the fail-safe c to java translator yuhki kamijima (tohoku univ.)
TRANSCRIPT
![Page 1: The Fail-Safe C to Java translator Yuhki Kamijima (Tohoku Univ.)](https://reader035.vdocuments.us/reader035/viewer/2022070404/56649f355503460f94c52644/html5/thumbnails/1.jpg)
The Fail-Safe C to Java translator
Yuhki Kamijima (Tohoku Univ.)
![Page 2: The Fail-Safe C to Java translator Yuhki Kamijima (Tohoku Univ.)](https://reader035.vdocuments.us/reader035/viewer/2022070404/56649f355503460f94c52644/html5/thumbnails/2.jpg)
2
Background
The programming language C does not
guarantee memory safety This is the cause of memory attacks
ex. buffer overflow attacks
Attackers can obtain root privilege and operate freely
We want to execute C programs safely!
![Page 3: The Fail-Safe C to Java translator Yuhki Kamijima (Tohoku Univ.)](https://reader035.vdocuments.us/reader035/viewer/2022070404/56649f355503460f94c52644/html5/thumbnails/3.jpg)
3
Background
How can we achieve memory safety? Point : Java is memory safe
We use Java to guarantee memory safety
![Page 4: The Fail-Safe C to Java translator Yuhki Kamijima (Tohoku Univ.)](https://reader035.vdocuments.us/reader035/viewer/2022070404/56649f355503460f94c52644/html5/thumbnails/4.jpg)
4
Goal
Source to source, C to Java translation
with memory safety and ANSI conformance Save a lot of work spent on rewriting programs Java rejects dangerous programs
Prevent memory bugs and attacks
![Page 5: The Fail-Safe C to Java translator Yuhki Kamijima (Tohoku Univ.)](https://reader035.vdocuments.us/reader035/viewer/2022070404/56649f355503460f94c52644/html5/thumbnails/5.jpg)
5
Summary
We propose one way of translating C to Java Well-defined operations
→ simulate by using objects Unsafe (= undefined) operations
→ raise an exceptionPointer operations
Represent pointers and memory blocks as Java objectsSimulate pointer operations by using these objects
CastsUse access methods to access memory blocks
Enables access by different types
![Page 6: The Fail-Safe C to Java translator Yuhki Kamijima (Tohoku Univ.)](https://reader035.vdocuments.us/reader035/viewer/2022070404/56649f355503460f94c52644/html5/thumbnails/6.jpg)
6
Outline
C to Java translation by using Java objects Representation of pointer operations Examples of translation
Class details Fat pointer, block Access methods Fat integer
Implementation of the translator Experiments and considerations Related work Conclusion and future work
![Page 7: The Fail-Safe C to Java translator Yuhki Kamijima (Tohoku Univ.)](https://reader035.vdocuments.us/reader035/viewer/2022070404/56649f355503460f94c52644/html5/thumbnails/7.jpg)
7
Representation of pointer operations
C : A pointer points to a memory block
Java : The object representing a pointer refers to
an object representing a memory block
C Java
memory objectspointer
![Page 8: The Fail-Safe C to Java translator Yuhki Kamijima (Tohoku Univ.)](https://reader035.vdocuments.us/reader035/viewer/2022070404/56649f355503460f94c52644/html5/thumbnails/8.jpg)
8
Pointer : FatPointer Fields : base, offset
1 word memory block : FatBlock Field : contents Method : access methods
Java classes
FatPointer
base offset
accessmethods
FatBlock
contents
![Page 9: The Fail-Safe C to Java translator Yuhki Kamijima (Tohoku Univ.)](https://reader035.vdocuments.us/reader035/viewer/2022070404/56649f355503460f94c52644/html5/thumbnails/9.jpg)
9
Regard variables as one element arrays
Examples of translation : declaration
int *p = NULL ;int a[3] ;
FatBlock p = new FatBlock(1) ;FatBlock a = new FatBlock(3) ;
accessmethods
aaccess
methodsp
