Passes

  • Stack Check
  • Reference1 safecode/include/StackSafety.h: This file defines checks for stack safety. struct checkStackSafety : public ModulePass { public : ... virtual bool runOnModule(Module &M); virtual void getAnalysisUsage(AnalysisUsage &AU) const { AU.addRequired<DataLayout>(); AU.addRequired<EQTDDataStructures>(); AU.setPreservesAll(); } private : // // Tracks the DSNodes that have already been analyzed by an invocation of // markReachableAllocas(). // std::set<DSNode *> reachableAllocaNodes; bool markReachableAllocas(DSNode *DSN, bool start=false); bool markReachableAllocasInt(DSNode *DSN, bool start=false); }; } } safecode/lib/StackSafety/CheckStackPointer.

  • Static Array Bound Checks
  • lib/ArrayBoundChecks: This library contains serveral analysis passes for static array bounds checking1. safecode/lib/ArrayBoundChecks/ArrayBoundCheckLocal.cpp: “ArrayBoundsCheckLocal - It tries to prove a GEP is safe only based on local information, that is, the size of global variables and the size of objects being allocated inside a function.” Code sinppets: Entry: bool ArrayBoundsCheckLocal::runOnFunction(Function & F) { // // Get required analysis passes. // TD = &F.getParent()->getDataLayout(); SE = &getAnalysis<ScalarEvolution>(); // // Look for all GEPs in the function and try to prove that they're safe.

  • Pass: Insert Pointer Checks
  • Reference1 C Zero Security Checks: “This transformation ensures that the code emitted (if there are no warnings) poses no security threat to the target system.” Free Removal Pass: “FIXME: This pass needs to be cleaned up and better understood. Some of the functionality seems to be addressed with poolcheckalign() in the Check Insertion pass; we should ensure that the functionality there is present in mainline and supercedes what is implemented here.

  • Pass: Insert Pool Checks
  • lib/InsertPoolChecks. This library contains the transform passes for inserting run-time checks and for inserting code to register memory objects within individual pools. the CompleteChecks pass which implements the Check Completion Phase. Alignment Checks: “ This pass instruments the code with alignment checks. This is required when load/store checks on type-safe memory objects are optimized away; pointers to type-safe memory objects that are loaded from type-unsafe memory objects may not point to a valid memory object or may not be alignment properly within a valid memory object.

Created Jul 25, 2019 // Last Updated Aug 31, 2020

If you could revise
the fundmental principles of
computer system design
to improve security...

... what would you change?