Displaying 20 results from an estimated 40 matches for "softbound".
2015 Feb 26
0
[LLVMdev] SAFECode testsuite query
...ASan, SAFECode, etc., a more accurate
statement is that:
a) SAFECode, with automatic pool allocation enabled, can make dangling
pointers "harmless" (in that they will either be detected or will not
cause a type-safety violation, as defined by DSA's type inference results).
b) The SoftBound + CETS system (an option currently built into SAFECode)
can detect dangling pointer errors (but with much higher overhead).
Please note that automatic pool allocation is currently disabled by default.
> -> crashes in system libraries due to security vulnerabilities.
SAFECode augments or r...
2015 Feb 26
2
[LLVMdev] SAFECode testsuite query
Hello All,
I am looking at exploring what benefits SAFECode has to offer over clang S.A and llvm's instrumentation tools like memory sanitizer and address sanitizer.
I could come up with the following that are not provided in ASAN/MSAN/Clang S.A
-> dangling pointer error and detection
-> crashes in system libraries due to security vulnerabilities.
In the process, I wanted to run the
2016 Jan 28
2
Intel MPX support (instrumentation pass similar to gcc's Pointer Checker)
...registers and instructions). I wonder if
anyone is currently working on the LLVM pass for MPX instrumentation,
similar to Pointer Checker in gcc. If yes, could anyone elaborate on
the status and accessability to other researchers? And if any help is
needed?
Prof. Santosh Nagarakatte, the author of SoftBound/HardBound/WatchDog
Lite, answered that he is not currently
involved in MPX. But he pointed to the SoftBoundCETS prototype at
https://github.com/santoshn/softboundcets-34 . Therefore, I was
thinking about adapting SoftBound to MPX, as a drop-in replacement for
gcc's PointerChecker. Could anyone...
2016 May 26
1
Runtime interception: design problem
Hi John,
On 25 May 2016 at 16:11, John Criswell <jtcriswel at gmail.com> wrote:
> Dear Pierre,
>
> Stepping up a level, what is your goal in replacing calls to malloc() and
> free()? Is it any different than what SAFECode, SoftBound, or ASan do?
>
That's a good question. I didn't knew about SoftBound until now, so thank
you for the name =). Anyway here is what I know:
- ASan is a shadow-based memory protection, which allows accesses to an
addressable field
- I don't know every aspects of SAFECode. What I lo...
2013 Dec 16
3
[LLVMdev] How can I obtain upper bound of a pointer?
Hi,
How can I obtain the upper bound of a pointer in the code? For example, I
have
a pointer Ptr which points to a block of memory that is allocated by
malloc, say,
Ptr = malloc(size);
Then what should I do if I am going to get the upper bound of the memory
block
that is pointed to by Ptr in the runtime?
Thanks,
Ben
-------------- next part --------------
An HTML attachment was scrubbed...
2013 Feb 27
0
[LLVMdev] [cfe-dev] JOB: Clang/LLVM developer
...www.cert.org/jobs/. Don't worry that the job descriptions lack any mention of LLVM and Clang — we wrote them long before we realized that Clang/LLVM experience would be important to us.
Interesting.
Is the Secure Coding Group aware of the SAFECode compiler
(http://safecode.cs.illinois.edu), SoftBound (which is integrated into
the SAFECode compiler), and Address Sanitizer (which is integrated into
LLVM and Clang)? It appears that some of the Secure Coding Group's
goals overlap with these existing LLVM/Clang projects.
-- John T.
2013 Feb 27
2
[LLVMdev] JOB: Clang/LLVM developer
The Secure Coding group at CERT has current job openings for knowledgeable Clang and/or LLVM developers. We have two (and soon to be three) ongoing research projects involving LLVM and Clang, with a need for significant development work. An ideal candidate would be someone who has multiple patches submitted and accepted across fairly diverse portions of the code base. The job postings are
2016 May 25
0
Runtime interception: design problem
Dear Pierre,
Stepping up a level, what is your goal in replacing calls to malloc()
and free()? Is it any different than what SAFECode, SoftBound, or ASan do?
Regards,
John Criswell
On 5/25/16 8:05 AM, Pierre Gagelin via llvm-dev wrote:
> Hi everyone,
>
> I am having troubles but this shouldn't be hard to solve for many
> people here. I am beginning a runtime feature for the BoundsChecking
> pass and I want to replace...
2017 Feb 17
6
Intel MPX support (instrumentation pass similar to gcc's Pointer Checker)
...cture for our experiments. We />>/would like to make a sufficiently comprehensive report, with not only />>/the performance/memory overhead numbers, but also discussing and />>/evaluating security guarantees. I will also examine the available />>/source codes (ASan, gcc-mpx, SoftBound) and will spend some pages on a />>/discussion of the different approaches (trying to do science, you see />>/:)). />>//>>/Btw, I will target only deterministic memory-safety no-code-changes />>/approaches that protect against spatial errors (I will probably />>/...
2016 Feb 09
2
Intel MPX support (instrumentation pass similar to gcc's Pointer Checker)
...-xHOST -check-pointers-mpx:rw
>>>
>>
>> Interesting, looking forward to reading your report!
>>
>>>
>>> Note "rw" which stands for protecting read and write accesses. In the
>>> future, I will analyze how different flags affect ASan / SoftBoundCETS
>>> / gcc-mpx / icc-mpx.