![Page 10: The Fail-Safe C to Java translator Yuhki Kamijima (Tohoku Univ.)](https://reader035.vdocuments.us/reader035/viewer/2022070404/56649f355503460f94c52644/html5/thumbnails/10.jpg)
10
Address operation
p = &a[1] ;
p.writeFat(0*4, new FatPointer(a, 1*4)) ;
0 4 8
p
4
a accessmethods
baseoffset
accessmethods
virtual offset 0
generate a new pointer which points to offset 4 of a
readFatwriteFat…
![Page 11: The Fail-Safe C to Java translator Yuhki Kamijima (Tohoku Univ.)](https://reader035.vdocuments.us/reader035/viewer/2022070404/56649f355503460f94c52644/html5/thumbnails/11.jpg)
11
Address operation
p = &a[1] ;
p.writeFat(0*4, new FatPointer(a, 1*4)) ;access method for 1 word write
write the pointer on offset 0 of p
0 4 8
p a accessmethods
baseoffset
virtual offset 0
4access
methodsreadFat
…writeFat
![Page 12: The Fail-Safe C to Java translator Yuhki Kamijima (Tohoku Univ.)](https://reader035.vdocuments.us/reader035/viewer/2022070404/56649f355503460f94c52644/html5/thumbnails/12.jpg)
12
i = p.readFat(0*4) ; new FatPointer(i.base, i.offset+1*4) ;1 word read
Addition of pointer and integer
p + 1; read the pointer contained at offset 0 of p
0 4 8
p a accessmethods
offset
virtual offset 0
4i base
4access
methods writeFat…
readFat
![Page 13: The Fail-Safe C to Java translator Yuhki Kamijima (Tohoku Univ.)](https://reader035.vdocuments.us/reader035/viewer/2022070404/56649f355503460f94c52644/html5/thumbnails/13.jpg)
13
i = p.readFat(0*4) ; new FatPointer(i.base, i.offset+1*4) ;
Addition of pointer and integer
p + 1;
0 4 8
p a accessmethods
offset
virtual offset 0
8 base
make a new pointer which points to offset 8 of a
4access
methodsreadFatwriteFat…
![Page 14: The Fail-Safe C to Java translator Yuhki Kamijima (Tohoku Univ.)](https://reader035.vdocuments.us/reader035/viewer/2022070404/56649f355503460f94c52644/html5/thumbnails/14.jpg)
14
*(char *)(&a[1]) ;
Cast
i = new FatPointer(a, 1*4) ; i.base.readByte(i.offset) ;
4
a
virtual offset 0 4 8
0x12345678
i
create a new pointer which points to offset 4 of a
readByteaccessmethods
readFatwriteFat…writeByte
![Page 15: The Fail-Safe C to Java translator Yuhki Kamijima (Tohoku Univ.)](https://reader035.vdocuments.us/reader035/viewer/2022070404/56649f355503460f94c52644/html5/thumbnails/15.jpg)
15
*(char *)(&a[1]) ;
Cast
i = new FatPointer(a, 1*4) ; i.base.readByte(i.offset) ;1 byte read
4
a
virtual offset 0 4 8
0x12345678
i
offset 4
0x12
read 1 byte of data from the location i points to
accessmethods
readFatwriteFat…writeByte
readByte
![Page 16: The Fail-Safe C to Java translator Yuhki Kamijima (Tohoku Univ.)](https://reader035.vdocuments.us/reader035/viewer/2022070404/56649f355503460f94c52644/html5/thumbnails/16.jpg)
16
Outline
C to Java translation by using Java objects Representation of pointer operations Examples of translation
Class details Fat pointer, block Access methods Fat integer
Implementation of the translator Experiments and considerations Related work Conclusion and future work
![Page 17: The Fail-Safe C to Java translator Yuhki Kamijima (Tohoku Univ.)](https://reader035.vdocuments.us/reader035/viewer/2022070404/56649f355503460f94c52644/html5/thumbnails/17.jpg)
17
Pointer operation
How to simulate a pointer which points to the
middle of a memory block? References in Java cannot point to the middle of
an object
JavaC
→ Use fat pointers×
![Page 18: The Fail-Safe C to Java translator Yuhki Kamijima (Tohoku Univ.)](https://reader035.vdocuments.us/reader035/viewer/2022070404/56649f355503460f94c52644/html5/thumbnails/18.jpg)
18
Fat Pointer [Austin et al. 94] [Oiwa et al. 01] et al.
