search for: softbound

...ASan, SAFECode, etc., a more accurate statement is that: a) SAFECode, with automatic pool allocation enabled, can make dangling pointers "harmless" (in that they will either be detected or will not cause a type-safety violation, as defined by DSA's type inference results). b) The SoftBound + CETS system (an option currently built into SAFECode) can detect dangling pointer errors (but with much higher overhead). Please note that automatic pool allocation is currently disabled by default. > -> crashes in system libraries due to security vulnerabilities. SAFECode augments or r...

Hello All, I am looking at exploring what benefits SAFECode has to offer over clang S.A and llvm's instrumentation tools like memory sanitizer and address sanitizer. I could come up with the following that are not provided in ASAN/MSAN/Clang S.A -> dangling pointer error and detection -> crashes in system libraries due to security vulnerabilities. In the process, I wanted to run the

...registers and instructions). I wonder if anyone is currently working on the LLVM pass for MPX instrumentation, similar to Pointer Checker in gcc. If yes, could anyone elaborate on the status and accessability to other researchers? And if any help is needed? Prof. Santosh Nagarakatte, the author of SoftBound/HardBound/WatchDog Lite, answered that he is not currently involved in MPX. But he pointed to the SoftBoundCETS prototype at https://github.com/santoshn/softboundcets-34 . Therefore, I was thinking about adapting SoftBound to MPX, as a drop-in replacement for gcc's PointerChecker. Could anyone...

Hi John, On 25 May 2016 at 16:11, John Criswell <jtcriswel at gmail.com> wrote: > Dear Pierre, > > Stepping up a level, what is your goal in replacing calls to malloc() and > free()? Is it any different than what SAFECode, SoftBound, or ASan do? > That's a good question. I didn't knew about SoftBound until now, so thank you for the name =). Anyway here is what I know: - ASan is a shadow-based memory protection, which allows accesses to an addressable field - I don't know every aspects of SAFECode. What I lo...

Hi, How can I obtain the upper bound of a pointer in the code? For example, I have a pointer Ptr which points to a block of memory that is allocated by malloc, say, Ptr = malloc(size); Then what should I do if I am going to get the upper bound of the memory block that is pointed to by Ptr in the runtime? Thanks, Ben -------------- next part -------------- An HTML attachment was scrubbed...

...www.cert.org/jobs/. Don't worry that the job descriptions lack any mention of LLVM and Clang — we wrote them long before we realized that Clang/LLVM experience would be important to us. Interesting. Is the Secure Coding Group aware of the SAFECode compiler (http://safecode.cs.illinois.edu), SoftBound (which is integrated into the SAFECode compiler), and Address Sanitizer (which is integrated into LLVM and Clang)? It appears that some of the Secure Coding Group's goals overlap with these existing LLVM/Clang projects. -- John T.

The Secure Coding group at CERT has current job openings for knowledgeable Clang and/or LLVM developers. We have two (and soon to be three) ongoing research projects involving LLVM and Clang, with a need for significant development work. An ideal candidate would be someone who has multiple patches submitted and accepted across fairly diverse portions of the code base. The job postings are

Dear Pierre, Stepping up a level, what is your goal in replacing calls to malloc() and free()? Is it any different than what SAFECode, SoftBound, or ASan do? Regards, John Criswell On 5/25/16 8:05 AM, Pierre Gagelin via llvm-dev wrote: > Hi everyone, > > I am having troubles but this shouldn't be hard to solve for many > people here. I am beginning a runtime feature for the BoundsChecking > pass and I want to replace...

...cture for our experiments. We />>/would like to make a sufficiently comprehensive report, with not only />>/the performance/memory overhead numbers, but also discussing and />>/evaluating security guarantees. I will also examine the available />>/source codes (ASan, gcc-mpx, SoftBound) and will spend some pages on a />>/discussion of the different approaches (trying to do science, you see />>/:)). />>//>>/Btw, I will target only deterministic memory-safety no-code-changes />>/approaches that protect against spatial errors (I will probably />>/...

...-xHOST -check-pointers-mpx:rw >>> >> >> Interesting, looking forward to reading your report! >> >>> >>> Note "rw" which stands for protecting read and write accesses. In the >>> future, I will analyze how different flags affect ASan / SoftBoundCETS >>> / gcc-mpx / icc-mpx. >>> I will also use a set of microbenchmarks/benchmarks (e.g., RIPE) to >>> test the protection provided. >>> >>> > SPEC2006 is well know so it could be useful. Especially 483.xalancbmk >>> > Besides, maybe you...

