SoftBound+CETS Revisited: More Than a Decade Later

Memory safety issues, including buffer overflows and use-After-free errors, continue to pose significant security threats in C/C++ programs, necessitating robust defenses and detection mechanisms. Despite advancements in memory-safe languages like Rust, transitioning legacy codebases often remains impractical, highlighting the need for effective memory safety tools for existing C/C++ code. This paper revisits SoftBound+CETS, an influential combination of two software-only memory safety solutions for C programs, more than a decade after its initial introduction. We present an updated SoftBound+CETS prototype, now compatible with LLVM 12, offering enhanced C language compatibility, interoperability with uninstrumented code, and sub-object bounds checking. Our evaluation, utilizing the SPEC CPU 2017 benchmark suite and the Juliet Test Suite, demonstrates the prototype's improved effectiveness in detecting memory errors with a performance and memory overhead of less than 2x. This is comparable to the widely used but less capable sanitizer ASan. Our future work aims to further reduce overheads and expand compatibility with C++ code and newer LLVM versions. This research highlights the viability of SoftBound+CETS as a comprehensive and practical tool for improving memory safety in legacy C applications, providing a valuable asset for developers and researchers focused on software security.