Memory access violation and unsafe pointer usage are the most common types of vulnerabilities in binary executables. To protect memory safety, array bound checks are inserted to detect out-of-bound accesses. Unfortunately, array bound checks contribute to high runtime overheads. Although redundant bound checks elimination techniques have been developed, they suffer from limited scalability. This is because, the number of memory bound checks are often numerous to eliminate them one-by-one.

In this paper, we propose Clone-Hunter, a practical and scalable framework for redundant bound checks elimination in binary executables. Our approach leverages \textit{binary code clone detection} to reduce the extensive efforts in eliminating redundant bound checks. Clone-Hunter employs a bound verification mechanism using binary symbolic execution to improve the accuracy of safe removal of bound checks. Our results show Clone-Hunter can swiftly identify redundant bound checks 90$\times$ faster than pure binary symbolic execution. We note that Clone-Hunter achieves similar removal ratio for redundant bound checks as prior approaches, in addition to achieving several orders of magnitude improvement in time-to-solution (the time spent to remove redundant bound checks).