{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,30]],"date-time":"2026-01-30T04:33:21Z","timestamp":1769747601145,"version":"3.49.0"},"reference-count":53,"publisher":"Association for Computing Machinery (ACM)","issue":"OOPSLA","license":[{"start":{"date-parts":[[2021,10,15]],"date-time":"2021-10-15T00:00:00Z","timestamp":1634256000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["Proc. ACM Program. Lang."],"published-print":{"date-parts":[[2021,10,20]]},"abstract":"<jats:p>Despite extensive testing and correctness certification of their functional semantics, a number of compiler optimizations have been shown to violate security guarantees implemented in source code. While prior work has shed light on how such optimizations may introduce semantic security weaknesses into programs, there remains a significant knowledge gap concerning the impacts of compiler optimizations on non-semantic properties with security implications. In particular, little is currently known about how code generation and optimization decisions made by the compiler affect the availability and utility of reusable code segments called gadgets required for implementing code reuse attack methods such as return-oriented programming.<\/jats:p>\n          <jats:p>In this paper, we bridge this gap through a study of the impacts of compiler optimization on code reuse gadget sets. We analyze and compare 1,187 variants of 20 different benchmark programs built with two production compilers (GCC and Clang) to determine how their optimization behaviors affect the code reuse gadget sets present in program variants with respect to both quantitative and qualitative metrics. Our study exposes an important and unexpected problem; compiler optimizations introduce new gadgets at a high rate and produce code containing gadget sets that are generally more useful to an attacker than those in unoptimized code. Using differential binary analysis, we identify several undesirable behaviors at the root of this phenomenon. In turn, we propose and evaluate several strategies to mitigate these behaviors. In particular, we show that post-production binary recompilation can effectively mitigate these behaviors with negligible performance impacts, resulting in optimized code with significantly smaller and less useful gadget sets.<\/jats:p>","DOI":"10.1145\/3485531","type":"journal-article","created":{"date-parts":[[2021,10,15]],"date-time":"2021-10-15T19:18:28Z","timestamp":1634325508000},"page":"1-30","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":7,"title":["Not so fast: understanding and mitigating negative impacts of compiler optimizations on code reuse gadget sets"],"prefix":"10.1145","volume":"5","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-5289-0856","authenticated-orcid":false,"given":"Michael D.","family":"Brown","sequence":"first","affiliation":[{"name":"Georgia Institute of Technology, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Matthew","family":"Pruett","sequence":"additional","affiliation":[{"name":"Georgia Institute of Technology, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Robert","family":"Bigelow","sequence":"additional","affiliation":[{"name":"Georgia Institute of Technology, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Girish","family":"Mururu","sequence":"additional","affiliation":[{"name":"Georgia Institute of Technology, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Santosh","family":"Pande","sequence":"additional","affiliation":[{"name":"Georgia Institute of Technology, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2021,10,15]]},"reference":[{"key":"e_1_2_2_1_1","volume-title":"Proceedings of the 12th ACM Conference on Computer and Communications Security (CCS \u201905)","author":"Abadi Mart\u00edn","year":"2005"},{"key":"e_1_2_2_2_1","volume-title":"ROPMate: Visually Assisting the Creation of ROP-based Exploits. In 2018 IEEE Symposium on Visualization for Cyber Security (VizSec). 