search for: softbound

Displaying 20 results from an estimated 40 matches for "softbound".

2015 Feb 26
0
[LLVMdev] SAFECode testsuite query
...ASan, SAFECode, etc., a more accurate statement is that: a) SAFECode, with automatic pool allocation enabled, can make dangling pointers "harmless" (in that they will either be detected or will not cause a type-safety violation, as defined by DSA's type inference results). b) The SoftBound + CETS system (an option currently built into SAFECode) can detect dangling pointer errors (but with much higher overhead). Please note that automatic pool allocation is currently disabled by default. > -> crashes in system libraries due to security vulnerabilities. SAFECode augments or r...
2015 Feb 26
2
[LLVMdev] SAFECode testsuite query
Hello All, I am looking at exploring what benefits SAFECode has to offer over clang S.A and llvm's instrumentation tools like memory sanitizer and address sanitizer. I could come up with the following that are not provided in ASAN/MSAN/Clang S.A -> dangling pointer error and detection -> crashes in system libraries due to security vulnerabilities. In the process, I wanted to
2016 Jan 28
2
Intel MPX support (instrumentation pass similar to gcc's Pointer Checker)
...registers and instructions). I wonder if anyone is currently working on the LLVM pass for MPX instrumentation, similar to Pointer Checker in gcc. If yes, could anyone elaborate on the status and accessability to other researchers? And if any help is needed? Prof. Santosh Nagarakatte, the author of SoftBound/HardBound/WatchDog Lite, answered that he is not currently involved in MPX. But he pointed to the SoftBoundCETS prototype at https://github.com/santoshn/softboundcets-34 . Therefore, I was thinking about adapting SoftBound to MPX, as a drop-in replacement for gcc's Point...
2016 May 26
1
Runtime interception: design problem
Hi John, On 25 May 2016 at 16:11, John Criswell <jtcriswel at gmail.com> wrote: > Dear Pierre, > > Stepping up a level, what is your goal in replacing calls to malloc() and > free()? Is it any different than what SAFECode, SoftBound, or ASan do? > That's a good question. I didn't knew about SoftBound until now, so thank you for the name =). Anyway here is what I know: - ASan is a shadow-based memory protection, which allows accesses to an addressable field - I don't know every aspects of SAFECode. What I lo...
2013 Dec 16
3
[LLVMdev] How can I obtain upper bound of a pointer?
Hi, How can I obtain the upper bound of a pointer in the code? For example, I have a pointer Ptr which points to a block of memory that is allocated by malloc, say, Ptr = malloc(size); Then what should I do if I am going to get the upper bound of the memory block that is pointed to by Ptr in the runtime? Thanks, Ben -------------- next part -------------- An HTML attachment was scrubbed...
2013 Feb 27
0
[LLVMdev] [cfe-dev] JOB: Clang/LLVM developer
...s/. Don't worry that the job descriptions lack any mention of LLVM and Clang — we wrote them long before we realized that Clang/LLVM experience would be important to us. Interesting. Is the Secure Coding Group aware of the SAFECode compiler (http://safecode.cs.illinois.edu), SoftBound (which is integrated into the SAFECode compiler), and Address Sanitizer (which is integrated into LLVM and Clang)? It appears that some of the Secure Coding Group's goals overlap with these existing LLVM/Clang projects. -- John T.
2013 Feb 27
2
[LLVMdev] JOB: Clang/LLVM developer
The Secure Coding group at CERT has current job openings for knowledgeable Clang and/or LLVM developers. We have two (and soon to be three) ongoing research projects involving LLVM and Clang, with a need for significant development work. An ideal candidate would be someone who has multiple patches submitted and accepted across fairly diverse portions of the code base. The job postings are
2016 May 25
0
Runtime interception: design problem
Dear Pierre, Stepping up a level, what is your goal in replacing calls to malloc() and free()? Is it any different than what SAFECode, SoftBound, or ASan do? Regards, John Criswell On 5/25/16 8:05 AM, Pierre Gagelin via llvm-dev wrote: > Hi everyone, > > I am having troubles but this shouldn't be hard to solve for many > people here. I am beginning a runtime feature for the BoundsChecking > pass and I want to...
2017 Feb 17
6
Intel MPX support (instrumentation pass similar to gcc's Pointer Checker)
...gt;>/would like to make a sufficiently comprehensive report, with not only />>/the performance/memory overhead numbers, but also discussing and />>/evaluating security guarantees. I will also examine the available />>/source codes (ASan, gcc-mpx, SoftBound) and will spend some pages on a />>/discussion of the different approaches (trying to do science, you see />>/:)). />>//>>/Btw, I will target only deterministic memory-safety no-code-changes />>/approaches that protect against sp...
2016 Feb 09
2
Intel MPX support (instrumentation pass similar to gcc's Pointer Checker)
...OST -check-pointers-mpx:rw >>> >> >> Interesting, looking forward to reading your report! >> >>> >>> Note "rw" which stands for protecting read and write accesses. In the >>> future, I will analyze how different flags affect ASan / SoftBoundCETS >>> / gcc-mpx / icc-mpx. >>> I will also use a set of microbenchmarks/benchmarks (e.g., RIPE) to >>> test the protection provided. >>> >>> > SPEC2006 is well know so it could be useful. Especially 483.xalancbmk >>> > Beside...
