Presentation is loading. Please wait.

Presentation is loading. Please wait.

Efficient Detection of All Pointer and Array Access Errors Todd M.Austin Scott E.Breach Gurindar S.Sohi Computer Sciences Department University of Wisconsin-Madison.

Published byCamilla Cox Modified over 8 years ago

Similar presentations

Presentation on theme: "Efficient Detection of All Pointer and Array Access Errors Todd M.Austin Scott E.Breach Gurindar S.Sohi Computer Sciences Department University of Wisconsin-Madison."— Presentation transcript:

1 Efficient Detection of All Pointer and Array Access Errors Todd M.Austin Scott E.Breach Gurindar S.Sohi Computer Sciences Department University of Wisconsin-Madison 1210 W. Dayton Street Madison, WI 53706 {austin, breach, sohi}@cs.wisc.edu December 1, 1993 Presented by Oren Markovitz, oren@radguard.com

2 Topics 4 Over View 4 Memory Access errors 4 Motivation 4 What are safe pointers 4 Safe pointers implementation 4 Optimizations 4 Experimental framework 4 Results 4 Related work

3 Over View 4 Detect Pointer & Array Access errors 4 Complete but not efficient 4 Extended safe pointer representation 4 Implemented in C 4 Supports run-time and compiler optimization 4 With no optimization performance hit 130%-540%, text and data overhead under 100%

4 Memory Access Errors 4 Spatial access error- dereference of a pointer or subscripted array outside of the referent. 4 Temporal access error- dereference of a pointer or a subscripted array outside of the lifetime of the referent.

5 Some Statistics - Motivation 4 Miller et al injected random inputs to mature unix applications on six different platforms almost all applications dumped core. 4 Sullivan & Chillarege examined IBM MVS over 4 years - 50% of reported errors were due to access errors.

6 The difficulty to detect & fix access errors 4 The effects of access errors may not manifest themselves except under exceptional conditions. 4 The exceptional conditions which lead to the program error may be hard to reproduce. 4 Its very hard to correlate memory access error with program error.

7 Safe pointers 4 The program is transferred to use an extended pointer representation called safe pointers. 4 A safe pointer contains the value of the pointer as well as pointer attributes.

8 Safe Pointers 4 Value: The safe pointer value. 4 Base and size: referent base address and its size. (detect spatial errors) 4 storageClass: allows detecting errant deallocations (e.g. its illegal to free global or local variables) 4 capability: always exists, never exists, or a unique allocation indicator. Typedef { *value; *base; unsigned size; enum {heap=0, local, global} storageClass; int capability; /* plus FOREVER and NEVER */ } SafePtr ;

9 Capability 4 Each allocation is assigned a unique number called capability. 4 When the pointer is deallocated the capability is returned to the capability pool. 4 When a pointer is referenced its capability is checked to be legal. 4 The capability pool is associative.

10 Program transformation 4 Pointer conversion - extend pointer definition 4 Check insertions - detect access errors 4 operator conversions - generate and maintain safe pointer attributes

11 Check insertions 4 Before each pointer dereference void ValidateAccess( * addr) { if (storageClass != Global && !ValidCapability(capability)) FlagTemporalError(); if ((unsigned)addr - (unsigned)base > size- sizeof( )) FlagSpatialError(); /* valid access !*/ }

12 Run time support (1) 4 Explicit pointer allocations are extended to support safe pointers: malloc, calloc, realloc, free. 4 Function stack frame Allocation: The frame is allocated on function call and assigned a capability as any malloc operation.

13 Run time support (2) Void *malloc(unsigned size) { void * p; p.base = p.value = unsafe_malloc(size); p.size = size; p.storageClass = Heap; InsertCapability(p.capability); bzero(p.value, size); return p; } void free(void *p) { if (p.storageClass != Heap) FlagNonHeapFree(); if (!ValidCapability(p.capability)) FlagDuplicateFree(); if (p.value != p.base) FlagNonOriginalFree(); DestroyCapability(p.capability); unsafe_free(p.value); }

14 Run time support (3) Void Func(int a) { /* procedure prologue */ unsigned frameCapability = NextCapability(); InsertCapability(frameCapability); ZeroFramePointers(); /* Assume capability NEVER == 0 */. /* procedure epilogue, exit point */ DestroyCapability(frameCapability); return; }

15 Operators conversions 4 Pointers assignment copy the source pointer attributes to the destination pointer. 4 Determine the pointer attributes : –Access path prefix: the address of the pointer referenced. –Access path suffix: the extent of the object being referenced. –Direct reference: The referenced object is local or global. –Indirect reference: The referenced object is temporal.