Represent a pointer as two words base : always points to the front of a memory block offset : contains an integer meaning the distance from
base to the address pointed to by the pointer
base offset means 8 byte distance
offset 0 4 8 12 16 20 24 28 32
8
the location we want to point to
![Page 19: The Fail-Safe C to Java translator Yuhki Kamijima (Tohoku Univ.)](https://reader035.vdocuments.us/reader035/viewer/2022070404/56649f355503460f94c52644/html5/thumbnails/19.jpg)
19
FatPointer class
Simulate fat pointers in Java base : refers to a Block object offset : contains an integer
FatPointer
Block
accessmethods contents
virtual offset 0 4 8 12 16 20 24 28 32
base offset
8
![Page 20: The Fail-Safe C to Java translator Yuhki Kamijima (Tohoku Univ.)](https://reader035.vdocuments.us/reader035/viewer/2022070404/56649f355503460f94c52644/html5/thumbnails/20.jpg)
20
Block abstract class
Simulate memory blocks contents : contains an array of data objects access methods : deal with memory accesses
Has concrete subclasses
・・・
Block (abstract)
accessmethods contents
ByteBlock
accessmethods
FatBlock
accessmethods
: FatPointer object : Byte object (1 byte of data)
![Page 21: The Fail-Safe C to Java translator Yuhki Kamijima (Tohoku Univ.)](https://reader035.vdocuments.us/reader035/viewer/2022070404/56649f355503460f94c52644/html5/thumbnails/21.jpg)
21
Access methods
Memory accesses are implemented using
access methods Block class has several methods for
reading and writingreadFat : 1 word read
writeFat : 1 word write
readByte : 1 byte read
writeShort : 2 byte write
… Enables memory accesses by different types
contentsreadShortreadByteaccess
methodsreadFatwriteFat… writeByte writeShort
![Page 22: The Fail-Safe C to Java translator Yuhki Kamijima (Tohoku Univ.)](https://reader035.vdocuments.us/reader035/viewer/2022070404/56649f355503460f94c52644/html5/thumbnails/22.jpg)
22
Fat Integer [Oiwa et al. 01]
Represent integers by two words Pointers are also integers in C,
generally expressed with 1 word We represent integers by objects
FatInt class base : always null offset : contains integer
FatInt
base offset
5null
![Page 23: The Fail-Safe C to Java translator Yuhki Kamijima (Tohoku Univ.)](https://reader035.vdocuments.us/reader035/viewer/2022070404/56649f355503460f94c52644/html5/thumbnails/23.jpg)
23
Fat class
Common parent class of FatPointer and FatInt FatBlock contents contains Fat objects
FatPointer or FatInt
Fat (abstract)
base offset
FatPointer
base offset
FatInt
base offset
accessmethods
FatBlock
![Page 24: The Fail-Safe C to Java translator Yuhki Kamijima (Tohoku Univ.)](https://reader035.vdocuments.us/reader035/viewer/2022070404/56649f355503460f94c52644/html5/thumbnails/24.jpg)
24
Outline
C to Java translation by using Java objects Representation of pointer operations Examples of translation
Class details Fat pointer, block Access methods Fat integer
Implementation of the translator Experiments and considerations Related work Conclusion and future work
![Page 25: The Fail-Safe C to Java translator Yuhki Kamijima (Tohoku Univ.)](https://reader035.vdocuments.us/reader035/viewer/2022070404/56649f355503460f94c52644/html5/thumbnails/25.jpg)
25
Implementation of the translator
Translator implemented in Objective Caml
lexer
codegenerator
parser
pretty-printer
Csource code
Javasource code
CIL [Necula et al. 02]
Joust [Cooper]
implemented
this part
translator
Cabstract
syntax tree
Java abstract
syntax tree
![Page 26: The Fail-Safe C to Java translator Yuhki Kamijima (Tohoku Univ.)](https://reader035.vdocuments.us/reader035/viewer/2022070404/56649f355503460f94c52644/html5/thumbnails/26.jpg)
