Implementing SoftBound on Binary Executables

Abstract

Though languages like C and C++ are known to be memory unsafe, they are still used widely in industry because of their memory management features, low level nature and performance benefits. Also, as most of the systems software has been written using these languages, replacing them with memory safe languages altogether is currently impossible. Memory safety violations are commonplace, despite the fact that that there have been numerous attempts made to conquer them using source code, compiler and post compilation based approaches. SoftBound is a compiler-based technique that enforces spatial memory safety for C/C++ programs. However, SoftBound needs and depends on program information available in the high-level source code. The goal of our work is to develop a mechanism to efficiently and effectively implement a technique, like SoftBound, to provide spatial memory safety for binary executables. Our approach employs a combination of static-time analysis (using Ghidra) and dynamic-time instrumentation checks (using PIN). Softbound is a pointer based approach, which stores base and bound information per pointer. Our implementation determines the array and pointer access patterns statically using reverse engineering techniques in Ghidra. This static information is used by the Pin dynamic binary instrumentation tool to check the correctness of each load and store instruction at run-time. Our technique works without any source code support and no hardware or compiler alterations are needed. We evaluate the effectiveness, limitations, and performance of our implementation. Our tool detects spatial memory errors in about 57% of the test cases and induces about 6% average overhead over that caused by a minimal Pintool.