9 个仓库
Mechanisms to ensure memory accesses remain within allocated boundaries to prevent unauthorized access and side-channel attacks.
Distinct from Memory Access Tracing: The candidates focus on profiling, tracing, or hardware-specific flash access rather than security-centric bounds enforcement.
Explore 9 awesome GitHub repositories matching security & cryptography · Memory Bounds Checking. Refine with filters or upvote what's useful.
Wasmtime is a WebAssembly runtime and sandboxed bytecode executor designed to run WebAssembly bytecode on a host system. It functions as an embeddable engine that integrates into applications through native APIs and language-specific bindings, as well as a standalone execution environment accessible via a command line interface. It is a WASI compatible runtime, implementing the WebAssembly System Interface to provide portable access to system resources. The engine utilizes a JIT compilation model to translate intermediate representation into optimized machine code for various CPU architecture
Implements strict checks on heap and table offsets to prevent unauthorized memory access and side-channel attacks.
This project is a comprehensive educational resource and programming course covering C++ language semantics and features from C++03 through C++26. It provides structured tutorials and technical guides focused on modern C++ development. The material offers specialized instruction on template metaprogramming, including the use of type traits and compile-time computations. It features detailed guides on concurrency and parallelism for multi-core execution, as well as a reference for software design applying SOLID principles and RAII. Additionally, it covers build performance optimization to redu
Enforces run-time precondition checks and bounds-checking on containers to harden library calls.
Infer is a static analysis toolset for Java, C, C++, and Objective-C designed to detect memory leaks, null dereferences, and resource bugs. It functions as a multi-language bug finder that identifies race conditions, deadlocks, and memory safety issues by translating source code into a common intermediate representation for analysis. The project distinguishes itself through an inter-procedural data flow analyzer that tracks movement between sources and sinks to detect tainted flows and generate data flow graphs. It also includes a framework for verifying temporal properties and reachability u
Analyzes array access patterns in source code to identify potential buffer overruns.
Draco is a library and toolset for compressing, transcoding, and decoding 3D geometric meshes and point cloud data. Its primary purpose is to reduce storage size and transmission bandwidth for 3D assets. The project includes a geometry optimizer specifically for glTF file containers to reduce asset footprints. It also features a hardened decoder designed to process malformed or untrusted 3D geometric data safely to prevent memory corruption and crashes. The software covers a broad range of 3D data processing capabilities, including geometric data reconstruction, point attribute management, a
Implements strict bounds checking and validation to prevent memory corruption from malformed 3D geometric data.
GSL is a Guidelines Support Library for C++ that provides a set of types and functions designed to implement the C++ Core Guidelines. It functions as a framework for improving code safety and portability across different platforms. The library provides a contract-based programming model to verify program invariants through precondition and postcondition assertions. It includes specialized wrappers for null-pointer safety and bounds-checked memory views to prevent buffer overflows and invalid memory access. The project also covers safe integer conversion to prevent data truncation and provide
Implements a specialized memory access wrapper that prevents buffer overflow errors through strict runtime bounds checking.
cppfront 是一个 C++ 语言扩展前端和源码到源码的翻译器。它作为一个语法转换器,将实验性语言扩展转换为符合标准的 C++ 代码,从而允许在现有构建系统中对新语言特性进行原型设计。 该项目提供了一个翻译层,增加了对模式匹配、契约和字符串插值的支持。它包括一个用于编译时反射和使用专门元函数进行自动化代码生成的元编程工具。 该系统自动化了多项开发任务,包括通过自动前向声明解决依赖顺序,以及管理参数传递模式。它还应用静态分析来插入自动边界检查,并通过在变量最后一次使用点应用移动语义来优化资源管理。 该工具包括一个验证机制,以确保标准源代码在翻译过程中保持不变,从而防止语法回归。
Automatically inserts runtime checks on container subscript accesses to prevent out-of-bounds memory errors.
c3c is the compiler for the C3 programming language, transforming source code into executable binaries, static libraries, or dynamic libraries using an LLVM backend. It implements a system based on result-based error handling, scoped memory pooling, and a semantic macro system. The compiler provides first-class support for hardware-backed SIMD vectors that map directly to processor instructions and enables runtime polymorphism through interface-based dynamic dispatch. The project covers a broad set of low-level capabilities, including manual and pooled memory management, inline assembly inte
Inserts automatic runtime bounds and value checks during debug builds to identify bugs early.
golang101 是一个全面的 Go 编程知识库和技术参考库。它提供了结构化的指南和文档,涵盖了 Go 语法、运行时行为和惯用编码模式。 该项目作为一个专门的性能优化指南,提供了减少内存分配、改进垃圾回收和提高执行速度的技术策略。它还专注于 Go 类型系统,包括泛型编程和并发同步技术。 该库涵盖了更广泛的语言学习能力,包括指针和接口的研究、通过通道(channel)和原子操作实现并发编程,以及使用技术测验来测试语言熟练度。 内容以 Markdown 编写,并作为静态站点文档库发布,可安装并托管在本地服务器上进行离线浏览。
Provides technical strategies to eliminate redundant bound checks and increase program execution speed.
xtensor is a C++ multidimensional array library for numerical computing that provides N-dimensional containers with an interface mirroring the NumPy API. It utilizes a lazy evaluation expression engine to defer numerical computations until assignment, which minimizes memory allocations and intermediate copies. The library features a foreign memory array adaptor that allows it to wrap external buffers, such as NumPy arrays, to perform numerical operations in-place without duplicating data. It further optimizes performance through lazy broadcasting and a system that manages the lifetime of temp
Performs runtime bounds and dimension checks to detect indexing errors and shape mismatches.