Article

Garbage Collector Memory Accounting in Language-Based Systems

Authors:

David W. Price,

Dan S. WallachAuthors Info & Claims

SP '03: Proceedings of the 2003 IEEE Symposium on Security and Privacy

Page 263

Published: 11 May 2003 Publication History

Abstract

Language run-time systems are often called upon tosafely execute mutually distrustful tasks within the sameruntime, protecting them from other tasks' bugs or otherwisehostile behavior. Well-studied access controls exist insystems such as Java to prevent unauthorized reading orwriting of data, but techniques to measure and control resourceusage are less prevalent. In particular, most languagerun-time systems include no facility to account forand regulate heap memory usage on a per-task basis. Thisoversight can be exploited by a misbehaving task, whichmight allocate and hold live enough memory to cause adenial-of-service attack, crashing or slowing down othertasks. In addition, tasks can legitimately share referencesto the same objects, and traditional approaches that chargememory to its allocator fail to properly account for thissharing. We present a method for modifying the garbagecollector, already present in most modern language run-timesystems, to measure the amount of live memory reachablefrom each task as it performs its regular duties. Oursystem naturally distinguishes memory shared across tasksfrom memory reachable from only a single task without requiringincompatible changes to the semantics of the programminglanguage. Our prototype implementation imposesnegligible performance overheads in a variety ofbenchmarks, yet provides enough information for the expressionof rich policies to express the limits on a task'smemory usage.

References

[1]

B. Alpern, C. R. Attanasio, J. J. Barton, M. G. Burke, P. Cheng, J.-D. Choi, A. Cocchi, S. J. Fink, D. Grove, M. Hind, S. F. Hummel, D. Lieber, V. Litvinov, M. F. Mergen, T. Ngo, J. R. Russell, V. Sarkar, M. J. Serrano, J. C. Shepherd, S. E. Smith, V. C. Sreedhar, H. Srinivasan, and J. Whaley. The Jalapeño virtual machine. IBM System Journal, 39(1), Feb. 2000.

Digital Library

[2]

B. Alpern and F. B. Schneider. Defining liveness. Information Processing Letters, 21(4):181-185, Oct. 1985.

[3]

J. Alves-Foss, editor. Formal Syntax and Semantics of Java. Number 1523 in Lecture Notes in Computer Science. Springer-Verlag, July 1999.

Digital Library

[4]

M. Anderson, R. D. Pose, and C. S. Wallace. A password-capability system. The Computer Journal, 29(1):1-8, Feb. 1986.

[5]

G. Back and W. Hsieh. Drawing the Red Line in Java. In Proceedings of the Seventh IEEE Workshop on Hot Topics in Operating Systems, Rio Rico, Arizona, Mar. 1999.

Digital Library

[6]

G. Back, W. C. Hsieh, and J. Lepreau. Processes in KaffeOS: Isolation, resource management, and sharing in Java. In Proceedings of the Fourth Symposium on Operating Systems Design and Implementation (OSDI 2000), San Diego, California, Oct. 2000.

Digital Library

[7]

G. Banga, P. Druschel, and J. Mogul. Resource containers: A new facility for resource management in server systems. In Proceedings of the Third Symposium on Operating System Design and Implementation (OSDI), New Orleans, Louisiana, Feb. 1999.

Digital Library

[8]

M. Beg and M. Dahlin. A memory accounting interface for the Java programming language. Technical Report CS-TR- 01-40, University of Texas at Austin, Oct. 2001.

[9]

P. Bernadat, D. Lambright, and F. Travostino. Towards a resource-safe Java for service guarantees in uncooperative environments. In IEEE Workshop on Programming Languages for Real-Time Industrial Applications, Madrid, Spain, Dec. 1998.

[10]

E. Bertino, L. V. Mancini, and S. Jajodia. Collecting garbage in multilevel secure object stores. In Proceedings of the Symposium on Security and Privacy, pages 106-120, Oakland, CA, May 1994. IEEE Computer Society Press.

