article

Open access

Enforcing resource bounds via static verification of dynamic checks

Authors:

David Espinosa,

George C. NeculaAuthors Info & Claims

ACM Transactions on Programming Languages and Systems (TOPLAS), Volume 29, Issue 5

Pages 28 - es

https://doi.org/10.1145/1275497.1275503

Published: 02 August 2007 Publication History

Abstract

We show how to limit a program's resource usage in an efficient way, using a novel combination of dynamic checks and static analysis. Usually, dynamic checking is inefficient due to the overhead of checks, while static analysis is difficult and rejects many safe programs. We propose a hybrid approach that solves these problems. We split each resource-consuming operation into two parts. The first is a dynamic check, called reserve. The second is the actual operation, called consume, which does not perform any dynamic checks. The programmer is then free to hoist and combine reserve operations. Combining reserve operations reduces their overhead, while hoisting reserve operations ensures that the program does not run out of resources at an inconvenient time. A static verifier ensures that the program reserves resources before it consumes them. This verification is both easier and more flexible than an a priori static verification of resource usage. We present a sound and efficient static verifier based on Hoare logic and linear inequalities. As an example, we present a version of tar written in Java.

References

[1]

Chander, A., Espinosa, D., Islam, N., Lee, P., and Necula, G. 2005. JVer: A Java verifier. In Proceedings of the Conference on Computer Aided Verification (Edinburgh, Scotland).

Digital Library

[2]

Chander, A., Mitchell, J., and Shin, I. 2001. Mobile code security by Java bytecode instrumentation. In Proceedings of the DARPA Information Survivability Confernce and Exposition.

[3]

Colcombet, T. and Fradet, P. 2000. Enforcing trace properties by program transformation. In Proceedings of the ACM Symposium on Principles of Programming Languages (Boston, MA).

Digital Library

[4]

Crary, K. and Weirich, S. 2000. Resource bound certification. In Proceedings of the ACM Symposium on Principles of Programming Languages (Boston, MA).

Digital Library

[5]

Czajkowski, G. and von Eicken, T. 1998. JRes: A resource accounting interface for Java. In Proceedings of the Conference on Object-Oriented Programming, Systems, Languages, and Applications (Vancouver, BC).

Digital Library

[6]

Detlefs, D., Nelson, G., and Saxe, J. 2003. Simplify: A theorem prover for program checking. Tech. Rep. HPL-2003-148, HP Laboratories. July.

[7]

Dijkstra, E. 1976. A Discipline of Programming. Prentice-Hall.

Digital Library

[8]

Endres, T. 2003. Java tar 2.5. http://www.trustice.com.

[9]

Erlingsson, U. and Schneider, F. 1999. SASI enforcement of security policies: A retrospective. In Proceedings of the New Security Paradigms Workshop (Caledon, Canada).

Digital Library

[10]

Evans, D. and Twyman, A. 1999. Flexible policy-directed code safety. In Proceedings of the IEEE Symposium on Security and Privacy (Oakland, CA).

[11]

Flanagan, C. and Leino, K. R. M. 2001. Houdini, an annotation assistant for ESC/Java. In Proceedings of the IEEE International Symposium on Formal Methods Europe: Formal Methods for Increasing Software Productivity. Lecture Notes in Computer Science, vol. 2021, Springer.

Digital Library

[12]

Flanagan, C., Leino, R., Lilibridge, M., Nelson, G., Saxe, J., and Stata, R. 2002. Extended static checking for Java. In Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation (Berlin, Germany).

Digital Library

[13]

Gong, L. 1999. Inside Java 2 Platform Security. Addison-Wesley.

Digital Library

[14]

Gupta, R. 1993. Optimizing array bound checks using flow analysis. ACM Lett. Programe. Lang. Syst. 2, 1-4, 135--150.

Digital Library

[15]

Hofmann, M. and Jost, S. 2003. Static prediction of heap space usage for first-order functional programs. In Proceedings of the ACM Symposium on Principles of Programming Languages (New Orleans, LA).

