skip to main content
article
Free Access

Enforcing resource bounds via static verification of dynamic checks

Published:02 August 2007Publication History
Skip Abstract Section

Abstract

We show how to limit a program's resource usage in an efficient way, using a novel combination of dynamic checks and static analysis. Usually, dynamic checking is inefficient due to the overhead of checks, while static analysis is difficult and rejects many safe programs. We propose a hybrid approach that solves these problems. We split each resource-consuming operation into two parts. The first is a dynamic check, called reserve. The second is the actual operation, called consume, which does not perform any dynamic checks. The programmer is then free to hoist and combine reserve operations. Combining reserve operations reduces their overhead, while hoisting reserve operations ensures that the program does not run out of resources at an inconvenient time. A static verifier ensures that the program reserves resources before it consumes them. This verification is both easier and more flexible than an a priori static verification of resource usage. We present a sound and efficient static verifier based on Hoare logic and linear inequalities. As an example, we present a version of tar written in Java.

References

  1. Chander, A., Espinosa, D., Islam, N., Lee, P., and Necula, G. 2005. JVer: A Java verifier. In Proceedings of the Conference on Computer Aided Verification (Edinburgh, Scotland). Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. Chander, A., Mitchell, J., and Shin, I. 2001. Mobile code security by Java bytecode instrumentation. In Proceedings of the DARPA Information Survivability Confernce and Exposition.Google ScholarGoogle Scholar
  3. Colcombet, T. and Fradet, P. 2000. Enforcing trace properties by program transformation. In Proceedings of the ACM Symposium on Principles of Programming Languages (Boston, MA). Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. Crary, K. and Weirich, S. 2000. Resource bound certification. In Proceedings of the ACM Symposium on Principles of Programming Languages (Boston, MA). Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. Czajkowski, G. and von Eicken, T. 1998. JRes: A resource accounting interface for Java. In Proceedings of the Conference on Object-Oriented Programming, Systems, Languages, and Applications (Vancouver, BC). Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. Detlefs, D., Nelson, G., and Saxe, J. 2003. Simplify: A theorem prover for program checking. Tech. Rep. HPL-2003-148, HP Laboratories. July.Google ScholarGoogle Scholar
  7. Dijkstra, E. 1976. A Discipline of Programming. Prentice-Hall. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. Endres, T. 2003. Java tar 2.5. http://www.trustice.com.Google ScholarGoogle Scholar
  9. Erlingsson, U. and Schneider, F. 1999. SASI enforcement of security policies: A retrospective. In Proceedings of the New Security Paradigms Workshop (Caledon, Canada). Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. Evans, D. and Twyman, A. 1999. Flexible policy-directed code safety. In Proceedings of the IEEE Symposium on Security and Privacy (Oakland, CA).Google ScholarGoogle Scholar
  11. Flanagan, C. and Leino, K. R. M. 2001. Houdini, an annotation assistant for ESC/Java. In Proceedings of the IEEE International Symposium on Formal Methods Europe: Formal Methods for Increasing Software Productivity. Lecture Notes in Computer Science, vol. 2021, Springer. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. Flanagan, C., Leino, R., Lilibridge, M., Nelson, G., Saxe, J., and Stata, R. 2002. Extended static checking for Java. In Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation (Berlin, Germany). Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. Gong, L. 1999. Inside Java 2 Platform Security. Addison-Wesley. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. Gupta, R. 1993. Optimizing array bound checks using flow analysis. ACM Lett. Programe. Lang. Syst. 2, 1-4, 135--150. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. Hofmann, M. and Jost, S. 2003. Static prediction of heap space usage for first-order functional programs. In Proceedings of the ACM Symposium on Principles of Programming Languages (New Orleans, LA). Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. Jones, N., Gomard, C., and Sestoft, P. 1993. Partial Evaluation and Automatic Program Generation. Prentice-Hall. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. Kim, M., Kannan, S., Lee, I., and Sokolsky, O. 2001. Java-MaC: A run-time assurance tool for Java programs. Electron. Not. Theor. Comput. Sci. 55, 2.Google ScholarGoogle Scholar
  18. Mitchell, J. C. 1996. Foundations for Programming Languages. MIT Press, Cambridge, MA. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. Necula, G. 1997. Proof-Carrying code. In Proceedings of the ACM Symposium on Principles of Programming Languages (Paris, France). Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. Necula, G. and Lee, P. 1996. Safe kernel extensions without run-time checking. In Proceedings of the 2nd USENIX Symposium on Operating Systems Design and Implementation (Seattle, WA). Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. Necula, G. C. and Rahul, S. P. 2001. Oracle-Based checking of untrusted software. In Proceedings of the ACM Symposium on Principles of Programming Languages (London). Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. Nelson, G. and Oppen, D. 1979. Simplification by cooperating decision procedures. ACM Trans. Program. Lang. Syst. 1, 2 (Oct.), 245--257. Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. Pandey, R. and Hashii, B. 2000. Providing fine-grained access control for Java programs via binary editing. Concurrency: Pract. Exper. 12, 1405--1430.Google ScholarGoogle ScholarCross RefCross Ref
  24. Patel, P. and Lepreau, J. 2003. Hybrid resource control of active extensions. In Proceedings of the IEEE Conference on Open Architectures and Network Programming (San Francisco, CA).Google ScholarGoogle Scholar
  25. Shankar, N. and Ruess, H. 2002. Combining Shostak theories. In Proceedings of the 13th International Conference on Rewriting Techniques and Applications (Copenhagen, Denmark). Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. Shostak, R. E. 1984. Deciding combinations of theories. J. ACM 31, 1 (Jan.), 1--12. Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. Vanderwaart, J. and Crary, K. 2005. Automated and certified conformance to responsiveness policies. In Proceedings of the ACM/SIGPLAN International Workshop on Types in Language Design and Implementation (Long Beach, CA). Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. Wallach, D., Appel, A., and Felten, E. 2000. SAFKASI: A security mechanism for language-based systems. ACM Trans. Softw. Eng. 9, 4 (Oct.), 341--378. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Enforcing resource bounds via static verification of dynamic checks

              Recommendations

              Comments

              Login options

              Check if you have access through your login credentials or your institution to get full access on this article.

              Sign in

              Full Access

              • Published in

                cover image ACM Transactions on Programming Languages and Systems
                ACM Transactions on Programming Languages and Systems  Volume 29, Issue 5
                Special Issue ESOP'05
                August 2007
                213 pages
                ISSN:0164-0925
                EISSN:1558-4593
                DOI:10.1145/1275497
                Issue’s Table of Contents

                Copyright © 2007 ACM

                Publisher

                Association for Computing Machinery

                New York, NY, United States

                Publication History

                • Published: 2 August 2007
                Published in toplas Volume 29, Issue 5

                Permissions

                Request permissions about this article.

                Request Permissions

                Check for updates

                Qualifiers

                • article

              PDF Format

              View or Download as a PDF file.

              PDF

              eReader

              View online with eReader.

              eReader
              About Cookies On This Site

              We use cookies to ensure that we give you the best experience on our website.

              Learn more

              Got it!