Abstract: Methods of detecting memory errors using write integrity testing are described. In an embodiment, additional analysis is performed when a program is compiled. This analysis identifies a set of objects which can be written by each instruction in the program. Additional code is then inserted into the program so that, at runtime, the program checks before performing a write instruction that the particular object being written is one of the set of objects that it is allowed to write. The inserted code causes an exception to be raised if this check fails and allows the write to proceed if the check is successful. In a further embodiment, code may also be inserted to perform checks before indirect control-flow transfer instructions, to ensure that those instructions cannot transfer control to locations different from those intended.

Abstract: Software fault isolation methods using byte-granularity memory protection are described. In an embodiment, untrusted drivers or other extensions to a software system are run in a separate domain from the host portion of the software system, but share the same address space as the host portion. Calls between domains are mediated using an interposition library and access control data is maintained for substantially each byte of relevant virtual address space. Instrumentation added to the untrusted extension at compile-time, before load-time, or at runtime and added by the interposition library enforces the isolation between domains, for example by adding access right checks before any writes or indirect calls and by redirecting function calls to call wrappers in the interposition library. The instrumentation also updates the access control data to grant and revoke access rights on a fine granularity according to the semantics of the operation being invoked.

Abstract: Software fault isolation methods using byte-granularity memory protection are described. In an embodiment, untrusted drivers or other extensions to a software system are run in a separate domain from the host portion of the software system, but share the same address space as the host portion. Calls between domains are mediated using an interposition library and access control data is maintained for substantially each byte of relevant virtual address space. Instrumentation added to the untrusted extension at compile-time, before load-time, or at runtime and added by the interposition library enforces the isolation between domains, for example by adding access right checks before any writes or indirect calls and by redirecting function calls to call wrappers in the interposition library. The instrumentation also updates the access control data to grant and revoke access rights on a fine granularity according to the semantics of the operation being invoked.

Abstract: Methods of detecting memory errors using write integrity testing are described. In an embodiment, additional analysis is performed when a program is compiled. This analysis identifies a set of objects which can be written by each instruction in the program. Additional code is then inserted into the program so that, at runtime, the program checks before performing a write instruction that the particular object being written is one of the set of objects that it is allowed to write. The inserted code causes an exception to be raised if this check fails and allows the write to proceed if the check is successful. In a further embodiment, code may also be inserted to perform checks before indirect control-flow transfer instructions, to ensure that those instructions cannot transfer control to locations different from those intended.