clARMOR: A Dynamic Buffer Overflow Detector for OpenCL Kernels


Published in the Proceedings of the International Workshop on OpenCL (IWOCL 2018), May, 2018 (acceptance rate: 16/33 = 48%)


Christopher Erb, Joseph L. Greathouse


Buffer overflows are a common source of program crashes, data corruption, and security exploits. While many tools exist to find these issues in CPU programs, buffer overflows are also problematic in heterogeneous systems serviced by languages such as OpenCL™. Existing buffer overflow detectors for heterogeneous systems are either limited to particular vendors or require heavyweight instrumentation that results in large runtime overheads.

This work describes clARMOR, an open source buffer overflow detector for OpenCL kernels and APIs. clARMOR is vendor and device neutral; we demonstrate its operation on multiple device types from a variety of vendors. Rather than requiring heavyweight kernel instrumentation, clARMOR uses canary regions to quickly tell if data is written outside of any global memory buffer. Rather than analyzing every memory access, clARMOR instead verifies that the canary regions have not been modified after each user kernel finishes. In some cases, clARMOR uses the target device to check these canary regions, further reducing the overheads. We show experiments demonstrating that, across 143 open source OpenCL benchmarks, clARMOR causes an average slowdown of 9.6% while still finding multiple real kernel buffer overflows.


ACM Author-Izer Free Download | ACM | PDF




GitHub Copyright © ACM 2018. This is the author's version of the work. It is posted here for your personal use. Not for redistribution. The definitive Version of Record was published in IWOCL 2018.