2016 May 25
4
Runtime interception: design problem
Hi everyone, I am having troubles but this shouldn't be hard to solve for many people here. I am beginning a runtime feature for the BoundsChecking pass and I want to replace the libc malloc&free. I followed the design of AddressSanitizer (Asan) and tried to use the INTERCEPTOR macro from the interception.h file of compiler-rt library. Here is the problem. The file I modify
2013 Dec 16
0
[LLVMdev] How can I obtain upper bound of a pointer?
This is rather off-topic for LLVM, it's a C programming question and the C answer is: you can't. C doesn't expose any way to find the upper limit of 'Ptr' you just have to keep track of what size you used yourself. On Sun, Dec 15, 2013 at 6:22 PM, 李永超 <lyc364 at gmail.com> wrote: > Hi, > How can I obtain the upper bound of a pointer in the code? For example, I
2016 Jun 09
2
Fatpointer Pass already existing?
...ally on security passes (ASan, SAFECode, BoundsChecking) I wanted to know if there were an available implementation of strictly fat-pointer based approach to enforce bounds? If not, I wanted to implement one. I think it is interessant to have such a tool available even if there are better designs (SoftBound does have a fat-pointer approach with separated metadata accessible by hash table or shadow space which allows to have compatibility). Thanks for your advice, Pierre -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.llvm.org/pipermail/...
2009 Oct 23
0
[LLVMdev] project based in trusted computing
...cts that focus on security: 1) The SAFECode compiler, which provides memory safety guarantees nearly as strong as those found in type-safe languages (such as Java). The source code isn't publicly distributed yet (I'm working on it), but we can get you an early copy if you need it. 2) The SoftBound project, which provides dynamic array bounds checking for code compiled to LLVM. This is publicly available for LLVM 2.5 from http://www.cis.upenn.edu/acg/softbound/. 3) The Clang static analyzer, which is a source-level analyzer that looks for bugs in programs. It is publicl...
2015 Jul 22
2
[LLVMdev] (no subject)
Hello, I have tried a lot fix this error but am not able to can you please find me a solution am trying to compile the SAFECode in Cygwin Environment to work for windows. used make -j4 command to make the files in cygwin i have got this error make[5]: Leaving directory '/home/uidr7475/Work/LLVM_OBJ/projects/safecode/tools/clang/include'
2009 Oct 22
2
[LLVMdev] project based in trusted computing
Sir, I am a M.tech student of Computer Science and Engineering Department ,Indian Institute of technology, Kharagpur(India). I have to do a project in trusted computing field. I went through LLVM Project site. and I want to work in some project of LLVM. Can u suggest me some project which is somehow related to trusted computing and i can work on that ? In hope of your reply, Amit Suthar
2012 Apr 05
1
[LLVMdev] Google Summer of Code proposal: Adding memory safety checks to the LLVM bitcodes
...grind does not do bounds checking in its default mode; it merely finds invalid loads and stores. Its ptrcheck tool does bounds checking but is slow and can sometimes be unreliable. Second, you should actually mention that tools for dynamic array bounds checking do exist (primarily SAFECode and SoftBound). You should emphasize that you're trying to optimize the speed at which SAFECode/SoftBound instrumented programs can run by optimizing away run-time array bounds checks. Third, I don't think you need a C code example to demonstrate your point. Everyone knows what a buffer overfl...
2012 Mar 30
0
[LLVMdev] Google Summer of Code proposal: Adding memory safety checks to the LLVM bitcodes
...safety, but these features are currently disabled because they are not sufficiently robust. While initially designed to protect applications during production, SAFECode has a generic pass to add debug information to its run-time checks, essentially make it a valgrind replacement like ASAN. 3) SoftBound and its CETS extension (http://www.cis.upenn.edu/acg/softbound) have been integrated into the SAFECode compiler and can be enabled with options in SAFECode's clang. It provides array bounds checking and, with CETS, optional dangling pointer detection. While I don't thi...
2012 Mar 30
4
[LLVMdev] Google Summer of Code proposal: Adding memory safety checks to the LLVM bitcodes
Dear LLVMers, My name is Raphael Ernani, and I am doing my MsC at the Federal University of Minas Gerais, Brazil. I have been using LLVM for a while, and I would like to participate in this year's Summer of Code. One particular idea, in your "open projects" page caught my eye, and I decided to write a proposal about it. The line that I liked in the page was "Create an LLVM
2012 Apr 06
2
[LLVMdev] GSoC proposal: Common memory safety instrumentation and optimization passes for LLVM
...ot make the mistake that SAFECode originally made. Finally, the common infrastructure idea I was talking about on the SAFECode open projects page is to have a common set of run-time check function names and set of instrumentation passes to add them and optimize them. In this way, SAFECode/SoftBound/ASAN can share not only the same analysis passes (e.g., an always-safe load/store analysis) but the actual optimization and instrumentation passes, too. SAFECode/ASAN specific transforms can be run after the generic instrumentation passes to specialize the checks for the specific t...