Digital Library

[11]

W. Binder. Design and implementation of the J-SEAL2 mobile agent kernel. In 2001 Symposium on Applications and the Internet, San Diego, California, Jan. 2001.

Digital Library

[12]

H. Boehm and M. Weiser. Garbage collection in an uncooperative environment. Software Practice and Experience, 18(9):807-820, Sept. 1988.

Digital Library

[13]

H. Bromley. Lisp Lore: A Guide to Programming the Lisp Machine. Kluwer Academic Publishers, 1986.

Digital Library

[14]

Burroughs Corporation, Detroit, Michigan. Burroughs B6500 Information Processing Systems Reference Manual, 1969.

[15]

M. J. Carey, D. J. DeWitt, and J. F. Naughton. The OO7 benchmark. SIGMOD Record (ACM Special Interest Group on Management of Data), 22(2):12-21, 1993.

Digital Library

[16]

A. Chander, J. C. Mitchell, and I. Shin. Mobile code security by Java bytecode instrumentation. In 2001 DARPA Information Survivability Conference & Exposition (DISCEX II), Anaheim, California, June 2001.

[17]

J. S. Chase, H. M. Levy, M. J. Feeley, and E. D. Lazowska. Sharing and protection in a single-address-space operating system. ACM Transactions on Computer Systems, 12(4):271-307, Nov. 1994.

Digital Library

[18]

C. J. Chenney. A nonrecursive list compacting algorithm. Communications of the ACM, 13(11):677-678, Nov. 1970.

Digital Library

[19]

A. Chiampichetti, E. Bertino, and L. V. Mancini. Mark-and-sweep garbage collection in multilevel secure object-oriented database systems. In D. Gollmann, editor, Proceedings of the Third European Symposium on Research in Computer Security (ESORICS), volume 875 of Lecture Notes in Computer Science, pages 359-373, Brighton, UK, Nov. 1994. Springer.

Digital Library

[20]

A. Coglio and A. Goldberg. Type safety in the JVM: Some problems in Java 2 SDK 1.2 and proposed solutions. Concurrency and Computation: Practice and Experience, 13(13):1153-1171, Sept. 2001.

[21]

G. Czajkowski and L. Daynès. Multi-tasking without compromise: a virtual machine approach. In Proceedings of Object-Oriented Programming, Systems, Languages and Applications, Tampa Bay, Florida, Oct. 2001.

Digital Library

[22]

G. Czajkowski and T. von Eicken. JRes: A resource accounting interface for Java. In Proceedings of the ACM Conference on Object-Oriented Programming, Systems, Languages, and Applications, pages 21-35, Vancouver, British Columbia, Oct. 1998.

Digital Library

[23]

D. Dean. The security of static typing with dynamic linking. In Fourth ACM Conference on Computer and Communications Security, Zurich, Switzerland, Apr. 1997.

Digital Library

[24]

D. Dean, E. W. Felten, D. S. Wallach, and D. Balfanz. Java security: Web browsers and beyond. In D. E. Denning and P. J. Denning, editors, Internet Besieged: Countering Cyberspace Scofflaws, pages 241-269. ACM Press, New York, New York, Oct. 1997.

Digital Library

[25]

S. Drossopoulou and S. Eisenbach. Java is type safe--probably. In Proceedings of the European Conference on Object-Oriented Programming (ECOOP '97), Jyväskylä, Finland, June 1997.

[26]

S. Drossopoulou, D. Wragg, and S. Eisenbach. What is Java binary compatibility? In Proceedings of the ACM Conference on Object-Oriented Programming, Systems, Languages, and Applications, pages 341-358, Vancouver, British Columbia, Oct. 1998.

Digital Library

[27]

G. Edjlali, A. Acharya, and V. Chaudhary. History-based access control for mobile code. In Proceedings of the 5th ACM Conference on Computer and Communications Security (CCS '98), pages 38-48, San Francisco, California, Nov. 1998.

