Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Fail-Safe C to Java translator Yuhki Kamijima (Tohoku Univ.)

Published byMaurice Archibald Owens Modified over 9 years ago

Similar presentations

Presentation on theme: "The Fail-Safe C to Java translator Yuhki Kamijima (Tohoku Univ.)"— Presentation transcript:

1 The Fail-Safe C to Java translator Yuhki Kamijima (Tohoku Univ.)

2 2 Background  The programming language C does not guarantee memory safety  This is the cause of memory attacks ex. buffer overflow attacks Attackers can obtain root privilege and operate freely We want to execute C programs safely!

3 3 Background  How can we achieve memory safety?  Point : Java is memory safe We use Java to guarantee memory safety

4 4 Goal  Source to source, C to Java translation with memory safety and ANSI conformance  Save a lot of work spent on rewriting programs  Java rejects dangerous programs Prevent memory bugs and attacks

5 5 Summary  We propose one way of translating C to Java  Well-defined operations → simulate by using objects  Unsafe (= undefined) operations → raise an exception Pointer operations Represent pointers and memory blocks as Java objects Simulate pointer operations by using these objects Casts Use access methods to access memory blocks Enables access by different types

6 6 Outline  C to Java translation by using Java objects  Representation of pointer operations  Examples of translation  Class details  Fat pointer, block  Access methods  Fat integer  Implementation of the translator  Experiments and considerations  Related work  Conclusion and future work

7 7 Representation of pointer operations  C : A pointer points to a memory block Java : The object representing a pointer refers to an object representing a memory block CJava memory objects pointer

8 8  Pointer : FatPointer  Fields : base, offset  1 word memory block : FatBlock  Field : contents  Method : access methods Java classes FatPointer baseoffset access methods FatBlock contents

9 9  Regard variables as one element arrays Examples of translation : declaration int *p = NULL ; int a[3] ; FatBlock p = new FatBlock(1) ; FatBlock a = new FatBlock(3) ; access methods a access methods p

10 10 Address operation p = &a[1] ; p.writeFat(0*4, new FatPointer(a, 1*4)) ; 0 4 8 p 4 a access methods base offset access methods virtual offset 0 generate a new pointer which points to offset 4 of a readFat writeFat …

11 11 Address operation p = &a[1] ; p.writeFat(0*4, new FatPointer(a, 1*4)) ; access method for 1 word write write the pointer on offset 0 of p 0 4 8 p a access methods base offset virtual offset 0 4 access methods readFat … writeFat

12 12 i = p.readFat(0*4) ; new FatPointer(i.base, i.offset+1*4) ; 1 word read Addition of pointer and integer p + 1; read the pointer contained at offset 0 of p 0 4 8 p a access methods offset virtual offset 0 4 i base 4 access methods writeFat … readFat

13 13 i = p.readFat(0*4) ; new FatPointer(i.base, i.offset+1*4) ; Addition of pointer and integer p + 1; 0 4 8 p a access methods offset virtual offset 0 8 base make a new pointer which points to offset 8 of a 4 access methods readFat writeFat …

14 14 *(char *)(&a[1]) ; Cast i = new FatPointer(a, 1*4) ; i.base.readByte(i.offset) ; 4 a virtual offset 0 4 8 0x12345678 i create a new pointer which points to offset 4 of a readByte access methods readFat writeFat … writeByte

15 15 *(char *)(&a[1]) ; Cast i = new FatPointer(a, 1*4) ; i.base.readByte(i.offset) ; 1 byte read 4 a virtual offset 0 4 8 0x12345678 i offset 4 0x12 read 1 byte of data from the location i points to access methods readFat writeFat … writeByte readByte

16 16 Outline  C to Java translation by using Java objects  Representation of pointer operations  Examples of translation  Class details  Fat pointer, block  Access methods  Fat integer  Implementation of the translator  Experiments and considerations  Related work  Conclusion and future work

17 17 Pointer operation  How to simulate a pointer which points to the middle of a memory block?  References in Java cannot point to the middle of an object JavaC → Use fat pointers ×

18 18 Fat Pointer [Austin et al. 94] [Oiwa et al. 01] et al.  Represent a pointer as two words  base : always points to the front of a memory block  offset : contains an integer meaning the distance from base to the address pointed to by the pointer baseoffset means 8 byte distance offset 0 4 8 12 16 20 24 28 32 8 the location we want to point to