16 The Access path P = &f->g->h[3].I->j.k[4] access path last pointer access path prefix dereference suffix p.value = &f->g->h[3].I->j.k[4] p.base = f->g->h[3].I->j.k p.size = sizeof(f->g->h[3].I->j.k) p.storageClass = f->g->h[3].I.storageClass p.capability = f->g->h[3].I.capability

17 Access checking example

18 Run time optimization - spatial checks 4 Spatial checks - A dirty bit added to the safe pointer attributes. 4 The dirty bit is set if a there was no dereference check since the last change effective change to the pointer effective address.

19 Run time optimization - temporal checks 4 A capability counter was adder to count the current allocated capabilities. 4 The last temporal check results are used if the capability counter was not changed.

20 Compile time (static) checks optimization 4 A tree structure which describes all possible executable paths of the program is built. 4 All the possible paths are scanned. 4 If there are two consecutive checks without a change in between then the later is redundant.

21 Experimental frame work (1)

22 Experimental frame work (2) 4 Replace pointer declarations. 4 Replace malloc,free… to safe C calls 4 Change all pointer and array declarations. 4 Add capability to function frames. 4 Overload operations to add checks and maintain safe pointers under references and pointer operations.

23 Experimental frame work (3) - overloading operations Template class sp { /* safe pointer representation */ Type *value;/* native pointer */ Type *base;/* base address of object */ unsigned long size; /* size of object in bytes */ char storageClass;/* type of allocation */ unsigned short capability;/* capability is always unique */ /* constructor */ sp(void) { value = NULL; base = NULL; size = 0; storageClass = NONE; capability = NEVER; }

24 Experimental frame work (4) - overloading operations /* dereference */ Type& operator*(void) { if (storageClass != Global && !ValidCpability(capability)) FlagTemporalError(); if ((unsigned)value - (unsigned)base > size - sizeof(type)) FlasgSpatialError(); return *value; } /* pointer addition */ sp operator+(int addend) { sp p = *this; /* no side-effect on *this */ p.value = p.value + addend; return p; }

25 Lower bound computation 4 When a check and reference are executed they write a stamp. 4 The stamp describes the execution path of the program. 4 Analyzing of the stamp log shows what static and dynamic checks are redundant. 4 The number of required checks may be higher than the lower bound: –The inputs are sample inputs. –Impositions due to the program aliases may force the compiler time optimizer to make conservative assumptions and add redundant checks.

26 Results (1)

27 Results(2) - execution overheads

28 Results(3) - Text overheads

29 Results (4) - Data overheads

30 Results(5) - Summery 4 Execution overhead (without compiler optimization) - low enough to be during program development. 4 Main contributors to execution overhead: –safe pointer structures are not register allocated. –Many traditional optimization cant be used. 4 Spatial checks implementation is relatively chip when compared to other methods, and complex program usually include ones anyway. 4 Temporal checks are usually optimized on run-time. 4 Text and Data overhead are generally low: –text overhead 41%-340% (with all but two under 100%) –data overhead 5%-330% (with all but one under 100%)

31 Related work (1) - Purify 4 Spatial error - by marking and detecting stack access, only allocated zone are safe. 4 Temporal errors - allocated space is safe. 4 Works on object code. 4 Cant detect access errors such as when allocated variable over-runs another allocated variable. 4 The stack is “aged” to detect temporal error - increasing stack size. 4 Cross language but not cross platform.

32 Related work(2) - RTCC & code center 4 RTCC - uses safe pointers but without temporal checks and optimizations. 4 Code Center - Uses safe pointers: –no temporal checks –supports access type protection. –Works as interpreter!!!