Digital Library

[28]

U. Erlingsson and F. B. Schneider. SASI enforcement of security policies: A retrospective. In Proceedings of the 1999 New Security Paradigms Workshop, Caledon Hills, Ontario, Canada, Sept. 1999.

Digital Library

[29]

M. Flatt, R. B. Findler, S. Krishnamurthy, and M. Felleisen. Programming languages as operating systems (or revenge of the son of the Lisp machine). In Proceedings of the 1999 ACM International Conference on Functional Programming (ICFP '99), Paris, France, Sept. 1999.

Digital Library

[30]

A. Goldberg and D. Robson. Smalltalk 80: The Language. Addison-Wesley, Reading, Massachusetts, 1989.

Digital Library

[31]

L. Gong. Inside Java 2 Platform Security: Architecture, API Design, and Implementation. Addison-Wesley, Reading, Massachusetts, June 1999.

Digital Library

[32]

J. Gosling, B. Joy, and G. Steele. The Java Language Specification. Addison-Wesley, Reading, Massachusetts, 1996.

Digital Library

[33]

D. Grossman, G. Morrisett, T. Jim, M. Hicks, Y. Wang, and J. Cheney. Region-based memory management in Cyclone. In ACM SIGPLAN Conference on Programming Language Design and Implementation, Berlin, Germany, June 2002.

Digital Library

[34]

C. Hawblitzel, C.-C. Chang, G. Czajkowski, D. Hu, and T. von Eicken. Implementing multiple protection domains in Java. In USENIX Annual Technical Conference, New Orleans, Louisiana, June 1998.

Digital Library

[35]

C. Hawblitzel and T. von Eicken. Luna: a flexible Java protection system. In Proceedings of the Fifth Symposium on Operating Systems Design and Implementation (OSDI 2002), Boston, Massachusetts, Dec. 2002.

Digital Library

[36]

G. Heiser, K. Elphinstone, J. Vochteloo, S. Russell, and J. Liedtke. The Mungi single-address-space operating system. Software: Practice and Experience, 28(9):901-928, July 1998.

[37]

M. Hicks, P. Kakkar, J. T. Moore, C. A. Gunter, and S. Nettles. PLAN: A packet language for active networks. In Proceedings of the Third ACM SIGPLAN International Conference on Functional Programming Languages, pages 86-93, 1998.

Digital Library

[38]

P. A. Karger. Improving security and performance for capability systems. Technical Report 149, University of Cambridge Computer Laboratory, Oct. 1988.

[39]

T. Lindholm and F. Yellin. The Java Virtual Machine Specification. Addison-Wesley, Reading, Massachusetts, 1996.

Digital Library

[40]

D. Malkhi, M. Reiter, and A. Rubin. Secure execution of Java applets using a remote playground. In Proceedings of the 1998 IEEE Symposium on Security and Privacy, pages 40-51, Oakland, California, May 1998.

[41]

J. McCarthy. Recursive functions of symbolic expressions and their computation by machine. Communications of the ACM, 3(4):184-195, Apr. 1960.

Digital Library

[42]

J. McCarthy. History of LISP. In R. L. Wexelblat, editor, History of Programming Languages, pages 173-185. Academic Press, 1981.

Digital Library

[43]

G. McGrawand E. W. Felten. Securing Java: Getting Down to Business with Mobile Code. John Wiley and Sons, New York, New York, 1999.

Digital Library

[44]

K. Murray, A. Saulsbury, T. Stiemerling, T. Wilkinson, P. Kelly, and P. Osmon. Design and implementation of an object-orientated 64-bit single address space microkernel. In 2nd USENIX Symposium on Microkernels and other Kernel Architectures, San Diego, California, Sept. 1993.

Digital Library

[45]

D. Redell, Y. Dalal, T. Horsley, H. Lauer, W. Lynch, P. McJones, H. Murray, and S. Purcell. Pilot: An operating system for a personal computer. Communications of the ACM, 23(2):81-92, Feb. 1980.

