Mon 18 Jun 2018 10:00 - 10:30 at Columbus Ballroom A - Program Analysis

Memory access violation and unsafe pointer usage are the most common types of vulnerabilities in binary executables. To protect memory safety, array bound checks are inserted to detect out-of-bound accesses. Unfortunately, array bound checks contribute to high runtime overheads. Although redundant bound checks elimination techniques have been developed, they suffer from limited scalability. This is because, the number of memory bound checks are often numerous to eliminate them one-by-one.

In this paper, we propose Clone-Hunter, a practical and scalable framework for redundant bound checks elimination in binary executables. Our approach leverages \textit{binary code clone detection} to reduce the extensive efforts in eliminating redundant bound checks. Clone-Hunter employs a bound verification mechanism using binary symbolic execution to improve the accuracy of safe removal of bound checks. Our results show Clone-Hunter can swiftly identify redundant bound checks 90$\times$ faster than pure binary symbolic execution. We note that Clone-Hunter achieves similar removal ratio for redundant bound checks as prior approaches, in addition to achieving several orders of magnitude improvement in time-to-solution (the time spent to remove redundant bound checks).

#### Mon 18 JunDisplayed time zone: Eastern Time (US & Canada) change

 09:30 - 10:30 Program AnalysisMAPL at Columbus Ballroom A 09:3030mTalk Ariadne: Analysis for Machine Learning ProgramsMAPLJulian Dolby IBM Thomas J. Watson Research Center, Avraham Shinnar IBM Research, Allison Allain IBM Research, Jenna Reinen IBM Research 10:0030mTalk Clone-Hunter: Accelerated Bound Checks Elimination via Binary Code Clone DetectionMAPLHongfa Xue George Washington University, Guru Venkataramani George Washington University, Tian Lan George Washington University