Research output per year
Research output per year
Abstract
Sanitizers for spatial and temporal memory errors have become a cornerstone of security testing. Popular redzone-based sanitizers such as AddressSanitizer (ASan) offer high compatibility and effectiveness through the use of redzones, but incur significant runtime overhead. A major cause of this overhead is the traditional use of per-object redzone metadata, which constrains the sanitizer to check individual addresses rather than entire ranges of memory at once—as is done by classic bounds checkers based on per-pointer metadata.
In this paper, we introduce RangeSanitizer (RSan), a redzone-based sanitizer that introduces a novel metadata and check paradigm. RSan combines the compatibility of redzones with a rich per-object metadata format that allows for range (rather than address) checks and powerful optimizations. RSan stores bounds information inside the underflow redzone associated with each memory object. By combining pointer tagging with power-of-two size classes, RSan can swiftly locate metadata and validate an access to an arbitrary memory range with a single check. RSan incurs a geomean runtime overhead of 44% on SPEC CPU2017, faster than all state-of-the-art redzone-based sanitizers and twice as fast as ASan. Additionally, fuzzing with AFL++ and RSan as sanitizer improves state-of-the-art throughput by up to 70%.
In this paper, we introduce RangeSanitizer (RSan), a redzone-based sanitizer that introduces a novel metadata and check paradigm. RSan combines the compatibility of redzones with a rich per-object metadata format that allows for range (rather than address) checks and powerful optimizations. RSan stores bounds information inside the underflow redzone associated with each memory object. By combining pointer tagging with power-of-two size classes, RSan can swiftly locate metadata and validate an access to an arbitrary memory range with a single check. RSan incurs a geomean runtime overhead of 44% on SPEC CPU2017, faster than all state-of-the-art redzone-based sanitizers and twice as fast as ASan. Additionally, fuzzing with AFL++ and RSan as sanitizer improves state-of-the-art throughput by up to 70%.
| Original language | English |
|---|---|
| Title of host publication | SEC '25 |
| Subtitle of host publication | Proceedings of the 34th USENIX Conference on Security Symposium |
| Publisher | USENIX Association |
| Pages | 4501-4519 |
| Number of pages | 19 |
| ISBN (Electronic) | 9781939133526 |
| DOIs | |
| Publication status | Published - 2025 |
| Event | 34th USENIX Security Symposium, USENIX Security 2025 - Seattle, United States Duration: 13 Aug 2025 → 15 Aug 2025 |
Conference
| Conference | 34th USENIX Security Symposium, USENIX Security 2025 |
|---|---|
| Country/Territory | United States |
| City | Seattle |
| Period | 13/08/25 → 15/08/25 |
Bibliographical note
Publisher Copyright:© 2025 by The USENIX Association All Rights Reserved.
Funding
We would like to thank the anonymous reviewers for their feedback. This work was supported by Intel Corporation through the “Allocamelus” project, by NWO through project “Theseus” and the Dutch Prize for ICT research, and by the European Union’s Horizon Europe programme under grant agreement No. 101120962 (“Rescale”).
| Funders | Funder number |
|---|---|
| Nederlandse Organisatie voor Wetenschappelijk Onderzoek | |
| Intel Corporation | |
| Dutch Prize for ICT Research | |
| European Commission | 101120962 |
Fingerprint
Dive into the research topics of 'RangeSanitizer: Detecting Memory Errors with Efficient Range Checks'. Together they form a unique fingerprint.Research output
- 1 Conference contribution
-
RangeSanitizer: Detecting Memory Errors with Efficient Range Checks
Gorter, F. & Giuffrida, C., 2025, SEC '25: Proceedings of the 34th USENIX Conference on Security Symposium. USENIX Association, p. 4501-4519 19 p. 232Research output: Chapter in Book / Report / Conference proceeding › Conference contribution › Academic › peer-review
Open Access