Crowdsourced bug detection in production: GWP-ASan and beyond

Despite continuous efforts in testing and fuzzing, bugs creep into production code. While we need to improve our testing and fuzzing, we also need another layer of testing: bug detection in production. Production use of "sanitized" or "debug" builds, which simplify bug detection, is typically prohibitively expensive. GWP-ASan implements a sampling-based approach to bug detection in production. Specifically, GWP-ASan finds heap-use-after-free and heap-buffer-overflow bugs in C/C++ production binaries, with a very low probability per execution, but also with very low overhead. We beat the low probability of bug detection with a large scale of deployment.

In this talk, we will explain how GWP-ASan works, what it can find, and how to deploy it. We will also speculate about future uses of the same approach for other bug classes, and other programming languages. An interesting research topic in this space is whether GWP-ASan-like tools can be seen as security mitigations. Yes, they don't protect every execution and an attack is likely to succeed, but how will the attackers change their behavior if their attacks become discoverable with 0.1% probability per instance?

Finally, we will briefly cover Arm MTE, an upcoming hardware extension that will allow to detect memory safety bugs with high probability and low overhead.