Exploitation of memory-corruption vulnerabilities in widely-used software has been a threat for over two decades and no end seems to be in sight. Since performance and back-wards compatibility trump security concerns, popular pro-grams such as web browsers, servers, and office suites still contain large amounts of untrusted legacy code written in error-prone languages such as C and C++. At the same time, modern exploits are evolving quickly and routinely in-corporate sophisticated techniques such as code reuse and memory disclosure. As a result, they bypass all widely de-ployed countermeasures including data execution prevention (DEP) and code randomization such as address space layout randomization (ASLR). The good news is that the securit...