FRAMER: a tagged-pointer capability system with memory safety applications

Abstract

Security mechanisms for systems programming languages, such as fine-grained memory protection for C/C++, authorize operations at runtime using access rights associated with objects and pointers. The cost of such fine-grained capability-based security models is dominated by metadata updates and lookups, making efficient metadata management the key for minimizing performance impact. Existing approaches reduce metadata management overheads by sacrificing precision, breaking binary compatibility by changing object memory layout, or wasting space with excessive alignment or large shadow memory spaces. We propose FRAMER, a capability framework with object granu- larity. Its sound and deterministic per-object metadata management mechanism enables direct access to metadata by calculating their location from a tagged pointer to the object and a compact sup- plementary table. This may improve the performance of memory safety, type safety, thread safety and garbage collection, or any so- lution that needs to map pointers to metadata. FRAMER improves over previous solutions by simultaneously (1) providing a novel encoding that derives the location of per-object metadata with low memory overhead and without any assumption of objects’ align- ment or size, (2) offering flexibility in metadata placement and size, (3) saving space by removing any padding or re-alignment, and (4) avoiding internal object memory layout changes. We evaluate FRAMER with a use case on memory safety.