Exterminator- A ... with High Probability.pdf - DSpace at CUSAT ...
Exterminator- A ... with High Probability.pdf - DSpace at CUSAT ...
Exterminator- A ... with High Probability.pdf - DSpace at CUSAT ...
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
2. Memory Errors<br />
<strong>Extermin<strong>at</strong>or</strong><br />
Table 1 summarizes the memory errors th<strong>at</strong> <strong>Extermin<strong>at</strong>or</strong> addresses, and its response to<br />
each. <strong>Extermin<strong>at</strong>or</strong> identifies and corrects dangling pointers, where a heap object is freed<br />
while it is still live, and buffer overflows (a.k.a. buffer overruns) of heap objects. Notice<br />
th<strong>at</strong> this differs substantially from DieHard, which toler<strong>at</strong>es these errors probabilistically<br />
but cannot detect or correct them.<br />
<strong>Extermin<strong>at</strong>or</strong>’s alloc<strong>at</strong>or (DieFast) inherits from DieHard its immunity from two other<br />
common memory errors: double frees, when a heap object is dealloc<strong>at</strong>ed multiple times<br />
<strong>with</strong>out an intervening alloc<strong>at</strong>ion, and invalid frees, when a program dealloc<strong>at</strong>es an object<br />
th<strong>at</strong> was never returned by the alloc<strong>at</strong>or. These errors have serious consequences in other<br />
systems, where they can lead to heap corruption or abrupt program termin<strong>at</strong>ion.<br />
<strong>Extermin<strong>at</strong>or</strong> prevents these invalid dealloc<strong>at</strong>ion requests from having any impact.<br />
DieFast’s bitmap-based alloc<strong>at</strong>or makes multiple frees benign since a bit can only be reset<br />
once. By checking ranges, DieFast detects and ignores invalid frees.<br />
Limit<strong>at</strong>ions<br />
<strong>Extermin<strong>at</strong>or</strong>’s ability to correct both dangling pointer errors and buffer overflows has<br />
several limit<strong>at</strong>ions. First, <strong>Extermin<strong>at</strong>or</strong> assumes th<strong>at</strong> buffer overflows always corrupt<br />
memory <strong>at</strong> higher addresses—th<strong>at</strong> is, they are forward overflows. While it is possible to<br />
extend <strong>Extermin<strong>at</strong>or</strong> to handle backwards overflows, we have not implemented this<br />
functionality. <strong>Extermin<strong>at</strong>or</strong> can only correct finite overflows, so th<strong>at</strong> it can contain any<br />
given overflow by overalloc<strong>at</strong>ion. Similarly, <strong>Extermin<strong>at</strong>or</strong> corrects dangling pointer errors<br />
by inserting finite delays before freeing particular objects. Finally, in iter<strong>at</strong>ed and<br />
replic<strong>at</strong>ed modes, <strong>Extermin<strong>at</strong>or</strong> assumes th<strong>at</strong> overflows and dangling pointer errors are<br />
deterministic. However, the cumul<strong>at</strong>ive mode does not require deterministic errors.<br />
Unlike DieHard, <strong>Extermin<strong>at</strong>or</strong> does not detect uninitialized reads, where a program<br />
makes use of a value left over in a previously-alloc<strong>at</strong>ed object. Because the intended value<br />
is unknown,it is not generally possible to repair such errors <strong>with</strong>out additional inform<strong>at</strong>ion,<br />
e.g. d<strong>at</strong>a structure invariants. Instead, <strong>Extermin<strong>at</strong>or</strong> fills all alloc<strong>at</strong>ed objects <strong>with</strong> zeroes.<br />
Dept. Of Computer Science & Engg. ~ 3 ~ Cochin University of Science & Technology