Skip to content
This repository has been archived by the owner. It is now read-only.
Switch branches/tags

Latest commit


Git stats


Failed to load latest commit information.
Latest commit message
Commit time

Automated Runtime Buffer Overflow Checker Using Intel® Memory Protection Extensions (MPX) MpxCheck


Intel® Memory Protection Extensions (MPX) is a set of processor features which, with compiler, runtime library and OS support, brings increased robustness to software by checking pointer references whose compile time normal intentions are usurped at runtime due to buffer overflow.

MpxCheck is an automated Python framework that uses Intel ® MPX technology to monitor for buffer overflows while you run your application.


Let's say that you want to check whether your application is susceptible to buffer overflows. You have already done due diligence by running static code analysis tools against the source and fixed those issues. Now you want to test your application to verify that everything works. You build your source using the MPX compiler switches supported in GCC. You provide the command line to execute your tests to the script or the module. While executing your tests MpxCheck detects bound range (#BR) exception messages, if any, and records them in a timestamped log. If no such messages are found, MpxCheck returns 0 otherwise the #BR count. This makes MpxCheck an ideal tool for integration into an automated, continuous build and test environment where buffer overflows can be detected earlier than later. Even if you decide not to enable MPX support in your final product, it can still be used as a valuable security tool to find runtime vulnerabilities where other mechanisms have failed.


You will need these components in place before you can use Intel® MPX and MpxCheck:

  • Linux kernel >= 3.19 required, 4.1 recommended with CONFIG_X86_INTEL_MPX enabled in build
  • binutils >= 2.24 required (objdump, ld, etc.)
  • gcc: >= 5.0 required, >= 5.2 recommended
  • gdb >= 7.9 required, >= 7.10 recommended
  • glibc >= 2.20 required
  • 6th Generation Intel® Core™ processor or newer supported processors
  • Python >= 3.0


  • Clone or download the latest source from
  • Run python ./ to ensure that your environment supports MPX. All tests shoud pass.
  • Compile your source using gcc with the MPX flags that you want to use. For example:
    • gcc -Wall -mmpx -fcheck-pointer-bounds -static myapp.c -o myapp
    • See all compiler flag options in the Intel MPX Enabling Guide


You can execute your workload by using the script, module or as a simple Bash script:

As a Python Script

Invoke the script

./ -c './myapp arg1 arg2'
 if [ $? -ne 0 ]; then
	echo '#BR exception messages were found'

Other options include the following:

Usage: python ./ [-h] [-c 'cmd'] [-l path] [-r path] [-s n] [-V]

	-h, --help               show this help message
    -c 'cmd', --cmd 'cmd'    command to execute the workload
    -l path, --log path      path to output csv results log (default: results.csv)
    -r path, --rlog path     path to read an existing csv results log (default: results.csv)
    -s n, -- stop n          stop after reaching this #BR count (default: 0 (don't stop until done))
    -V                       enable verbose mode to show everything (default: False)

See for more script examples

As a Python Module

Import the MpxCheck module into your own python script

import MpxCheck import MpxCheck
mpx = MpxCheck(['./myapp', 'arg1', 'arg2'])
ret =
if ret > 0:
	print('#BR exception messages were found')

See the for more module examples

As a Bash Script

Run your workload in a Bash shell using MPX environment variables only

export CHKP_RT_OUT_FILE=stdout.log
export CHKP_RT_ERR_FILE=stderr.log
./myapp arg1 arg2

See for more Bash examples


Results are stored in a comma delimited file when using the script or module. The default file name is results.csv, but you can change it with the -l path option. Here is an example of a run using one of the provided test files:

python ./ -c './test/test01 10'
[MPX][2016-10-04|13:56:49]: Elapsed: 0, Count: 1
[MPX][2016-10-04|13:56:49]: Elapsed: 0, Count: 2
[MPX][2016-10-04|13:56:49]: Elapsed: 0, Count: 3
[MPX][2016-10-04|13:56:49]: Elapsed: 0, Count: 4
[MPX][2016-10-04|13:56:49]: Elapsed: 0, Count: 5
[MPX][2016-10-04|13:56:49]: Elapsed: 0, Count: 6

MPX #BR Summary
  Count:   6
  Elapsed: 0s
  Begin:   2016-10-04|13:56:49
  End:     2016-10-04|13:56:49
  Log:     results.csv

cat ./results.csv

Name Description
datetime Human friendly timestamp of when #BR exception message was detected
elapsed Number of seconds since the start of execution
count Incremental count of #BR messages
status #BR exception message status flag
address Address location of the #BR exception
epoch Same as datetime but as epoch seconds

You can also read an existing csv results log without executing a workload:

python ./ -r ./results.csv

MPX #BR Summary
  Count:   6
  Elapsed: 0s
  Begin:   2016-10-04|13:56:49
  End:     2016-10-04|13:56:49
  Log:     results.csv

If you decide to run your workload in just a Bash shell instead of the MpxCheck framework you can still retrieve useful statistics at the end of each run:

./test/test01 10

... output ...

MPX runtime summary:
   Number of bounds violations: 6.
   Size of allocated L1: 2147483648B


BSD 3-clause license ("Revised BSD License", "New BSD License", or "Modified BSD License")



No description, website, or topics provided.




No releases published


No packages published