TY - GEN
T1 - Debloating Address Sanitizer
AU - Zhang, Yuchen
AU - Pang, Chengbin
AU - Portokalidis, Georgios
AU - Triandopoulos, Nikos
AU - Xu, Jun
N1 - Publisher Copyright:
© USENIX Security Symposium, Security 2022.All rights reserved.
PY - 2022
Y1 - 2022
N2 - Address Sanitizer (ASan) is a powerful memory error detector. It can detect various errors ranging from spatial issues like out-of-bound accesses to temporal issues like use-after-free. However, ASan has the major drawback of high runtime overhead. With every functionality enabled, ASan incurs an overhead of more than 1x. This paper first presents a study to dissect the operations of ASan and inspects the primary sources of its runtime overhead. The study unveils (or confirms) that the high overhead is mainly caused by the extensive sanitizer checks on memory accesses. Inspired by the study, the paper proposes ASan-, a tool assembling a group of optimizations to reduce (or “debloat”) sanitizer checks and improve ASan's efficiency. Unlike existing tools that remove sanitizer checks with harm to the capability, scalability, or usability of ASan, ASan- fully maintains those decent properties of ASan. Our evaluation shows that ASan- presents high promise. It reduces the overhead of ASan by 41.7% on SPEC CPU2006 and by 35.7% on Chromium. If only considering the overhead incurred by sanitizer checks, the reduction rates increase to 51.6% on SPEC CPU2006 and 69.6% on Chromium. In the context of fuzzing, ASan- increases the execution speed of AFL by over 40% and the branch coverage by 5%. Combined with orthogonal, fuzzing-tailored optimizations, ASan- can speed up AFL by 60% and increase the branch coverage by 9%. Running in Chromium to support our daily work for four weeks, ASan- did not present major usability issues or significant slowdown and it detected all the bugs we reproduced from previous reports.
AB - Address Sanitizer (ASan) is a powerful memory error detector. It can detect various errors ranging from spatial issues like out-of-bound accesses to temporal issues like use-after-free. However, ASan has the major drawback of high runtime overhead. With every functionality enabled, ASan incurs an overhead of more than 1x. This paper first presents a study to dissect the operations of ASan and inspects the primary sources of its runtime overhead. The study unveils (or confirms) that the high overhead is mainly caused by the extensive sanitizer checks on memory accesses. Inspired by the study, the paper proposes ASan-, a tool assembling a group of optimizations to reduce (or “debloat”) sanitizer checks and improve ASan's efficiency. Unlike existing tools that remove sanitizer checks with harm to the capability, scalability, or usability of ASan, ASan- fully maintains those decent properties of ASan. Our evaluation shows that ASan- presents high promise. It reduces the overhead of ASan by 41.7% on SPEC CPU2006 and by 35.7% on Chromium. If only considering the overhead incurred by sanitizer checks, the reduction rates increase to 51.6% on SPEC CPU2006 and 69.6% on Chromium. In the context of fuzzing, ASan- increases the execution speed of AFL by over 40% and the branch coverage by 5%. Combined with orthogonal, fuzzing-tailored optimizations, ASan- can speed up AFL by 60% and increase the branch coverage by 9%. Running in Chromium to support our daily work for four weeks, ASan- did not present major usability issues or significant slowdown and it detected all the bugs we reproduced from previous reports.
UR - http://www.scopus.com/inward/record.url?scp=85140979570&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85140979570&partnerID=8YFLogxK
M3 - Conference contribution
AN - SCOPUS:85140979570
T3 - Proceedings of the 31st USENIX Security Symposium, Security 2022
SP - 4345
EP - 4363
BT - Proceedings of the 31st USENIX Security Symposium, Security 2022
T2 - 31st USENIX Security Symposium, Security 2022
Y2 - 10 August 2022 through 12 August 2022
ER -