CheckCBox: Automated and Zero Cost Spatial Memory Safety
Primary Investigator:
Aravind Machiry
Arunkumar Bhattar, Aravind Machiry
Abstract
When a program is ported to completly converted to Checked C, spatial safety is guaranteed. However, converting to Checked C requires some effort, and the developer may not be able to convert the entire codebase to Checked C. As Checked C is backward compatible, a programmer is able to designate regions of code—whole files, single functions, or even single blocks of code—as checked regions; these are often designated with a checked annotation. Such a region must contain only checked pointer types and adhere to a few other restrictions (e.g., no variadic function calls). The region is sure to be spatially safe. We call the other not converted regions as unchecked regions.
However, there are no protections in unchecked regions, and thus bugs in unchecked regions can affect the execution of code in checked regions.
To handle this, we use RLBOX. Specifically, all unchecked functions (or unchecked regions) will be encapsulated into a RLBOX sandbox and will convert the calls to unchecked function as sandbox calls. RLBOX thus assures the spatial safety for unchecked regions.