • Abstract

    The Compiler-Enforced Buffer Overflow Elimination tool is a research prototype designed to prevent buffer overflows from succeeding in multithreaded code. Our researchers combine static and dynamic analysis to find language constructs that can result in out-of-bounds accesses and modify the compiler to eliminate potential buffer overflows. This memory safety compiler prevents buffer overflows from successfully executing and has the following features that go beyond those of other memory safety mechanisms:

    • hoists bounds checks out of some loops for increased performance
    • generates code that works in a multithreaded environment
    • can either abort the program upon encountering an attempted buffer overflow or print a message and continue executing to aid in debugging applications

    The Compiler-Enforced Buffer Overflow Elimination tool addresses only spatial safety (wandering outside the address range of the intended object). It does not address temporal safety (such as dangling pointers).

  • Download Prototype
  • Notes