emeryberger/DieHard emeryberger/DieHard

  • Stars
    star
    389
  • Rank 106,972 (Top 3 %)
  • Language
    C
  • License
    GNU General Publi...
  • Created almost 12 years ago
  • Updated almost 2 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
emeryberger/DieHard
github

emeryberger

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

DieHard: An error-resistant memory allocator for Windows, Linux, and Mac OS X

if downloading from GitHub, make sure to use --recursive, as in: git clone --recursive https://github.com/emeryberger/DieHard

DieHard

DieHard: An error-resistant memory allocator for Windows, Linux, and Mac OS X

DieHard / Exterminator / DieHarder

Copyright (C) 2005-2018 by Emery Berger
University of Massachusetts Amherst

http://www.emeryberger.com
http://www.diehard-software.org
http://www.die-harder.org

This distribution includes the source for three systems.

  • DieHard: a system that increases RELIABILITY by allowing programs with memory errors to run correctly, with high probability.

DieHard was the direct inspiration for the Fault-Tolerant Heap incorporated in Windows 7, though it goes far beyond it in terms of reliability.

DieHard automatically hardens software applications against a wide range of bugs. These bugs -- known as memory errors -- often end up as serious security vulnerabilities, cause crashes, or lead to unpredictable behavior. DieHard either eliminates these bugs altogether, or avoids them with high probability. In other words, DieHard can take some buggy programs and make them bug-free (or close to it).

DieHard was first described in the Berger and Zorn PLDI 2006 paper DieHard: Probabilistic Memory Safety for Unsafe Languages (ACM link), though the DieHarder paper presents a more up-to-date description.

  • Exterminator: a system that AUTOMATICALLY FIXES programs with memory errors.

Exterminator builds on DieHard (in fact, using a variant called DieFast, and uses statistical inference to locate and fix memory errors. Exterminator first appeared in the PLDI 2007 paper Exterminator: automatically correcting memory errors with high probability(ACM link), and Communications of the ACM featured a more concise version as a technical highlight in December 2008 (ACM link).

  • DieHarder: a system that improves SECURITY by protecting programs against security exploits. This work presents an analytical framework for determining the security of memory allocators against attacks, and presents a version of DieHard that (as far as we know) is the most secure memory allocator. DieHarder first appeared in the Proceedings of the 17th ACM Conference on Computer and Communications Security (CCS 2010). DieHarder directly inspired security hardening features in Microsoft Windows (starting with version 8).

Build and usage instructions

Windows

To build the Windows version (randomized runtime only), do this:

% nmake /f Makefile.win32

To use DieHard as a library with your application, link your program as follows:

% cl /MD yourapp.cpp usewinhard.obj winhard.lib

Copy winhard.dll to the same directory as the executable.

Linux / Solaris

Build the shared library with make. You can either link in the resulting shared object (libdiehard.so), or use DieHard by setting the LD_PRELOAD environment variable, as in:

% setenv LD_PRELOAD /path/to/diehard/libdiehard.so

To use the replicated version, invoke your program with (for example):

% diehard 3 /path/to/libdiehard_r.so yourapp

This would create 3 replicas of yourapp. If the application does not read from standard input, add < /dev/null to the command line.

Mac OS X

To use DieHard, build with "make darwin" and set two environment variables as follows:

% export DYLD_INSERT_LIBRARIES=/path/to/libdiehard.dylib

DieHard will then replace the system malloc in any new application executed from that terminal window.

Notes about the source code:

This directory contains the source code for DieHard. The version here uses an adaptive algorithm that differs substantially from that described in the PLDI 2006 paper (../docs/pldi2006-diehard.pdf). In particular, this version adjusts its heap size dynamically rather than relying on a static, a priori heap choice.

The original version, as described in the PLDI 2006 paper, is in the subdirectory static/. In addition, the support for replication is in the subdirectory replicated/.

The fault injectors described in the PLDI paper are in the util/ directory. The library libbrokenmalloc.so can be used to inject buffer overflows and dangling pointer errors. To inject buffer overflows, just set LD_PRELOAD to point to libbrokenmalloc.so, and set the appropriate environment variables (shown at startup). To inject dangling pointer errors, you must first run the program with libtrackalloc.so preloaded, and then run it on the same inputs with libbrokenmalloc.so.

Frequently Asked Questions

What does DieHard do?

DieHard prevents some nasty errors - ones that crash programs and lead to security vulnerabilities. These are memory errors, including double-frees & heap corruption (which DieHard eliminates), and dangling pointer errors (or stale pointers) and heap buffer overflows (which DieHard makes unlikely to have any effect). Who should use DieHard?

DieHard is good for software developers, since it makes programmer errors unlikely to crash a program and reduces the risk of security vulnerabilities. It's also good for end users, who can take advantage of DieHard's protections now. What versions of Windows (& Firefox) does DieHard support?

In addition to supporting nearly any application for Linux and Solaris, DieHard currently protects Firefox on Windows XP and 2003. DieHard works with Firefox versions 1.5.0.9 and higher, as well as version 2.0.0.1.

Can DieHard protect any other application than Mozilla?

On Windows, the DieHard protection system currently supports Mozilla only; we plan to add more applications soon. On Linux, DieHard can protect any application. In addition, programmers using DieHard (on Windows or Linux) can protect any application they are developing.

My security program claims that the DieHard zip file contains a virus - can that be true?

