Memory safety is a persistent concern in software engineering, particularly in C/C++ programs, due to their manual memory management and lack of built-in bounds checking. While safe languages like Java and Rust mitigate these issues by design, rewriting legacy C/C++ applications is often impractical. In addition, these safe languages can incur significant runtime and memory overhead. Consequently, efficient memory safety solutions for these languages remain crucial for industry adoption. Traditional pointer-checking schemes effectively detect memory errors but incur high runtime overhead, typically exceeding 100%, rendering them unsuitable for performance-sensitive applications. In response, recent defenses aim to lower overhead through techniques like memory tagging and control-flow integrity, though these approaches compromise full memory safety.

This thesis introduces a novel approach, selective pointer metadata inlining, to reduce the performance impact of pointer-checking schemes by improving the efficiency of pointer metadata organization while preserving compatibility with legacy code. This approach identifies pointer types in the program that can be safely transformed for metadata inclusion without breaking compatibility, thus minimizing the need for high-overhead metadata retrieval methods like shadow memory. We present MIFP, a combination of hardware and software extensions that enhances the CHERI architecture, effectively addressing bounds compression limitations by applying metadata selectively to improve spatial safety. Building on this foundation, we propose PSan, a flexible pointer-checking framework that extends MIFP’s algorithm to support general C programs. PSan uses program slicing to isolate pointer data flows and selectively applies inline metadata, defaulting to shadow memory for cases with potential compatibility conflicts. It demonstrates reduced runtime and memory overhead compared to traditional schemes while achieving complete memory safety. This approach supports flexible security policies, allowing users to integrate custom checks with minimal effort on metadata handling. The findings in this thesis provide a viable solution to the performance and compatibility trade-offs of the pointer metadata design, advancing the applicability and efficiency of memory safety solutions using pointer-checking in C/C++ programs.