DieHard: Probabilistic Memory Safety for Unsafe Languages
Emery Berger, Assistant Professor, University of Massachusetts, Amherst
Applications written in unsafe languages like C and C++ are vulnerable to memory errors such as buffer overflows, dangling pointers, and reads of uninitialized data. Such errors can lead to program crashes, security vulnerabilities, and unpredictable behavior. We present DieHard, a runtime system that tolerates these errors while probabilistically maintaining soundness. DieHard uses randomization and replication to achieve probabilistic memory safety by approximating an infinite-sized heap. DieHard's memory manager randomizes the location of objects in a heap that is at least twice as large as required. This algorithm prevents heap corruption and provides a probabilistic guarantee of avoiding memory errors. For additional safety, DieHard can operate in a replicated mode where multiple replicas of the same application are run simultaneously. By initializing each replica with a different random seed and requiring agreement on output, the replicated version of DieHard increases the likelihood of correct execution because errors are unlikely to have the same effect across all replicas. We present analytical and experimental results that show DieHard's resilience to a wide range of memory errors, including a heap-based buffer overflow in an actual application (the Squid web cache) and a recent dangling pointer error in Mozilla Firefox.
Joint work with Ben Zorn of Microsoft Research.
Bio: Emery Berger is an Assistant Professor at the University of Massachusetts Amherst. He received his Ph.D. at the University of Texas at Austin in 2002. Berger's research focuses on improving the performance and reliability of modern computer systems. His work spans programming languages, runtime systems, and operating systems, with a particular focus on memory management. Berger is the creator of Hoard, a widely-used scalable memory manager, and is part of a research group singled out by NSF site visitors as the best memory management group in the country. He leads the PLASMA lab at UMass and is a 2004 NSF CAREER Award recipient.