This invention generally relates to computers security, and more specifically to detecting and preventing computer software vulnerabilities and coding defects.
The native machine codes (e.g., x86 assembly codes, ARM assembly codes, PowerPC assembly codes, and MIPS assembly codes) in their text forms or binary forms compiled from the source codes written in the type unsafe programming languages like C, C++, Object-C, do not contain instructions to allocate memory for metadata, to store metadata, and to propagate metadata.
Metadata are data describing data operated by program codes (machine codes, source codes). The typical metadata are, but not limited to, the length of an array, the liveness of an object, or the source location of an object read from a file. These data are needed to decide whether accessing an array is within its boundary, whether an object still holds valid data.
Without such metadata, the machine codes can access an array beyond its boundary and trespass to other objects, or the machine codes can access an object that is already freed. The above two situations are known as buffer overflow (or buffer-overrun) and use-after-free errors. Even worse, these programming errors can be exploited to execute arbitrary malicious codes, and cause security issues to the IT system running these codes.
Therefore, there is a need for techniques to address such buffer overflow (or buffer-overrun), use-after-free errors, and other problems.