FRAMER: A Software-based Capability Model (1810.11622v2)

Abstract: Fine-grained memory protection for C and C++ programs must track individual objects (or pointers), and store bounds information per object (pointer). Its cost is dominated by metadata updates and lookups, making efficient metadata management the key for minimizing performance impact. Existing approaches reduce metadata management overheads by sacrificing precision, breaking binary compatibility by changing object memory layout, or wasting space by excessive alignment or large shadow memory spaces. We propose FRAMER, a software capability model for object-granularity memory protection. Its efficient per-object metadata management mechanism enables direct access to metadata by calculating their location from a tagged pointer to the object and, for large objects, a compact supplementary table. The number of bits in this tag and the size of the supplementary table are balanced to minimize both using a novel technique. FRAMER is a general proposal for object metadata management with potential applications in memory safety, type safety, thread safety and garbage collection that improves over previous solutions by (1) increasing locality of reference by having objects carry their metadata, (2) streamlining expensive metadata lookups, (3) saving space by avoiding superfluous alignment and padding, (4) avoiding internal object memory layout changes.