Stony Brook University Logo Department of Computer Science Stony Brook Search Button
Secure Systems Lab

Light-weight Bounds Checker (LBC)

See our CGO 2012 paper for an overview of this approach.


LBC is system for detecting out-of-bounds accesses. It consists of a runtime library and a source-to-source transformer for C-programs. Programs transformed by LBC can be compiled using any existing compiler such as gcc. In addition, LBC is designed to work with existing Makefiles, without needing to make changes.

LBC was designed with the following goals:

  • Provide 100% compatibility with existing C-code.
  • Incur low runtime overheads
It achieves the first goal by avoiding checks on pointer arithmetic, and by only checking pointer dereferences. Thus, it is compatible with programs that perform arbitrary manipulations of pointers, including conversions between pointers and integers. The downside of permitting such arbitrary pointer manipulations is that it becomes difficult to detect non-contiguous buffer overflows, i.e., situations where a large offset is added to a pointer that causes it to "jump over" the next few objects.

It achieves the second objective using well-designed data structures and algorithms.

LBC is implemented in Objective Caml ( and uses CIL ( as the front-end to manipulate C constructs.


LBC is alpha software. It is provided only for the research and evaluation purpose.


Shipped under GPL: lbc.tar.gz. The README file included in the distribution is also available here


This work was supported in part by an NSF grant CNS- 0831298, an AFOSR grant FA9550-09-1-0539, and an ONR grant N000140710928.

Home Contact NSI Computer Science Stony Brook University

Copyright © 1999-2013 Secure Systems Laboratory, Stony Brook University. All rights reserved.