HRAM0 Project - Research on Memory Safety
In this post, I briefly describe a project that I am actively involved in called HRAM0. See the project's website for a more detailed description. The project is centered on an abstract machine (Heap Random Access Machine) HRAM0, which is a type of RAM, developed to assist in research on memory safety in programming languages like C/C++. From a theoretical perspective, the goal is to capture the essence of the notion of memory safety in a single-thread userland C program with non-interactive input. The HRAM0 model gives a straightforward way to measure the complexity of instrumentation approaches to achieving memory safety; that is, approaches that involve adding instructions to a program to ensure that it always fails gracefully in the event of any spatial or temporal memory safety violation as opposed to triggering the ERROR state (which models the possibility of undefined behavior and potential security vulnerabilities in the real world). Content from my recent posts on memory safety involving HRAM0 have been moved to the appropriate places on the HRAM0 website.
The practical component to our group's current research on memory safety is based on LLVM and is concurrent work-in-progress. It is presently focused on optimizations to ASAN (Address Sanitizer) and HWASAN (Hardware Address Sanitizer). I will discuss this in later posts.