Hi everyone, I am having troubles but this shouldn't be hard to solve for many people here. I am beginning a runtime feature for the BoundsChecking pass and I want to replace the libc malloc&free. I followed the design of AddressSanitizer (Asan) and tried to use the INTERCEPTOR macro from the interception.h file of compiler-rt library. Here is the problem. The file I modify

...ally on security passes (ASan, SAFECode, BoundsChecking) I wanted to know if there were an available implementation of strictly fat-pointer based approach to enforce bounds? If not, I wanted to implement one. I think it is interessant to have such a tool available even if there are better designs (SoftBound does have a fat-pointer approach with separated metadata accessible by hash table or shadow space which allows to have compatibility). Thanks for your advice, Pierre -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.llvm.org/pipermail/llvm-dev/attachm...

This is rather off-topic for LLVM, it's a C programming question and the C answer is: you can't. C doesn't expose any way to find the upper limit of 'Ptr' you just have to keep track of what size you used yourself. On Sun, Dec 15, 2013 at 6:22 PM, 李永超 <lyc364 at gmail.com> wrote: > Hi, > How can I obtain the upper bound of a pointer in the code? For example, I

...cts that focus on security: 1) The SAFECode compiler, which provides memory safety guarantees nearly as strong as those found in type-safe languages (such as Java). The source code isn't publicly distributed yet (I'm working on it), but we can get you an early copy if you need it. 2) The SoftBound project, which provides dynamic array bounds checking for code compiled to LLVM. This is publicly available for LLVM 2.5 from http://www.cis.upenn.edu/acg/softbound/. 3) The Clang static analyzer, which is a source-level analyzer that looks for bugs in programs. It is publicly available at http:...

Sir, I am a M.tech student of Computer Science and Engineering Department ,Indian Institute of technology, Kharagpur(India). I have to do a project in trusted computing field. I went through LLVM Project site. and I want to work in some project of LLVM. Can u suggest me some project which is somehow related to trusted computing and i can work on that ? In hope of your reply, Amit Suthar

Hello, I have tried a lot fix this error but am not able to can you please find me a solution am trying to compile the SAFECode in Cygwin Environment to work for windows. used make -j4 command to make the files in cygwin i have got this error make[5]: Leaving directory '/home/uidr7475/Work/LLVM_OBJ/projects/safecode/tools/clang/include' /usr/bin/cp: cannot stat

...grind does not do bounds checking in its default mode; it merely finds invalid loads and stores. Its ptrcheck tool does bounds checking but is slow and can sometimes be unreliable. Second, you should actually mention that tools for dynamic array bounds checking do exist (primarily SAFECode and SoftBound). You should emphasize that you're trying to optimize the speed at which SAFECode/SoftBound instrumented programs can run by optimizing away run-time array bounds checks. Third, I don't think you need a C code example to demonstrate your point. Everyone knows what a buffer overflow i...

...safety, but these features are currently disabled because they are not sufficiently robust. While initially designed to protect applications during production, SAFECode has a generic pass to add debug information to its run-time checks, essentially make it a valgrind replacement like ASAN. 3) SoftBound and its CETS extension (http://www.cis.upenn.edu/acg/softbound) have been integrated into the SAFECode compiler and can be enabled with options in SAFECode's clang. It provides array bounds checking and, with CETS, optional dangling pointer detection. While I don't think we need anoth...

Dear LLVMers, My name is Raphael Ernani, and I am doing my MsC at the Federal University of Minas Gerais, Brazil. I have been using LLVM for a while, and I would like to participate in this year's Summer of Code. One particular idea, in your "open projects" page caught my eye, and I decided to write a proposal about it. The line that I liked in the page was "Create an LLVM

...AN not make the mistake that SAFECode originally made. Finally, the common infrastructure idea I was talking about on the SAFECode open projects page is to have a common set of run-time check function names and set of instrumentation passes to add them and optimize them. In this way, SAFECode/SoftBound/ASAN can share not only the same analysis passes (e.g., an always-safe load/store analysis) but the actual optimization and instrumentation passes, too. SAFECode/ASAN specific transforms can be run after the generic instrumentation passes to specialize the checks for the specific tool (e.g., S...