[llvm-dev] Intel MPX support (instrumentation pass similar to gcc's Pointer Checker)

John Criswell via llvm-dev llvm-dev at lists.llvm.org
Thu Jan 28 08:29:53 PST 2016

On 1/28/16 9:35 AM, Dmitrii Kuvaiskii via llvm-dev wrote:
> Hello,
> As far as I know, there is no MPX pass in LLVM (though the x86-64
> backend already declares MPX registers and instructions). I wonder if
> anyone is currently working on the LLVM pass for MPX instrumentation,
> similar to Pointer Checker in gcc. If yes, could anyone elaborate on
> the status and accessability to other researchers? And if any help is
> needed?
> Prof. Santosh Nagarakatte, the author of SoftBound/HardBound/WatchDog
> Lite, answered that he is not currently
> involved in MPX. But he pointed to the SoftBoundCETS prototype at
> https://github.com/santoshn/softboundcets-34 . Therefore, I was
> thinking about adapting SoftBound to MPX, as a drop-in replacement for
> gcc's PointerChecker. Could anyone comment on this?

First, is MPX hardware available now?  I wouldn't mind getting my hands 
on one.

Second, I think you should have a solid understanding of the different 
memory safety approaches (namely, the tradeoffs between referent 
approaches vs. approaches that extend the pointer representation (called 
fat pointer approaches)).  In short, fat pointers provide stronger 
security guarantees but introduce compatibility problems with 
third-party code (even if they don't change the size or representation 
of the pointer).  Referent object approaches can be made more compatible 
but have looser memory safety semantics.

I believe the MPX hardware was designed to implement fat pointer 
approaches, but you can probably do referent approaches or even some 
hybrid of the two.  It is not clear to me what the "best" approach is, 
and "best" probably depends on what you are trying to accomplish and 
what assumptions you make about which parts of the system you are 
willing to recompile with the memory safety checks.

I recommend reading up on the different memory safety approaches. The 
Memory Safety Menagerie (http://sva.cs.illinois.edu/menagerie) provides 
some sources though I have let it fall a little out of date.

Third, I think using either the SoftBound and/or SAFECode source bases 
is a good place to start.  SoftBound is probably the best starting place 
since it probably fits the MPX hardware better, but you might find 
useful stuff in the SAFECode source base as well.

If you have more specific questions about the project as you go, please 
feel free to ask.  I've done a little work on memory safety 


John Criswell

John Criswell
Assistant Professor
Department of Computer Science, University of Rochester

More information about the llvm-dev mailing list