Pass: Insert Pointer Checks

Reference1

C Zero Security Checks:

“This transformation ensures that the code emitted (if there are no warnings) poses no security threat to the target system.”

Free Removal Pass:

“FIXME: This pass needs to be cleaned up and better understood. Some of the functionality seems to be addressed with poolcheckalign() in the Check Insertion pass; we should ensure that the functionality there is present in mainline and supercedes what is implemented here. Also, the checking of pool operations should be understood and updated/corrected if needed.”

“This pass appears to do two things:”

” o) It ensures that there are load/store checks on pointers that point to type-known data but are loaded from type-unknown partitions.”

” o) It seems to perform some sort of sanity/correctness checking of pool creation/destruction.”

“Original comment from initial implementation:” “Implementation of FreeRemoval.h : an EmbeC pass”

“Some assumptions:”

  • Correctness of pool allocation
  • Destroys at end of functions.

“Pool pointer aliasing assumptions:”

  • pool pointer copies via gep’s are removed
  • no phinode takes two pool pointers because then they would be the same pool

“Result: If we look at pool pointer defs and look for their uses… we check that their only uses are calls to pool_allocs, pool_frees and pool_destroys.”

```

  1. src: safecode/lib/PointerChecks ↩
Created Jul 25, 2019 // Last Updated Aug 31, 2020

If you could revise
the fundmental principles of
computer system design
to improve security...

... what would you change?