Low-fat pointers: compact encoding and efficient gate-level implementation of fat pointers for spatial safety and capability-based security
Albert Kwon,Udit Dhawan,Jonathan M. Smith,Thomas F. Knight,André DeHon +4 more
- pp 721-732
Reads0
Chats0
TLDR
To achieve the safety of fat pointers without increasing program state, this work compactly encode approximate base and bound pointers along with exact address pointers for a 46b address space into one 64-bit word with a worst-case memory overhead of 3%.Abstract:
Referencing outside the bounds of an array or buffer is a common source of bugs and security vulnerabilities in today's software. We can enforce spatial safety and eliminate these violations by inseparably associating bounds with every pointer (fat pointer) and checking these bounds on every memory access. By further adding hardware-managed tags to the pointer, we make them unforgeable. This, in turn, allows the pointers to be used as capabilities to facilitate fine-grained access control and fast security domain crossing. Dedicated checking hardware runs in parallel with the processor's normal datapath so that the checks do not slow down processor operation (0% runtime overhead). To achieve the safety of fat pointers without increasing program state, we compactly encode approximate base and bound pointers along with exact address pointers for a 46b address space into one 64-bit word with a worst-case memory overhead of 3%. We develop gate-level implementations of the logic for updating and validating these compact fat pointers and show that the hardware requirements are low and the critical paths for common operations are smaller than processor ALU operations. Specifically, we show that the fat-pointer check and update operations can run in a 4 ns clock cycle on a Virtex 6 (40nm) implementation while only using 1100 6-LUTs or about the area of a double-precision, floating-point adder.read more
Citations
More filters
Proceedings ArticleDOI
In-fat pointer: hardware-assisted tagged-pointer spatial memory safety defense with subobject granularity protection
Shengjie Xu,Wei Huang,David Lie +2 more
TL;DR: In-Fat Pointer as mentioned in this paper improves the protection granularity of tagged-pointer schemes using object metadata, which is efficient and binary-compatible for object-bound spatial safety, and uses three complementary object metadata schemes to reduce the number of pointer tag bits needed for metadata lookup.
Posted Content
Actor Model of Computation
TL;DR: The Actor Model is a mathematical theory that treats “Actors” as the universal conceptual primitives of digital computation and is used both as a framework for a theoretical understanding of concurrency, and as the theoretical basis for several practical implementations of concurrent systems.
Proceedings ArticleDOI
Rethinking the memory hierarchy for modern languages
TL;DR: Hotpads is presented, a new memory hierarchy designed from the ground up for modern, memory-safe languages like Java, Go, and Rust, that improves memory performance and efficiency substantially, and unlocks many new optimizations.
Capability Hardware Enhanced RISC Instructions: CHERI Instruction-Set Architecture (Version 6)
Robert N. M. Watson,Peter G. Neumann,Jonathan Woodruff,Michael Roe,Jonathan Anderson,John Baldwin,David Chisnall,Brooks Davis,Alexandre Joannou,Ben Laurie,Simon W. Moore,Steven J. Murdoch,Robert M. Norton,Stacey Son,Hongyan Xia +14 more
TL;DR: The Capability Hardware Enhanced RISC Instructions (CHERI) instruction set architecture as discussed by the authors has been developed by SRI International and the University of Cambridge to address known performance and robustness gaps in commodity ISAs.
Proceedings ArticleDOI
FRAMER: a tagged-pointer capability system with memory safety applications
TL;DR: FRAMER improves over previous solutions by simultaneously providing a novel encoding that derives the location of per-object metadata with low memory overhead and without any assumption of objects' alignment or size, offering flexibility in metadata placement and size, and avoiding internal object memory layout changes.
References
More filters
Journal ArticleDOI
The gem5 simulator
Nathan Binkert,Bradford M. Beckmann,Gabriel Black,Steven K. Reinhardt,Ali G. Saidi,Arkaprava Basu,Joel Hestness,Derek R. Hower,Tushar Krishna,Somayeh Sardashti,Rathijit Sen,Korey Sewell,Muhammad Shoaib,Nilay Vaish,Mark D. Hill,Darien Wood +15 more
TL;DR: The high level of collaboration on the gem5 project, combined with the previous success of the component parts and a liberal BSD-like license, make gem5 a valuable full-system simulation tool.
Journal ArticleDOI
SPEC CPU2006 benchmark descriptions
TL;DR: On August 24, 2006, the Standard Performance Evaluation Corporation (SPEC) announced CPU2006, which replaces CPU2000, and the SPEC CPU benchmarks are widely used in both industry and academia.
Proceedings Article
Cyclone: A Safe Dialect of C
TL;DR: This paper examines safety violations enabled by C’s design, and shows how Cyclone avoids them, without giving up C”s hallmark control over low-level details such as data representation and memory management.
Journal ArticleDOI
Programming semantics for multiprogrammed computations
Jack B. Dennis,Earl C. Van Horn +1 more
TL;DR: The semantics are defined for a number of meta-instructions which perform operations essential to the writing of programs in multiprogrammed computer systems.