1\u20138.","author":"Angelini M."},{"key":"e_1_2_2_3_1","doi-asserted-by":"publisher","DOI":"10.1145\/3281662"},{"key":"e_1_2_2_4_1","doi-asserted-by":"publisher","DOI":"10.1145\/3264820.3264822"},{"key":"e_1_2_2_5_1","doi-asserted-by":"publisher","DOI":"10.1145\/2076732.2076783"},{"key":"e_1_2_2_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/1966913.1966919"},{"key":"e_1_2_2_7_1","unstructured":"Michael D. Brown. 2020. GadgetSetAnalyzer. https:\/\/github.com\/michaelbrownuc\/GadgetSetAnalyzer  Michael D. Brown. 2020. GadgetSetAnalyzer. https:\/\/github.com\/michaelbrownuc\/GadgetSetAnalyzer"},{"key":"e_1_2_2_8_1","unstructured":"Michael D. Brown. 2021. Compiler Optimization Data Set README. https:\/\/github.com\/michaelbrownuc\/compiler-opt-gadget-dataset\/blob\/main\/README.md  Michael D. Brown. 2021. Compiler Optimization Data Set README. https:\/\/github.com\/michaelbrownuc\/compiler-opt-gadget-dataset\/blob\/main\/README.md"},{"key":"e_1_2_2_9_1","unstructured":"Michael D. Brown. 2021. GSA Gadget Criteria Reference. https:\/\/github.com\/michaelbrownuc\/GadgetSetAnalyzer\/blob\/master\/Criteria.md  Michael D. Brown. 2021. GSA Gadget Criteria Reference. https:\/\/github.com\/michaelbrownuc\/GadgetSetAnalyzer\/blob\/master\/Criteria.md"},{"key":"e_1_2_2_10_1","doi-asserted-by":"publisher","DOI":"10.5281\/zenodo.5424844"},{"key":"e_1_2_2_11_1","volume-title":"Towards Better Metrics for Measuring Security Improvements Realized Through Software Debloating. In 12th USENIX Workshop on Cyber Security Experimentation and Test (CSET 19)","author":"Michael"},{"key":"e_1_2_2_12_1","volume-title":"24th $USENIX$ Security Symposium ($USENIX$ Security 15). 161\u2013176.","author":"Carlini Nicholas"},{"key":"e_1_2_2_13_1","volume-title":"23rd $USENIX$ Security Symposium ($USENIX$ Security 14). 385\u2013399.","author":"Carlini Nicholas"},{"key":"e_1_2_2_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/1866307.1866370"},{"key":"e_1_2_2_15_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-10772-6_13"},{"key":"e_1_2_2_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813671"},{"key":"e_1_2_2_17_1","volume-title":"Stitching the Gadgets: On the Ineffectiveness of Coarse-Grained Control-Flow Integrity Protection. In 23rd USENIX Security Symposium (USENIX Security 14)","author":"Davi Lucas","year":"2014"},{"key":"e_1_2_2_18_1","doi-asserted-by":"publisher","DOI":"10.1145\/1655108.1655117"},{"key":"e_1_2_2_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/1966913.1966920"},{"key":"e_1_2_2_20_1","volume-title":"Namjoshi","author":"Deng Chaoqiang","year":"2017"},{"key":"e_1_2_2_21_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10703-017-0313-8"},{"key":"e_1_2_2_22_1","doi-asserted-by":"publisher","DOI":"10.1109\/SPW.2015.33"},{"key":"e_1_2_2_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813646"},{"key":"e_1_2_2_24_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-30806-7_10"},{"key":"e_1_2_2_25_1","volume-title":"PSHAPE: Automatically Combining Gadgets for Arbitrary Method Execution","author":"Follner Andreas","year":"2016"},{"key":"e_1_2_2_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/301631.301683"},{"key":"e_1_2_2_27_1","volume-title":"2016 IEEE\/ACM International Symposium on Code Generation and Optimization (CGO). 261\u2013272","author":"Hawkins B."},{"key":"e_1_2_2_28_1","unstructured":"Hex-Rays. 2020. IDA Pro. https:\/\/www.hex-rays.com\/products\/ida\/  Hex-Rays. 2020. IDA Pro. https:\/\/www.hex-rays.com\/products\/ida\/"},{"key":"e_1_2_2_29_1","volume-title":"Proceedings of the 6th USENIX conference on Offensive Technologies. 