Engineers from Apple announced readiness for testing the mode “-fbounds-safety” for the Clang compiler, which provides a guarantee of safe work with buffers in the code in the SI language. The mode is included in the composition of force LLVM supported by Apple for the SWIFT project. In the future, the gradual transmission of the functionality “-fbounds-Safety” is planned in the main code base LLVM/Clang.
Notes that the proposed protection mechanism is already actively used in Apple products, such as the XNU core, firmware, libraries for working with sound and image decoders. The inclusion of the -fbounds-Safety mode reduces the performance of applications by an average of 5% (scatter from -1% to 29%), increases the size of the code by 9.1% (scatter from -1.4% to 38%) and slows down the compilation by 11%.
Using the -fbounds-Safety mode to automatically identify the exit of the memory area associated with the pointer requires adds to the code of special annotations and inclusion of the header file “PTRCHECK.H”. The essence of the proposed method of protection is in the automatic attachment of inspections of compliance with permissible boundaries added based on manually set annotations or known sizes to the compiler.
In contrast to the use of widest pointer in the code, in which there is information about the upper and lower buffer border, the use of the -fbounds-Safety mode does not violate the ABI (Application Binary Interface), does not change the exported format signs, and does not require immediate processing for the entire project. In the “-fbounds-Safety” mode, expanded signs are only used in areas that do not intersect with ABI, while for signs affecting ABI, ordinary signs are used with the insertion of inspections formed based on annotations with information about the boundaries.
Annotations must be attached to the signs in the fields of structures