Sleeping with the /*enemy*/compiler: software vulnerabilities caused by the compiler

By Daniel Gutson

Elevator Pitch

You might be the most cautious developer. However, the compiler might be too clever and silently do optimizations that throw away your carefully crafted code. I will show some optimizations that messed real code (such as Tor), a practical example, some workarounds, and invite to collaborate to gcc

Description

There are some techniques to avoid vulnerabilities, such as zeroing buffers placed in the stack before leaving functions; however, modern optimization techniques such as Death Store Elimination may lead the compiler think that the call is not necessary, thus removing it. In this talk I will present well known security-related software examples where compiler optimizations led to software vulnerabilities; I will also show a live toy example of exploiting a vulnerability caused by a compiler optimization; then I will show common workarounds such as OS-provided functions and other techniques; finally, I will introduce some compiler internals and invite people to contribute to mainstream compilers to avoid these situations with some ideas, such as enhanced diagnostics and code generation.

Notes

I am a former GNU toolchain maintainer (mostly gcc). With this talk, I want to achieve three goals: 1) raise awareness of this risk; 2) give the tools to both detect when this happens and how to mitigate it; 3) encourage attendees to actively participate in the compilers community to influx security-oriented features. To achieve this, rather than providing a gcc internals training in 20 minutes, I will offer myself as a mentor for compiler hacking for those interested in participating in compilers development from the security point of view. I will provide a general high-level overview of the relevant compiler optimization techniques and will focus on DSE as a particular example suitable for this talk length. Being able to read and understand assembly is needed.