Type-after-type: Practical and complete type-safe memory reuse

Erik Van Der Kouwe, Taddeus Kroes, Chris Ouwehand, Herbert Bos, Cristiano Giuffrida

Research output: Chapter in Book / Report / Conference proceedingConference contributionAcademicpeer-review

275 Downloads (Pure)


Temporal memory errors, such as use-after-free bugs, are increasingly popular among attackers and their exploitation is hard to stop efficiently using current techniques. We present a new design, called Type-After-Type, which builds on abstractions in production allocators to provide complete temporal type safety for C/C++ programs-ensuring that memory reuse is always type safe-and efficiently hinder temporal memory attacks. Type-After-Type uses static analysis to determine the types of all heap and stack allocations, and replaces regular allocations with typed allocations that never reuse memory previously used by other types. On the heap, Type-After-Type splits available memory into separate pools for each type. For the stack, Type-After-Type efficiently implements type-safe memory reuse for the first time, pushing variables on separate stacks according to their types, unless they are provably safe (e.g., their address is not taken), in which case they are zero-initialized and kept on a special stack. In our evaluation, we show that Type-After-Type stops a variety of real-world temporal memory attacks and on SPEC CPU2006 incurs a performance overhead of 4.3% and a memory overhead of 17.4% (geomean).

Original languageEnglish
Title of host publicationACSAC '18 Proceedings of the 34th Annual Computer Security Applications Conference
Place of PublicationSan Juan, PR
PublisherAssociation for Computing Machinery
Number of pages11
ISBN (Electronic)9781450365697
Publication statusPublished - 3 Dec 2018
Event34th Annual Computer Security Applications Conference, ACSAC 2018 - San Juan, United States
Duration: 3 Dec 20187 Dec 2018


Conference34th Annual Computer Security Applications Conference, ACSAC 2018
Country/TerritoryUnited States
CitySan Juan


  • Computer systems
  • Defense
  • LLVM
  • Uninitialized read
  • Use-after-free


Dive into the research topics of 'Type-after-type: Practical and complete type-safe memory reuse'. Together they form a unique fingerprint.

Cite this