33 Related Work(3) 4 Integral C : similar to RTCC, detects only spatial errors. 4 VW-Pascal compiler: –Detects both temporal and access errors. –Not cross language (Pascal). –Limited by the expressiveness of the language.

Download ppt "Efficient Detection of All Pointer and Array Access Errors Todd M.Austin Scott E.Breach Gurindar S.Sohi Computer Sciences Department University of Wisconsin-Madison."

Similar presentations

Dynamic Memory Allocation in C.  What is Memory What is Memory  Memory Allocation in C Memory Allocation in C  Difference b\w static memory allocation.

Dynamic Memory Allocation in C.  What is Memory What is Memory  Memory Allocation in C Memory Allocation in C  Difference b\w static memory allocation.
Algorithms and data structures

Algorithms and data structures
Introduction to Memory Management. 2 General Structure of Run-Time Memory.

Introduction to Memory Management. 2 General Structure of Run-Time Memory.
SPLINT STATIC CHECKING TOOL Sripriya Subramanian 10/29/2002.

SPLINT STATIC CHECKING TOOL Sripriya Subramanian 10/29/2002.
Names and Bindings.

Names and Bindings.
Prof. Necula CS 164 Lecture 141 Run-time Environments Lecture 8.

Prof. Necula CS 164 Lecture 141 Run-time Environments Lecture 8.
Various languages….  Could affect performance  Could affect reliability  Could affect language choice.

Various languages….  Could affect performance  Could affect reliability  Could affect language choice.
Pointer applications. Arrays and pointers Name of an array is a pointer constant to the first element whose value cannot be changed Address and name refer.

Pointer applications. Arrays and pointers Name of an array is a pointer constant to the first element whose value cannot be changed Address and name refer.
Introduction to C Programming in Unix Environment - II Abed Asi Extended System Programming Laboratory (ESPL) CS BGU Fall 2014/2015 Some slides.

Introduction to C Programming in Unix Environment - II Abed Asi Extended System Programming Laboratory (ESPL) CS BGU Fall 2014/2015 Some slides.
Informática II Prof. Dr. Gustavo Patiño MJ 16- 18 24-09-2013.

Informática II Prof. Dr. Gustavo Patiño MJ
CS 326 Programming Languages, Concepts and Implementation Instructor: Mircea Nicolescu Lecture 18.

CS 326 Programming Languages, Concepts and Implementation Instructor: Mircea Nicolescu Lecture 18.
Chapter 8 Runtime Support. How program structures are implemented in a computer memory? The evolution of programming language design has led to the creation.

Chapter 8 Runtime Support. How program structures are implemented in a computer memory? The evolution of programming language design has led to the creation.
Memory Arrangement Memory is arrange in a sequence of addressable units (usually bytes) –sizeof( ) return the number of units it takes to store a type.

Memory Arrangement Memory is arrange in a sequence of addressable units (usually bytes) –sizeof( ) return the number of units it takes to store a type.
CS 536 Spring 20011 Run-time organization Lecture 19.

CS 536 Spring Run-time organization Lecture 19.
CS 330 Programming Languages 10 / 24 / 2006 Instructor: Michael Eckmann.

CS 330 Programming Languages 10 / 24 / 2006 Instructor: Michael Eckmann.
The environment of the computation Declarations introduce names that denote entities. At execution-time, entities are bound to values or to locations:

The environment of the computation Declarations introduce names that denote entities. At execution-time, entities are bound to values or to locations:
Approaches to Typing Programming Languages Robert Dewar.

Approaches to Typing Programming Languages Robert Dewar.
Run-time Environment and Program Organization

Run-time Environment and Program Organization
. Memory Management. Memory Organization u During run time, variables can be stored in one of three “pools”  Stack  Static heap  Dynamic heap.

. Memory Management. Memory Organization u During run time, variables can be stored in one of three “pools”  Stack  Static heap  Dynamic heap.
Pointers Applications

Pointers Applications

Similar presentations

Ads by Google