Digital Library

[46]

A. Rudys and D. S. Wallach. Termination in language-based systems. ACM Transactions on Information and System Security, 5(2):138-168, May 2002.

Digital Library

[47]

E. G. Sirer, R. Grimm, A. J. Gregory, and B. N. Bershad. Design and implementation of a distributed virtual machine for networked computers. In Proceedings of the Seventeenth ACM Symposium on Operating System Principles, pages 202-216, Kiawah Island Resort, South Carolina, Dec. 1999.

Digital Library

[48]

R. Stata and M. Abadi. A type system for Java bytecode subroutines. ACM Transactions on Programming Languages and Systems (TOPLAS), 21(1):90-137, Jan. 1999.

Digital Library

[49]

D. C. Swinehart, P. T. Zellweger, R. J. Beach, and R. B. Hagmann. A structural view of the Cedar programming environment. ACM Transactions on Programming Languages and Systems, 8(4):419-490, Oct. 1986.

Digital Library

[50]

D. Ungar. Generational scavenging: A non-disruptive high performance storage reclamation algorithm. In Proceedings of the ACMSIGSOFT/SIGPLAN Software Engineering Symposium on Practical Software Development Environments, Apr. 1984.

Digital Library

[51]

L. van Doorn. A secure Java virtual machine. In Ninth USENIX Security Symposium Proceedings, Denver, Colorado, Aug. 2000.

Digital Library

[52]

D. S. Wallach, E. W. Felten, and A. W. Appel. The security architecture formerly known as stack inspection: A security mechanism for language-based systems. ACM Transactions on Software Engineering and Methodology, 9(4):341-378, Oct. 2000.

Digital Library

[53]

A. Wick, M. Flatt, and W. Hsieh. Reachability-based memory accounting. In Third Workshop on Scheme and Functional Programming, Pittsburgh, Pennsylvania, Oct. 2002.

[54]

P. R. Wilson. Uniprocessor garbage collection techniques. In Proceedings of the International Workshop on Memory Management, Saint-Malo, France, Sept. 1992.

Digital Library

[55]

N. Wirth and J. Gutknecht. Project Oberon. ACM Press, 1992.

Digital Library

Cited By

Yang YShen WXie XLu KWang MZhou TQin CYu WRen K(2022)Making Memory Account Accountable: Analyzing and Detecting Memory Missing-account bugs for Container PlatformsProceedings of the 38th Annual Computer Security Applications Conference10.1145/3564625.3564634(869-880)Online publication date: 5-Dec-2022
https://dl.acm.org/doi/10.1145/3564625.3564634
Nanjekye JBremner DMicic AOnuţ IZulkernine F(2021)Eclipse OMR garbage collection for tracing JIT-based virtual machinesProceedings of the 31st Annual International Conference on Computer Science and Software Engineering10.5555/3507788.3507826(244-249)Online publication date: 22-Nov-2021
https://dl.acm.org/doi/10.5555/3507788.3507826
Nunez DGuyer SBerger E(2016)Prioritized garbage collection: explicit GC support for software cachesACM SIGPLAN Notices10.1145/3022671.298402851:10(695-710)Online publication date: 19-Oct-2016
https://dl.acm.org/doi/10.1145/3022671.2984028
Show More Cited By

Index Terms

Garbage Collector Memory Accounting in Language-Based Systems

Recommendations

An efficient garbage collection for flash memory-based virtual memory systems

As more consumer electronics adopt monolithic kernels, NAND flash memory is used for the swap space in virtual memory systems. While flash memory has the advantages of low-power consumption, shock-resistance and non-volatility, it requires garbage ...
Locality and Duplication-Aware Garbage Collection for Flash Memory-Based Virtual Memory Systems
CIT '10: Proceedings of the 2010 10th IEEE International Conference on Computer and Information Technology