7\u20137.","author":"Homescu Andrei","year":"2012"},{"key":"e_1_2_2_30_1","doi-asserted-by":"publisher","DOI":"10.1145\/2366231.2337171"},{"key":"e_1_2_2_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/2366231.2337171"},{"key":"e_1_2_2_32_1","doi-asserted-by":"publisher","DOI":"10.5555\/977395.977673"},{"key":"e_1_2_2_33_1","doi-asserted-by":"publisher","DOI":"10.5555\/1144431.1144433"},{"key":"e_1_2_2_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/1755913.1755934"},{"key":"e_1_2_2_35_1","doi-asserted-by":"publisher","DOI":"10.1145\/3139337.3139343"},{"key":"e_1_2_2_36_1","doi-asserted-by":"publisher","DOI":"10.1145\/17356.17402"},{"key":"e_1_2_2_37_1","doi-asserted-by":"publisher","DOI":"10.1145\/3359789.3359806"},{"key":"e_1_2_2_38_1","doi-asserted-by":"publisher","DOI":"10.1145\/1920261.1920269"},{"key":"e_1_2_2_39_1","unstructured":"PaX. 2020. Address Space Layout Randomization. https:\/\/pax.grsecurity.net\/docs\/aslr.txt  PaX. 2020. Address Space Layout Randomization. https:\/\/pax.grsecurity.net\/docs\/aslr.txt"},{"key":"e_1_2_2_40_1","doi-asserted-by":"publisher","DOI":"10.1145\/3385412.3386017"},{"key":"e_1_2_2_41_1","doi-asserted-by":"publisher","DOI":"10.1145\/3141234"},{"key":"e_1_2_2_42_1","volume-title":"27th $USENIX$ Security Symposium ($USENIX$ Security 18). 869\u2013886.","author":"Quach Anh"},{"key":"e_1_2_2_43_1","doi-asserted-by":"publisher","DOI":"10.1007\/s11416-017-0299-1"},{"key":"e_1_2_2_44_1","unstructured":"Jonathan Salwan. 2020. ROPgadget - Gadgets finder and auto-roper. http:\/\/shell-storm.org\/project\/ROPgadget\/  Jonathan Salwan. 2020. ROPgadget - Gadgets finder and auto-roper. http:\/\/shell-storm.org\/project\/ROPgadget\/"},{"key":"e_1_2_2_45_1","volume-title":"USENIX Security Symposium. 25\u201341","author":"Schwartz Edward J","year":"2011"},{"key":"e_1_2_2_46_1","doi-asserted-by":"publisher","DOI":"10.1145\/1315245.1315313"},{"key":"e_1_2_2_47_1","volume-title":"2018 IEEE European Symposium on Security and Privacy (EuroS P). 1\u201315","author":"Simon L."},{"key":"e_1_2_2_48_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134026"},{"key":"e_1_2_2_49_1","doi-asserted-by":"publisher","DOI":"10.1145\/3373376.3378470"},{"key":"e_1_2_2_50_1","volume-title":"Sorin Lerner, and Kirill Levchenko.","author":"Yang Zhaomo","year":"2017"},{"key":"e_1_2_2_51_1","volume-title":"2013 IEEE 31st International Conference on Computer Design (ICCD). 467\u2013470","author":"Yao F."},{"key":"e_1_2_2_52_1","volume-title":"Control Flow Integrity for COTS Binaries. In 22nd USENIX Security Symposium (USENIX Security 13)","author":"Zhang Mingwei","year":"1971"},{"key":"e_1_2_2_53_1","unstructured":"zynamics. 2020. zynamics BinDiff. https:\/\/www.zynamics.com\/bindiff.html  zynamics. 2020. zynamics BinDiff. https:\/\/www.zynamics.com\/bindiff.html"}],"container-title":["Proceedings of the ACM on Programming Languages"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3485531","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3485531","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T20:18:40Z","timestamp":1750191520000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3485531"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,10,15]]},"references-count":53,"journal-issue":{"issue":"OOPSLA","published-print":{"date-parts":[[2021,10,20]]}},"alternative-id":["10.1145\/3485531"],"URL":"https:\/\/doi.org\/10.1145\/3485531","relation":{},"ISSN":["2475-1421"],"issn-type":[{"value":"2475-1421","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021,10,15]]},"assertion":[{"value":"2021-10-15","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}