Abstract
Memory sanitizers are powerful tools to detect spatial and temporal memory errors, such as buffer overflows and use-after-frees. Fuzzers and software testers often rely on these tools to discover the presence of bugs. Sanitizers, however, incur significant runtime overhead. For example, AddressSanitizer (ASan), the most widely used sanitizer, incurs a slowdown of 2x. The main source of this overhead consists of the sanitizer checks, which involve at least a memory lookup, a comparison, and a conditional branch instruction. Applying these checks to confirm the validity of the memory accesses in a program can greatly slow down the execution. We introduce FloatZone, a compiler-based sanitizer to detect spatial and temporal memory errors in C/C++ programs using lightweight checks that leverage the Floating Point Unit (FPU). We show that the combined effects of “lookup, compare, and branch” can be achieved with a single floating point addition that triggers an underflow exception in the case of a memory violation. This novel method to detect illegal accesses greatly improves performance by avoiding the drawbacks of traditional comparisons: it prevents branch mispredictions, enables higher instruction-level parallelism due to offloading to the FPU, and also reduces the cache miss rate due to the lack of shadow memory. Our evaluation shows that FloatZone significantly outperforms existing systems, with just 37% runtime overhead on SPEC CPU2006 and CPU2017. Moreover, we measure an average 2.87x increase in fuzzing throughput compared to the state of the art. Finally, we confirm that FloatZone offers detection capabilities comparable with ASan on the Juliet test suite and a collection of OSS-Fuzz bugs.
| Original language | English |
|---|---|
| Title of host publication | 32nd USENIX Security Symposium, USENIX Security 2023 |
| Subtitle of host publication | [Proceedings] |
| Publisher | USENIX Association |
| Pages | 805-822 |
| Number of pages | 18 |
| Volume | 2 |
| ISBN (Electronic) | 9781713879497 |
| Publication status | Published - 2023 |
| Event | 32nd USENIX Security Symposium, USENIX Security 2023 - Anaheim, United States Duration: 9 Aug 2023 → 11 Aug 2023 |
Conference
| Conference | 32nd USENIX Security Symposium, USENIX Security 2023 |
|---|---|
| Country/Territory | United States |
| City | Anaheim |
| Period | 9/08/23 → 11/08/23 |
Bibliographical note
Funding Information:We thank the anonymous reviewers for their feedback. We also thank Johannes Blaser for his valuable support with LLVM. This work was supported by Intel Corporation through the “Allocamelus” project, the Dutch Ministry of Economic Affairs and Climate through the AVR program (“Memo” project), the Dutch Science Organization (NWO) through projects “TROPICS”, “Theseus”, and “Intersect”.
Publisher Copyright:
© 2023 32nd USENIX Security Symposium, USENIX Security 2023. All rights reserved.
Funding
We thank the anonymous reviewers for their feedback. We also thank Johannes Blaser for his valuable support with LLVM. This work was supported by Intel Corporation through the “Allocamelus” project, the Dutch Ministry of Economic Affairs and Climate through the AVR program (“Memo” project), the Dutch Science Organization (NWO) through projects “TROPICS”, “Theseus”, “Intersect”, and "Vulcan".
| Funders | Funder number |
|---|---|
| Nederlandse Organisatie voor Wetenschappelijk Onderzoek | TROPICS, Theseus, Intersect, Vulcan (VI.Veni.202.212) |