Abstract

The adoption of runtime bounds checking for C programs is limited because it either breaks interoperability by modifying the pointer representation to include bounds or incurs significant performance overhead to lookup the bounds in a data structure. We improve this for security purposes by observing that enforcing looser bounds still severely limits attackers, as long as we pad objects to the new, baggy bounds thus preventing access to any potential target objects. We take advantage of this more flexible integrity guarantee to increase performance by padding and aligning allocations to a power of two, enabling a byte-size representation of the allocation bounds that is efficient to store, lookup and check. As expected, padding incurs space and runtime overheads, but these turn out to be far less than the gains for bounds checking: our technique is more than three times faster—-and orthogonal—-to the state of the art technique on the same benchmarks, and an order of magnitude faster, using less memory, compared to using splay trees instead of padding, sharing the same implementation for everything else.