Abstract
We show how to limit a program's resource usage in an efficient way, using a novel combination of dynamic checks and static analysis. Usually, dynamic checking is inefficient due to the overhead of checks, while static analysis is difficult and rejects many safe programs. We propose a hybrid approach that solves these problems. We split each resource-consuming operation into two parts. The first is a dynamic check, called reserve. The second is the actual operation, called consume, which does not perform any dynamic checks. The programmer is then free to hoist and combine reserve operations. Combining reserve operations reduces their overhead, while hoisting reserve operations ensures that the program does not run out of resources at an inconvenient time. A static verifier ensures that the program reserves resources before it consumes them. This verification is both easier and more flexible than an a priori static verification of resource usage. We present a sound and efficient static verifier based on Hoare logic and linear inequalities. As an example, we present a version of tar written in Java.
- Chander, A., Espinosa, D., Islam, N., Lee, P., and Necula, G. 2005. JVer: A Java verifier. In Proceedings of the Conference on Computer Aided Verification (Edinburgh, Scotland). Google Scholar
Digital Library
- Chander, A., Mitchell, J., and Shin, I. 2001. Mobile code security by Java bytecode instrumentation. In Proceedings of the DARPA Information Survivability Confernce and Exposition.Google Scholar
- Colcombet, T. and Fradet, P. 2000. Enforcing trace properties by program transformation. In Proceedings of the ACM Symposium on Principles of Programming Languages (Boston, MA). Google Scholar
Digital Library
- Crary, K. and Weirich, S. 2000. Resource bound certification. In Proceedings of the ACM Symposium on Principles of Programming Languages (Boston, MA). Google Scholar
Digital Library
- Czajkowski, G. and von Eicken, T. 1998. JRes: A resource accounting interface for Java. In Proceedings of the Conference on Object-Oriented Programming, Systems, Languages, and Applications (Vancouver, BC). Google Scholar
Digital Library
- Detlefs, D., Nelson, G., and Saxe, J. 2003. Simplify: A theorem prover for program checking. Tech. Rep. HPL-2003-148, HP Laboratories. July.Google Scholar
- Dijkstra, E. 1976. A Discipline of Programming. Prentice-Hall. Google Scholar
Digital Library
- Endres, T. 2003. Java tar 2.5. http://www.trustice.com.Google Scholar
- Erlingsson, U. and Schneider, F. 1999. SASI enforcement of security policies: A retrospective. In Proceedings of the New Security Paradigms Workshop (Caledon, Canada). Google Scholar
Digital Library
- Evans, D. and Twyman, A. 1999. Flexible policy-directed code safety. In Proceedings of the IEEE Symposium on Security and Privacy (Oakland, CA).Google Scholar
- Flanagan, C. and Leino, K. R. M. 2001. Houdini, an annotation assistant for ESC/Java. In Proceedings of the IEEE International Symposium on Formal Methods Europe: Formal Methods for Increasing Software Productivity. Lecture Notes in Computer Science, vol. 2021, Springer. Google Scholar
Digital Library
- Flanagan, C., Leino, R., Lilibridge, M., Nelson, G., Saxe, J., and Stata, R. 2002. Extended static checking for Java. In Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation (Berlin, Germany). Google Scholar
Digital Library
- Gong, L. 1999. Inside Java 2 Platform Security. Addison-Wesley. Google Scholar
Digital Library
- Gupta, R. 1993. Optimizing array bound checks using flow analysis. ACM Lett. Programe. Lang. Syst. 2, 1-4, 135--150. Google Scholar
Digital Library
- Hofmann, M. and Jost, S. 2003. Static prediction of heap space usage for first-order functional programs. In Proceedings of the ACM Symposium on Principles of Programming Languages (New Orleans, LA). Google Scholar
Digital Library
- Jones, N., Gomard, C., and Sestoft, P. 1993. Partial Evaluation and Automatic Program Generation. Prentice-Hall. Google Scholar
Digital Library
- Kim, M., Kannan, S., Lee, I., and Sokolsky, O. 2001. Java-MaC: A run-time assurance tool for Java programs. Electron. Not. Theor. Comput. Sci. 55, 2.Google Scholar
- Mitchell, J. C. 1996. Foundations for Programming Languages. MIT Press, Cambridge, MA. Google Scholar
Digital Library
- Necula, G. 1997. Proof-Carrying code. In Proceedings of the ACM Symposium on Principles of Programming Languages (Paris, France). Google Scholar
Digital Library
- Necula, G. and Lee, P. 1996. Safe kernel extensions without run-time checking. In Proceedings of the 2nd USENIX Symposium on Operating Systems Design and Implementation (Seattle, WA). Google Scholar
Digital Library
- Necula, G. C. and Rahul, S. P. 2001. Oracle-Based checking of untrusted software. In Proceedings of the ACM Symposium on Principles of Programming Languages (London). Google Scholar
Digital Library
- Nelson, G. and Oppen, D. 1979. Simplification by cooperating decision procedures. ACM Trans. Program. Lang. Syst. 1, 2 (Oct.), 245--257. Google Scholar
Digital Library
- Pandey, R. and Hashii, B. 2000. Providing fine-grained access control for Java programs via binary editing. Concurrency: Pract. Exper. 12, 1405--1430.Google Scholar
Cross Ref
- Patel, P. and Lepreau, J. 2003. Hybrid resource control of active extensions. In Proceedings of the IEEE Conference on Open Architectures and Network Programming (San Francisco, CA).Google Scholar
- Shankar, N. and Ruess, H. 2002. Combining Shostak theories. In Proceedings of the 13th International Conference on Rewriting Techniques and Applications (Copenhagen, Denmark). Google Scholar
Digital Library
- Shostak, R. E. 1984. Deciding combinations of theories. J. ACM 31, 1 (Jan.), 1--12. Google Scholar
Digital Library
- Vanderwaart, J. and Crary, K. 2005. Automated and certified conformance to responsiveness policies. In Proceedings of the ACM/SIGPLAN International Workshop on Types in Language Design and Implementation (Long Beach, CA). Google Scholar
Digital Library
- Wallach, D., Appel, A., and Felten, E. 2000. SAFKASI: A security mechanism for language-based systems. ACM Trans. Softw. Eng. 9, 4 (Oct.), 341--378. Google Scholar
Digital Library
Index Terms
Enforcing resource bounds via static verification of dynamic checks
Recommendations
Enforcing resource bounds via static verification of dynamic checks
ESOP'05: Proceedings of the 14th European conference on Programming Languages and SystemsWe classify existing approaches to resource-bounds checking as static or dynamic. Dynamic checking performs checks during program execution, while static checking performs them before execution. Dynamic checking is easy to implement but incurs runtime ...
A distributed diffusion method for dynamic load balancing on parallel computers
PDP '95: Proceedings of the 3rd Euromicro Workshop on Parallel and Distributed ProcessingParallel applications can be divided into tasks that can be executed simultaneously in different processors. Depending on prior knowledge about computational requirements of the problem, the assignment of tasks to processors can be guided in two ways: ...
Comparison of Price-Based Static and Dynamic Job Allocation Schemes for Grid Computing Systems
NCA '09: Proceedings of the 2009 Eighth IEEE International Symposium on Network Computing and ApplicationsGrid computing systems are a cost-effective alternative to traditional high-performance computing systems. However, the computing resources of a grid are usually far apart and connected by Wide Area Networks resulting in considerable communication ...






Comments