Memory safety without runtime checks or garbage collection

Traditional approaches to enforcing memory safety of programs rely heavily on runtime checks of memory accesses and on garbage collection, both of which are unattractive for embedded applications. The long-term goal of our work is to enable 100% static enforcement of memory safety for embedded programs through advanced compiler techniques and minimal semantic restrictions on programs. The key result of this paper is a compiler technique that ensures memory safety of dynamically allocated memory without programmer annotations, runtime checks, or garbage collection, and works for a large subclass of type-safe C programs. The technique is based on a fully automatic pool allocation (i.e., region-inference) algorithm for C programs we developed previously, and it ensures safety of dynamically allocated memory while retaining explicit deallocation of individual objects within regions (to avoid garbage collection). For a diverse set of embedded C programs (and using a previous technique to avoid null pointer checks), we show that we are able to statically ensure the safety of pointer and dynamic memory usage in all these programs. We also describe some improvements over our previous work in static checking of array accesses. Overall, we achieve 100% static enforcement of memory safety without new language syntax for a significant subclass of embedded C programs, and the subclass is much broader if array bounds checks are ignored. Overall, these techniques greatly expand the class of embedded programs for which 100% static enforcement of memory safety is possible, and furthermore can be achieved without new language support.

[1]  Robert DeLine,et al.  Enforcing high-level protocols in low-level software , 2001, PLDI '01.

[2]  James Gosling,et al.  The Real-Time Specification for Java , 2000, Computer.

[3]  Robert DeLine,et al.  Adoption and focus: practical linear types for imperative programming , 2002, PLDI '02.

[4]  Todd M. Austin,et al.  Efficient detection of all pointer and array access errors , 1994, PLDI '94.

[5]  Lars Birkedal,et al.  A region inference algorithm , 1998, TOPL.

[6]  Vikram S. Adve,et al.  Automatic pool allocation for disjoint data structures , 2002, MSP/ISMM.

[7]  James Cheney,et al.  Cyclone: A Safe Dialect of C , 2002, USENIX Annual Technical Conference, General Track.

[8]  Martin C. Rinard,et al.  Ownership types for safe region-based memory management in real-time Java , 2003, PLDI '03.

[9]  David Walker,et al.  Alias Types for Recursive Data Structures , 2000, Types in Compilation.

[10]  Philip Levis,et al.  Maté: a tiny virtual machine for sensor networks , 2002, ASPLOS X.

[11]  Lui Sha Dependable system upgrade , 1998, Proceedings 19th IEEE Real-Time Systems Symposium (Cat. No.98CB36279).

[12]  Vivek Sarkar,et al.  ABCD: eliminating array bounds checks on demand , 2000, PLDI '00.

[13]  George C. Necula,et al.  Proof-carrying code , 1997, POPL '97.

[14]  Mads Tofte,et al.  Region-based Memory Management , 1997, Inf. Comput..

[15]  Guy L. Steele,et al.  The Java Language Specification , 1996 .

[16]  Trevor Mudge,et al.  MiBench: A free, commercially representative embedded benchmark suite , 2001 .

[17]  David A. Wagner,et al.  A First Step Towards Automated Detection of Buffer Overrun Vulnerabilities , 2000, NDSS.

[18]  William Pugh,et al.  The Omega Library interface guide , 1995 .

[19]  David Walker,et al.  Typed memory management in a calculus of capabilities , 1999, POPL '99.

[20]  V. T. Rajan,et al.  A real-time garbage collector with low overhead and consistent utilization , 2003, POPL '03.

[21]  James Cheney,et al.  Region-based memory management in cyclone , 2002, PLDI '02.

[22]  Miodrag Potkonjak,et al.  MediaBench: a tool for evaluating and synthesizing multimedia and communications systems , 1997, Proceedings of 30th Annual International Symposium on Microarchitecture.

[23]  Lui Sha,et al.  Using Simplicity to Control Complexity , 2001, IEEE Softw..

[24]  David Gay,et al.  Memory management with explicit regions , 1998, PLDI.

[25]  Dinakar Dhurjati,et al.  Ensuring code safety without runtime checks for real-time control systems , 2002, CASES '02.

[26]  Guy L. Steele,et al.  Java Language Specification, Second Edition: The Java Series , 2000 .