Efficient Bounds Checking for C

Weihaw Chuang, Satish Narayanasamy and Brad Calder
November 28, 2004

Bounds checking can be used to significantly increase software quality control and security. Bounds checking is the process of keeping track of the address boundaries for an object, buffer, or array, and checking loads and stores that access that structure to make sure that they do not stray outside of the bounds. Run-time bounds checking for C has resulted in high overheads. This has prevented its inclusion in most released software due to its overhead, and has limited it to being used for just debugging. In this paper we examine several approaches to reduce this overhead for general purpose C programs. We first examine code generation optimizations to generate efficient code using x86 bounds instruction which incurs about 36% performance overhead which is a significant reduction over baseline bounds checking compiler which incurs about a 73% overhead. Then we evaluate the performance of x86 bound instruction on two different processors and examine what the bound checking overhead should be with an efficient x86 bound implementation. Finally we examine two compiler optimization techniques focused at performing bounds checking only for accesses to strings and at interfaces which are traditional targets for buffer overflow attacks. For these two approaches, the overhead incurred is about 20% on an average.

How to view this document

The authors of these documents have submitted their reports to this technical report series for the purpose of non-commercial dissemination of scientific work. The reports are copyrighted by the authors, and their existence in electronic format does not imply that the authors have relinquished any rights. You may copy a report for scholarly, non-commercial purposes, such as research or instruction, provided that you agree to respect the author's copyright. For information concerning the use of this document for other than research or instructional purposes, contact the authors. Other information concerning this technical report series can be obtained from the Computer Science and Engineering Department at the University of California at San Diego, techreports@cs.ucsd.edu.

[ Search ]

This server operates at UCSD Computer Science and Engineering.
Send email to webmaster@cs.ucsd.edu