RobustHeap and DH (formerly DieHard) are memory allocators that include a number of features to provide tolerance or detection of memory errors related to out-of-bounds writes and use of dangling pointers.
RobustHeap and DH (formerly DieHard) are memory allocators that include a number of features to provide tolerance or detection of memory errors related to out-of-bounds writes, use of dangling (already deleted) pointers, and indirectly, reads from uninitialized memory. RobustHeap and DieHard both rely on randomized object allocation; instead of being sequentially allocated and coalesced, objects are allocated at random from large memory areas, providing over-provisioning (extra space, which can tolerate overwrites) and security (object adjacencies cannot be predicted). Both heaps have a number of parameters designed to trade off between the foregoing and performance.
DH was developed externally by Emery Berger and is available for download both in source and object form. DieHard can be used to harden the Firefox browser and does not require any changes to the Firefox installation to use.
RobustHeap was developed for Microsoft internal use by Ted Hart and Ben Zorn as an experimental platform for increasing the robustness of Microsoft applications. RobustHeap has two primary usage scenarios:
- Fault tolerant mode: RobustHeap can provide fault tolerance in applications where memory corruption errors would normally cause early program termination or incorrect results. With extra empty space between objects and random object reuse, buffer overrun errors and dangling pointer errors,
which would often cause memory corruptions in a normal heap, have less impact in RobustHeap and the impact can be reduced by increasing the heap expansion factor.
Memory corruption detection: RobustHeap allows unused space in the heap to be filled with canaries that are checked periodically for corruptions. Because the heap is over-provisioned, a larger fraction of the heap contains canary values that will be detected if corrupted. Because objects are allocated and freed in random locations, checking canaries in adjacent objects provides a probabilistic scan of the heap at regular intervals.
- Gene Novark, Emery D. Berger, and Benjamin G. Zorn, Efficiently and Precisely Locating Memory Leaks and Bloat, ACM SIGPLAN 2009 Conference on Programming Language Design and Implementation (PLDI'09), pp 397-407, Dublin, Ireland, June 2009.
- Gene Novark, Emery D. Berger, Benjamin G. Zorn, "Exterminator: Automatically Correcting Memory Errors with High Probability", Communications of the ACM, pp 87-95, December 2008. A longer version appears in ACM SIGPLAN 2007 Conference on Programming Language Design and Implementation (PLDI'07), pp 1-11, San Diego, CA, June 2007.
- Vitaliy B. Lvin, Gene Novark, Emery D. Berger, Benjamin G. Zorn, "Archipelago: Trading Address Space for Reliability and Security", Thirteenth International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS '08), Seattle, WA, March 2008.
- Emery D. Berger and Benjamin G. Zorn, "DieHard: Efficient Probabilistic Memory Safety", Department of Computer Science Tech Report 07-17, University of Massachusetts, April 2008 (submitted for publication, supersedes PLDI'06 paper). Originally appeared as "DieHard: Probabilistic Memory Safety for Unsafe Languages", ACM SIGPLAN 2006 Conference on Programming Language Design and Implementation (PLDI'06), pp 158-168, Ottawa, Canada, June 2006.