Digital Library

[16]

Jones, N., Gomard, C., and Sestoft, P. 1993. Partial Evaluation and Automatic Program Generation. Prentice-Hall.

Digital Library

[17]

Kim, M., Kannan, S., Lee, I., and Sokolsky, O. 2001. Java-MaC: A run-time assurance tool for Java programs. Electron. Not. Theor. Comput. Sci. 55, 2.

[18]

Mitchell, J. C. 1996. Foundations for Programming Languages. MIT Press, Cambridge, MA.

Digital Library

[19]

Necula, G. 1997. Proof-Carrying code. In Proceedings of the ACM Symposium on Principles of Programming Languages (Paris, France).

Digital Library

[20]

Necula, G. and Lee, P. 1996. Safe kernel extensions without run-time checking. In Proceedings of the 2nd USENIX Symposium on Operating Systems Design and Implementation (Seattle, WA).

Digital Library

[21]

Necula, G. C. and Rahul, S. P. 2001. Oracle-Based checking of untrusted software. In Proceedings of the ACM Symposium on Principles of Programming Languages (London).

Digital Library

[22]

Nelson, G. and Oppen, D. 1979. Simplification by cooperating decision procedures. ACM Trans. Program. Lang. Syst. 1, 2 (Oct.), 245--257.

Digital Library

[23]

Pandey, R. and Hashii, B. 2000. Providing fine-grained access control for Java programs via binary editing. Concurrency: Pract. Exper. 12, 1405--1430.

[24]

Patel, P. and Lepreau, J. 2003. Hybrid resource control of active extensions. In Proceedings of the IEEE Conference on Open Architectures and Network Programming (San Francisco, CA).

[25]

Shankar, N. and Ruess, H. 2002. Combining Shostak theories. In Proceedings of the 13th International Conference on Rewriting Techniques and Applications (Copenhagen, Denmark).

Digital Library

[26]

Shostak, R. E. 1984. Deciding combinations of theories. J. ACM 31, 1 (Jan.), 1--12.

Digital Library

[27]

Vanderwaart, J. and Crary, K. 2005. Automated and certified conformance to responsiveness policies. In Proceedings of the ACM/SIGPLAN International Workshop on Types in Language Design and Implementation (Long Beach, CA).

Digital Library

[28]

Wallach, D., Appel, A., and Felten, E. 2000. SAFKASI: A security mechanism for language-based systems. ACM Trans. Softw. Eng. 9, 4 (Oct.), 341--378.

Digital Library

Cited By

Yanok INystrom NEisenberg RVazou N(2018)Implementing resource-aware safe assembly for kernel probes as a dependently-typed DSLProceedings of the 3rd ACM SIGPLAN International Workshop on Type-Driven Development10.1145/3240719.3241792(25-37)Online publication date: 27-Sep-2018
https://dl.acm.org/doi/10.1145/3240719.3241792
Yanok INystrom N(2016)TapirACM SIGOPS Operating Systems Review10.1145/2883591.288360249:2(51-56)Online publication date: 20-Jan-2016
https://dl.acm.org/doi/10.1145/2883591.2883602
Yanok INystrom NLu S(2015)TapirProceedings of the 8th Workshop on Programming Languages and Operating Systems10.1145/2818302.2818303(33-38)Online publication date: 4-Oct-2015
https://dl.acm.org/doi/10.1145/2818302.2818303
Show More Cited By

Recommendations

Enforcing resource bounds via static verification of dynamic checks
ESOP'05: Proceedings of the 14th European conference on Programming Languages and Systems

We classify existing approaches to resource-bounds checking as static or dynamic. Dynamic checking performs checks during program execution, while static checking performs them before execution. Dynamic checking is easy to implement but incurs runtime ...
A distributed diffusion method for dynamic load balancing on parallel computers
PDP '95: Proceedings of the 3rd Euromicro Workshop on Parallel and Distributed Processing

Parallel applications can be divided into tasks that can be executed simultaneously in different processors. Depending on prior knowledge about computational requirements of the problem, the assignment of tasks to processors can be guided in two ways: ...
Comparison of Price-Based Static and Dynamic Job Allocation Schemes for Grid Computing Systems
NCA '09: Proceedings of the 2009 Eighth IEEE International Symposium on Network Computing and Applications

Grid computing systems are a cost-effective alternative to traditional high-performance computing systems. However, the computing resources of a grid are usually far apart and connected by Wide Area Networks resulting in considerable communication ...

