Adding Spatial Memory Safety to EDK II through Checked C (Experience Paper)

Embedded software, predominantly written in C, is prone to memory corruption vulnerabilities due to spatial memory issues. Although various memory safety techniques exist, they are often unsuitable for embedded systems due to resource constraints and a lack of standardized OS support. Checked C, a b...

Full description

Saved in:
Bibliographic Details
Published inProceedings of the ACM on software engineering Vol. 2; no. ISSTA; pp. 1212 - 1233
Main Authors Cherupattamoolayil, Sourag, Bhattar, Arunkumar, Glosner, Connor Everett, Machiry, Aravind
Format Journal Article
LanguageEnglish
Published New York, NY, USA ACM 22.06.2025
Subjects
Embedded systems security
Security and privacy
Software and application security
Software and its engineering
Systems security
UEFI
Checked C
Spatial Safety
Online AccessGet full text

Cover

More Information
Summary:Embedded software, predominantly written in C, is prone to memory corruption vulnerabilities due to spatial memory issues. Although various memory safety techniques exist, they are often unsuitable for embedded systems due to resource constraints and a lack of standardized OS support. Checked C, a backward-compatible, memory-safe C dialect, offers a potential solution by using pointer annotations for runtime checks to enhance spatial memory safety with minimal overhead. This paper provides the first experience report of porting EDK2 (an open-source UEFI implementation), an exemplary embedded codebase to Checked C, highlighting challenges and providing insights into applying Checked C to similar embedded systems. We also provide an enhanced automated annotation tool e3c, which improves the conversion rate by 25%, enabling easier conversion to Checked C.
ISSN:2994-970X
2994-970X
DOI:10.1145/3728929