19 19 FatPointer class  Simulate fat pointers in Java  base : refers to a Block object  offset : contains an integer FatPointer Block access methods contents virtual offset 0 4 8 12 16 20 24 28 32 baseoffset 8

20 20 Block abstract class  Simulate memory blocks  contents : contains an array of data objects  access methods : deal with memory accesses  Has concrete subclasses ・・・ Block (abstract) access methods contents ByteBlock access methods FatBlock access methods : FatPointer object : Byte object (1 byte of data)

21 21 Access methods  Memory accesses are implemented using access methods  Block class has several methods for reading and writing readFat : 1 word read writeFat : 1 word write readByte : 1 byte read writeShort : 2 byte write …  Enables memory accesses by different types contents readShortreadByte access methods readFat writeFat … writeBytewriteShort

22 22 Fat Integer [Oiwa et al. 01]  Represent integers by two words  Pointers are also integers in C, generally expressed with 1 word  We represent integers by objects  FatInt class  base : always null  offset : contains integer FatInt baseoffset 5null

23 23 Fat class  Common parent class of FatPointer and FatInt  FatBlock contents contains Fat objects FatPointer or FatInt Fat (abstract) baseoffset FatPointer baseoffset FatInt baseoffset access methods FatBlock

24 24 Outline  C to Java translation by using Java objects  Representation of pointer operations  Examples of translation  Class details  Fat pointer, block  Access methods  Fat integer  Implementation of the translator  Experiments and considerations  Related work  Conclusion and future work

25 25 Implementation of the translator  Translator implemented in Objective Caml lexer code generator parser pretty- printer C source code Java source code CIL [Necula et al. 02] Joust [Cooper] implemented this part translator C abstract syntax tree Java abstract syntax tree

26 26 Experiments  Benchmark programs taken from The Computer Language Shootout  Values in the graph means overheads  Fail-Safe C to Java user time / C user time  Handwritten Java user time / C user time  Environments  2.80GHz Intel Pentium 4 CPU, 2GB memory  Linux 2.6  gcc : version 4.0.0 with –O2 option  javac, java : Sun JDK version 1.5.0 with –O option

27 27 Experiments

28 28 Consideration  All pointers, integers and memory blocks are translated to objects  Lots of object creations and method calls  Reduce these by optimizations  Translate variables to FatBlock only if they are pointed to by a pointer  Translate integers to FatInt only if they cannot be distinguished from pointers  Eliminate redundant calls to the same access method

29 29 Outline  C to Java translation by using Java objects  Representation of pointer operations  Examples of translation  Class details  Fat pointer, block  Access methods  Fat integer  Implementation of the translator  Experiments and considerations  Related work  Conclusion and future work

30 30 Related work : C to Java translators  Jazillian [Jazillian, Inc.]  Aims at readability and maintainability  Assumes user intervention of generated code  Ephedra [Martin et al. 01]  Does not support cast of pointers between different types  Does not support memory access via pointers of different types Our translator Aims at 100% ANSI conformance (and more) and memory safety Supports memory access via cast pointers by using access methods

31 31 Related work : Safe C runtime systems  CCured [Necula et al. 02]  Dynamically checks unsafe operations  Reduces overheads by static analysis (to 3 - 87 %)  Does not aim at 100% ANSI conformance  Fail-Safe C [Oiwa et al. 01]  Based on the same ideas of fat pointers and fat intergers Both compile C to native code If these compilers have a bug, unsafe codes are executed Our translator translates C to Java source code Provided that Java is safe, unsafe codes are rejected (even if our translator has a bug) We clarify the essence of Fail-Safe C

32 32 Conclusion and future work  We propose translation from C to Java  Simulate pointers, integers and memory blocks with Java objects  Future work  Support all ANSI C and more  Optimizations

Download ppt "The Fail-Safe C to Java translator Yuhki Kamijima (Tohoku Univ.)"

Similar presentations

Why Have The OSGi Specifications Been Based On Java Technology ? By Peter Kriens, CEO aQute OSGi Technology Officer www.aQute.se.

Why Have The OSGi Specifications Been Based On Java Technology ? By Peter Kriens, CEO aQute OSGi Technology Officer
CPSC 388 – Compiler Design and Construction

CPSC 388 – Compiler Design and Construction
1 Lecture 18 Subverting a Type System turning a bit flip into an exploit Ras Bodik Ali and Mangpo Hack Your Language! CS164: Introduction to Programming.