26
Experiments
Benchmark programs taken from
The Computer Language Shootout Values in the graph means overheads
Fail-Safe C to Java user time / C user time Handwritten Java user time / C user time
Environments 2.80GHz Intel Pentium 4 CPU, 2GB memory Linux 2.6 gcc : version 4.0.0 with –O2 option javac, java : Sun JDK version 1.5.0 with –O option
![Page 27: The Fail-Safe C to Java translator Yuhki Kamijima (Tohoku Univ.)](https://reader035.vdocuments.us/reader035/viewer/2022070404/56649f355503460f94c52644/html5/thumbnails/27.jpg)
27
Experiments
13.1
7 4.2
7
52.0
3
51.0
7
45.0
8 35.4
1
4.3
9
79.6
46.8
9 37.4
2
50.5
1
11.8
2 3.6
1
3.1
6
1.0
8
3.5
5
0.9
5
1.6
7
16.3
5
2.1
9
1.1
9
1.4
7
0
10
20
30
40
50
60
70
80
90
sta
rtup
su
m-file
nsie
ve
sp
ectra
l-n
orm
man
delb
rot
recu
rsiv
e
partia
l-su
ms
nsie
ve-b
its
fan
nku
ch
bin
ary
-trees
n-b
od
y
FSC2J/C
Java/C
![Page 28: The Fail-Safe C to Java translator Yuhki Kamijima (Tohoku Univ.)](https://reader035.vdocuments.us/reader035/viewer/2022070404/56649f355503460f94c52644/html5/thumbnails/28.jpg)
28
Consideration
All pointers, integers and memory blocks are
translated to objects Lots of object creations and method calls
Reduce these by optimizations Translate variables to FatBlock only if they are pointed
to by a pointer Translate integers to FatInt only if they cannot be
distinguished from pointers Eliminate redundant calls to the same access method
![Page 29: The Fail-Safe C to Java translator Yuhki Kamijima (Tohoku Univ.)](https://reader035.vdocuments.us/reader035/viewer/2022070404/56649f355503460f94c52644/html5/thumbnails/29.jpg)
29
Outline
C to Java translation by using Java objects Representation of pointer operations Examples of translation
Class details Fat pointer, block Access methods Fat integer
Implementation of the translator Experiments and considerations Related work Conclusion and future work
![Page 30: The Fail-Safe C to Java translator Yuhki Kamijima (Tohoku Univ.)](https://reader035.vdocuments.us/reader035/viewer/2022070404/56649f355503460f94c52644/html5/thumbnails/30.jpg)
30
Related work : C to Java translators
Jazillian [Jazillian, Inc.] Aims at readability and maintainability Assumes user intervention of generated code
Ephedra [Martin et al. 01] Does not support cast of pointers between different types Does not support memory access via pointers of different types
Our translatorAims at 100% ANSI conformance (and more) and memory safety
Supports memory access via cast pointers by using
access methods
![Page 31: The Fail-Safe C to Java translator Yuhki Kamijima (Tohoku Univ.)](https://reader035.vdocuments.us/reader035/viewer/2022070404/56649f355503460f94c52644/html5/thumbnails/31.jpg)
31
Related work : Safe C runtime systems
CCured [Necula et al. 02] Dynamically checks unsafe operations Reduces overheads by static analysis (to 3 - 87 %) Does not aim at 100% ANSI conformance
Fail-Safe C [Oiwa et al. 01] Based on the same ideas of fat pointers and fat intergers
Both compile C to native codeIf these compilers have a bug, unsafe codes are executed
Our translator translates C to Java source codeProvided that Java is safe, unsafe codes are rejected
(even if our translator has a bug)
We clarify the essence of Fail-Safe C
![Page 32: The Fail-Safe C to Java translator Yuhki Kamijima (Tohoku Univ.)](https://reader035.vdocuments.us/reader035/viewer/2022070404/56649f355503460f94c52644/html5/thumbnails/32.jpg)
32
Conclusion and future work
We propose translation from C to Java Simulate pointers, integers and memory blocks
with Java objects
Future work Support all ANSI C and more Optimizations