Comments

Information & Contributors

Information

Published In

cover image ACM Transactions on Programming Languages and Systems

ACM Transactions on Programming Languages and Systems Volume 29, Issue 5

Special Issue ESOP'05

August 2007

213 pages

ISSN:0164-0925

EISSN:1558-4593

DOI:10.1145/1275497

Issue’s Table of Contents

Copyright © 2007 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 02 August 2007

Published in TOPLAS Volume 29, Issue 5

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

21
Total Citations
View Citations
411
Total Downloads

Downloads (Last 12 months)29
Downloads (Last 6 weeks)3

Reflects downloads up to 13 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Yanok INystrom NEisenberg RVazou N(2018)Implementing resource-aware safe assembly for kernel probes as a dependently-typed DSLProceedings of the 3rd ACM SIGPLAN International Workshop on Type-Driven Development10.1145/3240719.3241792(25-37)Online publication date: 27-Sep-2018
https://dl.acm.org/doi/10.1145/3240719.3241792
Yanok INystrom N(2016)TapirACM SIGOPS Operating Systems Review10.1145/2883591.288360249:2(51-56)Online publication date: 20-Jan-2016
https://dl.acm.org/doi/10.1145/2883591.2883602
Yanok INystrom NLu S(2015)TapirProceedings of the 8th Workshop on Programming Languages and Operating Systems10.1145/2818302.2818303(33-38)Online publication date: 4-Oct-2015
https://dl.acm.org/doi/10.1145/2818302.2818303
Albert EBoer FHähnle RJohnsen ESchlatte RTapia Tarifa SWong P(2014)Formal modeling and analysis of resource management for cloud architecturesService Oriented Computing and Applications10.1007/s11761-013-0148-08:4(323-339)Online publication date: 1-Dec-2014
https://dl.acm.org/doi/10.1007/s11761-013-0148-0
de Boer FHähnle RJohnsen ESchlatte RWong P(2012)Formal modeling of resource management for cloud architecturesProceedings of the First European conference on Service-Oriented and Cloud Computing10.1007/978-3-642-33427-6_7(91-106)Online publication date: 19-Sep-2012
https://dl.acm.org/doi/10.1007/978-3-642-33427-6_7
Shen K(2010)Request behavior variationsACM SIGARCH Computer Architecture News10.1145/1735970.173603438:1(103-116)Online publication date: 13-Mar-2010
https://dl.acm.org/doi/10.1145/1735970.1736034
Cheney JDahl MErlingsson ÚPistoia M(2008)Resource bound analysis for database queriesProceedings of the third ACM SIGPLAN workshop on Programming languages and analysis for security10.1145/1375696.1375706(67-78)Online publication date: 7-Jun-2008
https://dl.acm.org/doi/10.1145/1375696.1375706
Kim M(2008)xTuneACM SIGBED Review10.1145/1366283.13663075:1(1-2)Online publication date: 1-Jan-2008
https://dl.acm.org/doi/10.1145/1366283.1366307
Wood AStankovic J(2008)Human in the loopACM SIGBED Review10.1145/1366283.13663035:1(1-2)Online publication date: 1-Jan-2008
https://dl.acm.org/doi/10.1145/1366283.1366303
Vicaire PStankovic J(2008)PhysicalnetACM SIGBED Review10.1145/1366283.13663015:1(1-2)Online publication date: 1-Jan-2008
https://dl.acm.org/doi/10.1145/1366283.1366301
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Media

Figures

Other

Tables

View Issue’s Table of Contents