Absolutely not. Your security program (so far, I only know of one, by "astaro") noticed that the distribution contains an example HTML file that shows how DieHard works. And that HTML does not contain a virus, either! It just causes certain versions of Mozilla to crash if you aren't running DieHard.

Does running DieHard significantly slow down a system?

Unless your system had too little memory installed, DieHard generally has no perceptible performance impact on applications like Firefox.

How much more memory does DieHard require?

That depends on your application, but in general, memory consumption will increase somewhat.

Does DieHard protect only programs launched after it is activated?

Yes.

I see that DieHard runs multiple copies of a program and "votes". How many copies of a program are running at the same time?

There is a version of DieHard for Linux that runs multiple replicas simultaneously, and then you can choose how many replicas you would like to run. However, the Windows version runs just one copy of your program.

Does DieHard prevent all crashes? If not, what does it prevent?

No, although that would be nice. DieHard completely prevents particular memory management errors from having any effect (these are "double frees" and "invalid frees"). It dramatically reduces the likelihood of another kind of error known as "dangling pointer" errors, and lowers the odds that moderate buffer overflows will have any effect. It prevents certain library-based heap overflows (e.g., through strcpy), and all but eliminates another problem known as "heap corruption."

How does DieHard differ from Vista's, OpenBSD's, and Linux's "address space randomization"?

Address space randomization places large chunks of memory (obtained via mmap / VirtualAlloc) at different places in memory, but leaves unchanged the relative position of heap objects. Linux adds some checks for particular memory management errors (and then aborts the program).

Longer technical answer: OpenBSD (a variant of PHKmalloc) does some of what DieHard's allocator does, but DieHard does much more. On the security side, DieHard adds much more "entropy"; on the reliability side, it mathematically reduces the risk that a programmer bug will have any impact on program execution.

OpenBSD randomly locates pages of memory and allocates small objects from these pages. It improves security by avoiding the effect of certain errors. Like DieHard, it is resilient to double and invalid frees. It places guard pages around large chunks and frees such large chunks back to the OS (causing later references through dangling pointers to fail unless the chunk is reused). It attempts to block some buffer overflows by using page protection. Finally, it shuffles some allocated objects around on a page, randomizing their location within a page.

DieHard goes much further. First, it completely segregates heap metadata from the heap, making heap corruption (and hijack attacks) nearly impossible. On OpenBSD, a large-enough underflow on OpenBSD can overwrite the page directory or local page info struct (at the beginning of each page), hijacking the allocator. By contrast, none of DieHard's metadata is located in the allocated object space.

Second, DieHard randomizes the placement of objects across the entire heap. This has numerous advantages. On the security side, it makes brute-force attempts to locate adjacent objects nearly impossible -- in OpenBSD, knowing the allocation sequence determines which pages objects will land on (see the presentation pointed to above).

DieHard's complete randomization is key to provably avoiding a range of errors with high probability. It reduces the worst-case odds that a buffer overflow has any impact to 50%. The actual likelihood is even lower when the heap is not full. DieHard also avoids dangling pointer errors with very high probability (e.g., 99.999%), making it nearly impervious to such mistakes. You can read the PLDI paper for more details and formulae.

Acknowledgements

This work is supported in part by the National Science Foundation, Intel Corporation, and Microsoft Research. This material is based upon work supported by the National Science Foundation under Grant No CNS-0615211. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation (NSF).

More Repositories

1

CSrankings

A web app for ranking computer science departments according to their research output in selective venues, and for finding active faculty across a wide range of areas.
Python
2,603
star
2

Hoard

The Hoard Memory Allocator: A Fast, Scalable, and Memory-efficient Malloc for Linux, Windows, and Mac.
C++
1,062
star
3

Malloc-Implementations

A collection of memory allocators
C
426
star
4

Heap-Layers

Heap Layers: An Extensible Memory Allocation Infrastructure
C++
371
star
5

csconferences

Major CS conference publication stats (including accepted and submitted) by year.
Python
101
star
6

dthreads

dthreads: Efficient Deterministic Multithreading
C
49
star
7

cheap

Cheap: customized heaps for improved application performance.
C++
25
star
8

COMPSCI-630

Public notes, etc. for CMPSCI 630, the UMass CS graduate systems course.
TeX
20
star
9

web-programming

web programming course (COMPSCI 326, UMass Amherst)
JavaScript
14
star
10

COMPSCI590S

Systems for Data Science repo
TeX
12
star
11

Grace

Grace - a replacement for pthreads that enforces sequential semantics (stronger than determinism).
C
10
star
12

hangover

Basic fuzzer for malloc implementations
C++
9
star
13

PLDI-2016

Documents related to PLDI 2016.
TeX
9
star
14

PC-Resources

Resources for conference program chairs, especially in systems/PL areas of computer science.
Python
7
star
15

ApproximateCounter

A C++ implementation of a scalable approximate counter.
C++
4
star
16

COMPSCI-630-S18-Assignment1

Rust
2
star
17

opendetex

Automatically exported from code.google.com/p/opendetex
Lex
2
star
18

publications

Emery Berger publications
TeX
2
star
19

eon

The Eon programming language
C
1
star
20

bertsort

C++
1
star
21

ASPLOS-2021

Python
1
star
22

Jack

You don't know Jack.
C++
1
star
23

wordle-solver

"Finds" the wordle solution of the day
HTML
1
star