>>> I will also use a set of microbenchmarks/benchmarks (e.g., RIPE) to
>>> test the protection provided.
>>>
>>> > SPEC2006 is well know so it could be useful. Especially 483.xalancbmk
>>> > Besides, maybe you...
2016 May 25
4
Runtime interception: design problem
Hi everyone,
I am having troubles but this shouldn't be hard to solve for many people
here. I am beginning a runtime feature for the BoundsChecking pass and I
want to replace the libc malloc&free. I followed the design of
AddressSanitizer (Asan) and tried to use the INTERCEPTOR macro from the
interception.h file of compiler-rt library.
Here is the problem. The file I modify
2016 Jun 09
2
Fatpointer Pass already existing?
...ally on
security passes (ASan, SAFECode, BoundsChecking) I wanted to know if there
were an available implementation of strictly fat-pointer based approach to
enforce bounds?
If not, I wanted to implement one. I think it is interessant to have such a
tool available even if there are better designs (SoftBound does have a
fat-pointer approach with separated metadata accessible by hash table or
shadow space which allows to have compatibility).
Thanks for your advice,
Pierre
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-dev/attachm...
2013 Dec 16
0
[LLVMdev] How can I obtain upper bound of a pointer?
This is rather off-topic for LLVM, it's a C programming question and the C
answer is: you can't. C doesn't expose any way to find the upper limit of
'Ptr' you just have to keep track of what size you used yourself.
On Sun, Dec 15, 2013 at 6:22 PM, 李永超 <lyc364 at gmail.com> wrote:
> Hi,
> How can I obtain the upper bound of a pointer in the code? For example, I
2009 Oct 23
0
[LLVMdev] project based in trusted computing
...cts that focus on security:
1) The SAFECode compiler, which provides memory safety guarantees nearly
as strong as those found in type-safe languages (such as Java). The
source code isn't publicly distributed yet (I'm working on it), but we
can get you an early copy if you need it.
2) The SoftBound project, which provides dynamic array bounds checking
for code compiled to LLVM. This is publicly available for LLVM 2.5 from
http://www.cis.upenn.edu/acg/softbound/.
3) The Clang static analyzer, which is a source-level analyzer that
looks for bugs in programs. It is publicly available at
http:...
2009 Oct 22
2
[LLVMdev] project based in trusted computing
Sir,
I am a M.tech student of Computer Science and Engineering
Department ,Indian Institute of technology, Kharagpur(India).
I have to do a project in trusted computing field. I went through LLVM
Project site. and I want to work in some project of LLVM.
Can u suggest me some project which is somehow related to trusted computing
and i can work on that ?
In hope of your reply,
Amit Suthar
2015 Jul 22
2
[LLVMdev] (no subject)
Hello,
I have tried a lot fix this error but am not able to can you please
find me a solution am trying to compile the SAFECode in Cygwin Environment
to work for windows.
used make -j4 command to make the files in cygwin i have got this error
make[5]: Leaving directory
'/home/uidr7475/Work/LLVM_OBJ/projects/safecode/tools/clang/include'
/usr/bin/cp: cannot stat
2012 Apr 05
1
[LLVMdev] Google Summer of Code proposal: Adding memory safety checks to the LLVM bitcodes
...grind does not do bounds checking in its default mode; it
merely finds invalid loads and stores. Its ptrcheck tool does bounds
checking but is slow and can sometimes be unreliable.
Second, you should actually mention that tools for dynamic array bounds
checking do exist (primarily SAFECode and SoftBound). You should
emphasize that you're trying to optimize the speed at which
SAFECode/SoftBound instrumented programs can run by optimizing away
run-time array bounds checks.
Third, I don't think you need a C code example to demonstrate your
point. Everyone knows what a buffer overflow i...
2012 Mar 30
0
[LLVMdev] Google Summer of Code proposal: Adding memory safety checks to the LLVM bitcodes
...safety, but these
features are currently disabled because they are not sufficiently
robust. While initially designed to protect applications during
production, SAFECode has a generic pass to add debug information to its
run-time checks, essentially make it a valgrind replacement like ASAN.
3) SoftBound and its CETS extension
(http://www.cis.upenn.edu/acg/softbound) have been integrated into the
SAFECode compiler and can be enabled with options in SAFECode's clang.
It provides array bounds checking and, with CETS, optional dangling
pointer detection.
While I don't think we need anoth...
2012 Mar 30
4
[LLVMdev] Google Summer of Code proposal: Adding memory safety checks to the LLVM bitcodes
Dear LLVMers,
My name is Raphael Ernani, and I am doing my MsC at the Federal
University of Minas Gerais, Brazil. I have been using LLVM for a
while, and I would like to participate in this year's Summer of Code.
One particular idea, in your "open projects" page caught my eye, and I
decided to write a proposal about it. The line that I liked in the
page was "Create an LLVM
2012 Apr 06
2
[LLVMdev] GSoC proposal: Common memory safety instrumentation and optimization passes for LLVM
...AN not make the mistake that
SAFECode originally made.
Finally, the common infrastructure idea I was talking about on the
SAFECode open projects page is to have a common set of run-time check
function names and set of instrumentation passes to add them and
optimize them. In this way, SAFECode/SoftBound/ASAN can share not only
the same analysis passes (e.g., an always-safe load/store analysis) but
the actual optimization and instrumentation passes, too. SAFECode/ASAN
specific transforms can be run after the generic instrumentation passes
to specialize the checks for the specific tool (e.g., S...