As embedded systems adopt monolithic kernels, NAND flash memory is used for swap space of virtual memory systems. While flash memory has the advantages of low-power consumption, shock-resistance and non-volatility, it requires garbage collections due to ...
An efficient garbage collection policy for flash memory based swap systems
ICCSA'07: Proceedings of the 2007 international conference on Computational science and its applications - Volume Part I

Mobile computing devices use flash memory as a secondary storage because it has many attractive features such as small size, fast access speeds, shock resistance, and light weight. Mobile computing devices exploit a swap system to extend a limited main ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image Guide Proceedings

SP '03: Proceedings of the 2003 IEEE Symposium on Security and Privacy

May 2003

ISBN:0769519407

Copyright © Copyright (c) 2003 Institute of Electrical and Electronics Engineers, Inc. All rights reserved.

Publisher

IEEE Computer Society

United States

Publication History

Published: 11 May 2003

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

9
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 12 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Yang YShen WXie XLu KWang MZhou TQin CYu WRen K(2022)Making Memory Account Accountable: Analyzing and Detecting Memory Missing-account bugs for Container PlatformsProceedings of the 38th Annual Computer Security Applications Conference10.1145/3564625.3564634(869-880)Online publication date: 5-Dec-2022
https://dl.acm.org/doi/10.1145/3564625.3564634
Nanjekye JBremner DMicic AOnuţ IZulkernine F(2021)Eclipse OMR garbage collection for tracing JIT-based virtual machinesProceedings of the 31st Annual International Conference on Computer Science and Software Engineering10.5555/3507788.3507826(244-249)Online publication date: 22-Nov-2021
https://dl.acm.org/doi/10.5555/3507788.3507826
Nunez DGuyer SBerger E(2016)Prioritized garbage collection: explicit GC support for software cachesACM SIGPLAN Notices10.1145/3022671.298402851:10(695-710)Online publication date: 19-Oct-2016
https://dl.acm.org/doi/10.1145/3022671.2984028
Nunez DGuyer SBerger EVisser ESmaragdakis Y(2016)Prioritized garbage collection: explicit GC support for software cachesProceedings of the 2016 ACM SIGPLAN International Conference on Object-Oriented Programming, Systems, Languages, and Applications10.1145/2983990.2984028(695-710)Online publication date: 19-Oct-2016
https://dl.acm.org/doi/10.1145/2983990.2984028
Yang EMazières D(2014)Dynamic space limits for HaskellACM SIGPLAN Notices10.1145/2666356.259434149:6(588-598)Online publication date: 9-Jun-2014
https://dl.acm.org/doi/10.1145/2666356.2594341
Yang EMazières DO'Boyle MPingali K(2014)Dynamic space limits for HaskellProceedings of the 35th ACM SIGPLAN Conference on Programming Language Design and Implementation10.1145/2594291.2594341(588-598)Online publication date: 9-Jun-2014
https://dl.acm.org/doi/10.1145/2594291.2594341
Simão JLemos JVeiga L(2011)A2-VMProceedings of the 2011th Confederated international conference on On the move to meaningful internet systems - Volume Part I10.5555/2074356.2074383(302-320)Online publication date: 17-Oct-2011
https://dl.acm.org/doi/10.5555/2074356.2074383
Liem CGu YJohnson HErlingsson ÚPistoia M(2008)A compiler-based infrastructure for software-protectionProceedings of the third ACM SIGPLAN workshop on Programming languages and analysis for security10.1145/1375696.1375702(33-44)Online publication date: 7-Jun-2008
https://dl.acm.org/doi/10.1145/1375696.1375702
Wick AFlatt MBacon DDiwan A(2004)Memory accounting without partitionsProceedings of the 4th international symposium on Memory management10.1145/1029873.1029888(120-130)Online publication date: 24-Oct-2004
https://dl.acm.org/doi/10.1145/1029873.1029888

View Options

View options

Media

Figures

Other

Tables

View Table of Contents