We present a pointer and array access checking technique that provides complete error coverage through a simple set of program transformations. Our technique, based on an extended safe pointer representation, has a number of novel aspects. Foremost, it is the first technique that detects all spatial and temporal access errors. Its use is not limited by the expressiveness of the language; that is, it can be applied successfully to compiled or interpreted languages with subscripted and mutable pointers, local references, and explicit and typeless dynamic storage management, e.g., C. Because it is a source level transformation, it is amenable to both compile- and run-time optimization. Finally, its performance, even without compile-time optimization, is quite good. We implemented a prototype translator for the C language and analyzed the checking overheads of six non-trivial, pointer intensive programs. Execution overheads range from 130 % to 540%; with text and data size overheads typically below 100%.

The CIL compiler for core Standard ML compiles whole programs using a novel typed intermediate language (TIL) with intersection and union types and ow labels on both terms and types. The CIL term representation duplicates portions of the program where intersection types are introduced and union types are eliminated. This duplication makes it easier to represent type information and to introduce customized data representations. However, duplication incurs compiletime space costs that are potentially much greater than are incurred in TILs employing type-level abstraction or quanti cation. In this paper, we present empirical data on the compile-time space costs of using CIL as an intermediate language. The data shows that these costs can be made tractable by using suciently ne-grained ow analyses together with standard hash-consing techniques. The data also suggests that nonduplicating formulations of intersection (and union) types would not achieve signi cantly better space complexity.

Jackal is a fine-grained distributed shared memory system that can run multithreaded Java programs on distributedmemory systems. The Jackal compiler generates an access check for every use of an object field or array element. The overhead of the access checks is reduced using compiler optimizations. The runtime system uses a homebased consistency protocol that manages (and caches) objects and array partitions. In addition, the runtime system manages the virtual address space and dynamically maps and unmaps pages, to support large data structures. Jackal uses local and global mark-and-sweep garbage collectors, which also deal with replicated objects and partitioned arrays. The paper discusses the various distributed memory management techniques used in the system and presents performance results on a cluster of workstations. Keywords: Java, fine-grained software DSM, parallel garbage collection. 1 Introduction In this paper, we describe a system called Jackal that allows multithreade...

This thesis describes the design and implementation of Jcc, an optimizing native Java compiler. The system translates Java source code directly to native executables. The system is almost self contained using its own parser generator (Jade) and frontend and backend. The thesis also describes the novel implementation of RMI and the facilities to dynamically load Java byte code into a running executable. The Java runtime system is currently built upon Panda[4], a portable platform to support parallel programming languages. The system runs on both Sparc/Solaris and x86 processors running Linux 2.x.x or BSD/OS 3.0 by BSDI. Keywords: Java, Bytecode, Offline native compilers, parser generators, native interface. 1 Contents 1 Introduction 4 1.1 Java . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 1.2 Previous Work . . . . . . . . . . . . . . . . . . . . . . . . . . 5 2 Using Jade to create the parser 5 2.1 Introduction to Jade . . . . . . . . . . . . . . . . . . . ....

Languages such as C and C++ use unsafe manual memory management, allowing simple bugs (i.e., accesses to an object after deallocation) to become the root cause of exploitable security vulnerabilities. This paper proposes Watchdog, a hardware-based approach for ensuring safe and secure manual memory management. Inspired by prior software-only proposals, Watchdog generates a unique identifier for each memory allocation, associates these identifiers with pointers, and checks to ensure that the identifier is still valid on every memory access. This use of identifiers and checks enables Watchdog to detect errors even in the presence of reallocations. Watchdog stores these pointer identifiers in a disjoint shadow space to provide comprehensive protection and ensure compatibility with existing code. To streamline the implementation and reduce runtime overhead: Watchdog (1) uses micro-ops to access metadata and perform checks, (2) eliminates metadata copies among registers via modified register renaming, and (3) uses a dedicated metadata cache to reduce checking overhead. Furthermore, this paper extends Watchdog’s mechanisms to detect bounds errors, thereby providing full hardware-enforced memory safety at low overheads. 1.

. A major problem in model-checking timed systems is the huge memory requirment. In this paper, we study the memory-block traversal problems of using standard operating systems in exploring the state-space of timed automata. We report a case study which demonstrates that deallocating memory blocks (i.e. memory-block traversal) using standard memory management routines is extremely time-consuming. The phenomenon is demonstrated in a number of experiments by installing the Uppaal tool on Windows95, SunOS 5 and Linux. It seems that the problem should be solved by implementing a memory manager for the model-checker, which is a troublesome task as it is involved in the underlining hardware and operating system. We present an alternative technique that allows the model-checker to control the memory-block traversal strategies of the operating systems without implementing an independent memory manager. The technique is implemented in the Uppaal model-checker. Our experiments demonstr...

Garbage collectors are an important part of many modern language runtimes. Essentially all tools for developing and debugging programs using garbage collection assume the correctness of the collector, and therefore provide no means for detecting garbage collector errors. As a result it is especially important that garbage collector implementations be free of errors. This goal is even more challenging in the face of the typical implementation strategy for collectors: implementation in C, making error-prone inferences from complex bit patterns, where an error could result in dereferencing an invalid pointer or corrupting program data. One approach to reducing errors in collector implementation is to improve both the type-safety and memory-safety of garbage collector implementations. Prior work [8, 17] in this direction has focused on the use of modern type systems to statically detect errors in the collector code at compile time, but has practical shortcomings. The prior work replaces the standard machine stack with a heap allocated data structure to avoid unsafe walks of the native stack. Traversal of the runtime stack is normally not possible in higher-level languages because they trade the flexibility of arbitrary memory access — typically used to gather a root set from a runtime stack — for the safety of being unable to cause memory access errors. We present a method for addressing the safe stack traversal problem at the compiler level, by lifting actual machine stack frames up to the level of explicit data structures in Standard ML, such that complete stack traversal can be performed with minimal unsafe code. We implement a garbage collector in the ML Kit [14] using the techniques described and provide details on key parts of the implementation.

Languages such as C and C++ use unsafe manual memory management, allowing simple bugs (i.e., accesses to an object after deallocation) to become the root cause of exploitable security vulnerabilities. This paper proposes Watchdog, a hardware-based approach for ensuring safe and secure manual memory management. Inspired by prior software-only proposals, Watchdog generates a unique identifier for each memory allocation, associates these identifiers with pointers, and checks to ensure that the identifier is still valid on every memory access. This use of identifiers and checks enables Watchdog to detect errors even in the presence of reallocations. Watchdog stores these pointer identifiers in a disjoint shadow space to provide comprehensive protection and ensure compatibility with existing code. To streamline the implementation and reduce runtime overhead: Watchdog (1) uses micro-ops to access metadata and perform checks, (2) eliminates metadata copies among registers via modified register renaming, and (3) uses a dedicated metadata cache to reduce checking overhead. Furthermore, this paper extends Watchdog’s mechanisms to detect bounds errors, thereby providing full hardware-enforced memory safety at low overheads. 1.