Thu Mar 1, 2007, 4:15-5:30, 3400 Boelter Hall

Eliminating Fatal Errors in Software Systems

Martin Rinard
MIT

I will present a set of simple techniques that enable software systems
to survive otherwise fatal errors. The goal is to enable systems to
execute through such errors, potentially with degraded functionality,
to continue to serve the needs of their users.

I will first address techniques for eliminating resource consumption
errors such as memory leaks, file handle leaks, infinite loops, and
infinite recursions.  Our experimental results show that our
techniques eliminate resource consumption errors in widely used
progams such as Squid, Pine, and xinetd.

I will also discuss failure-oblivious computing, a technique for
ignoring memory addressing errors.  A system that uses
failure-oblivious computing checks each memory access to discard out
of bounds writes and manufacture values for out of bounds reads.  Our
experimental results show that this technique eliminates
buffer-overflow security vulnerabilities and enables widely used
servers such as Apache, Pine, and Sendmail to continue to execute
successfully through otherwise fatal memory errors.

All of these techniques are simple to implement and deploy. They do,
however, perturb the standard programming language semantics and
introduce the possibility of taking the software down unanticipated
execution paths. As such, they represent a significant departure from
standard approaches.  I will briefly discuss the benefits and risks of
adopting such techniques.

Hosts: Rupak Majumdar and Jens Palsberg