1 Lecture 18 Subverting a Type System turning a bit flip into an exploit Ras Bodik Ali and Mangpo Hack Your Language! CS164: Introduction to Programming.
The Interface Definition Language for Fail-Safe C Kohei Suenaga, Yutaka Oiwa, Eijiro Sumii, Akinori Yonezawa University of Tokyko.

The Interface Definition Language for Fail-Safe C Kohei Suenaga, Yutaka Oiwa, Eijiro Sumii, Akinori Yonezawa University of Tokyko.
1 Compiler Construction Intermediate Code Generation.

1 Compiler Construction Intermediate Code Generation.
Exception Handling. Background In a perfect world, users would never enter data in the wrong form, files they choose to open would always exist, and code.

Exception Handling. Background In a perfect world, users would never enter data in the wrong form, files they choose to open would always exist, and code.
Portability and Safety Mahdi Milani Fard Dec, 2006 Java.

Portability and Safety Mahdi Milani Fard Dec, 2006 Java.
Lab Information Security Using Java (Review) Lab#0 Omaima Al-Matrafi.

Lab Information Security Using Java (Review) Lab#0 Omaima Al-Matrafi.
1 Jeannie: Granting Java Native Interface Developers their Wishes Martin HirzelRobert Grimm IBM Watson Research CenterNew York University October 23, 2007.

1 Jeannie: Granting Java Native Interface Developers their Wishes Martin HirzelRobert Grimm IBM Watson Research CenterNew York University October 23, 2007.
Designing an ADT The design of an ADT should evolve naturally during the problem-solving process Questions to ask when designing an ADT What data does.

Designing an ADT The design of an ADT should evolve naturally during the problem-solving process Questions to ask when designing an ADT What data does.
INF 212 ANALYSIS OF PROG. LANGS Type Systems Instructors: Crista Lopes Copyright © Instructors.

INF 212 ANALYSIS OF PROG. LANGS Type Systems Instructors: Crista Lopes Copyright © Instructors.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 20 Slide 1 Critical systems development.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 20 Slide 1 Critical systems development.
Lightweight Abstraction for Mathematical Computation in Java 1 Pavel Bourdykine and Stephen M. Watt Department of Computer Science Western University London.

Lightweight Abstraction for Mathematical Computation in Java 1 Pavel Bourdykine and Stephen M. Watt Department of Computer Science Western University London.
Lab#1 (14/3/1431h) Introduction To java programming cs425

Lab#1 (14/3/1431h) Introduction To java programming cs425
School of Computing and Engineering, University of Huddersfield LANGUAGE TRANSLATORS: WEEK 10 LECTURE: symbol tables TUTORIAL: Pen and paper exercises.

School of Computing and Engineering, University of Huddersfield LANGUAGE TRANSLATORS: WEEK 10 LECTURE: symbol tables TUTORIAL: Pen and paper exercises.
Design of a Framework for Testing Security Mechanisms for Program-Based Attacks Ben “Security” Breech and Lori Pollock University of Delaware.

Design of a Framework for Testing Security Mechanisms for Program-Based Attacks Ben “Security” Breech and Lori Pollock University of Delaware.
Introduction The Approach ’ s Overview A Language of Pointers The Type System Operational Semantics Type Safety Type Inference The Rest of C Experiments.

Introduction The Approach ’ s Overview A Language of Pointers The Type System Operational Semantics Type Safety Type Inference The Rest of C Experiments.
CIS 101: Computer Programming and Problem Solving Lecture 8 Usman Roshan Department of Computer Science NJIT.

CIS 101: Computer Programming and Problem Solving Lecture 8 Usman Roshan Department of Computer Science NJIT.
OmniVM Efficient and Language- Independent Mobile Programs Ali-Reza Adl-Tabatabai, Geoff Langdale, Steven Lucco and Robert Wahbe from Carnegie Mellon University.

OmniVM Efficient and Language- Independent Mobile Programs Ali-Reza Adl-Tabatabai, Geoff Langdale, Steven Lucco and Robert Wahbe from Carnegie Mellon University.
Type-Safe Programming in C George Necula EECS Department University of California, Berkeley.

Type-Safe Programming in C George Necula EECS Department University of California, Berkeley.

Similar presentations

Ads by Google