Huan Sun,Ziyu Mao,Jingyi Wang,Ziyan Zhao,Wenhai Wang

DOI: https://doi.org/10.1007/978-3-031-43681-9_13

2023-01-01

Abstract:Real-time operating systems (RTOSs) such as mu C/OS-II are critical components of many industrial systems, which makes it of vital importance to verify their correctness. However, earlier specifications for verification of RTOSs often do not explicitly specify the behavior of possible unbounded kernel service invocations. To address the problem, a new event-based modelling approach is recently proposed to treat the operating system as a concurrent reactive system (CRS). Besides, a respective parametric rely-guarantee style reasoning framework called PiCore is developed to verify such systems effectively. Witnessing the advancement, we conduct a case study to investigate the use of PiCore to compositionally verify two important entangled modules of a practical RTOS mu C/OS-II, i.e., the memory management module and the mailbox module. Several desirable safety properties regarding the memory pools and mailboxes are formally defined and proved with PiCore (approximate to 2500 lines of specifications and proof scripts in Isabelle/HOL) based on a formal execution model considering the two modules simultaneously. We also discuss the shortcomings of PiCore for our case study and present possible improvement directions.

Stephan Bauroth

2024-10-23

Abstract:Heap-based exploits that leverage memory management errors continue to pose a significant threat to application security. The root cause of these vulnerabilities are the memory management errors within the applications, however various hardened allocator designs have been proposed as mitigation. A common feature of these designs is the strategic decision to store heap metadata separately from the application data in use, thereby reducing the risk of metadata corruption leading to security breaches. Despite their potential benefits, hardened allocators have not been widely adopted in real-world applications. The primary barrier to their adoption is the performance overheads they introduce. These overheads can negatively impact the efficiency and speed of applications, which is a critical consideration for developers and system administrators. Having learned from previous implementations, we developed SJMalloc, a general-purpose, high-performance allocator that addresses these concerns. SJMalloc stores its metadata out-of-band, away from the application's data on the heap. This design choice not only enhances security but also improves performance. Across a variety of real-world workloads, SJMalloc demonstrates a ~6% performance improvement compared to GLibcs allocator, while using only ~5% more memory. Furthermore, SJMalloc successfully passes the generic elements of the GLibc malloc testsuite and can thus be used as a drop-in replacement for the standard allocator, offering an easy upgrade path for enhanced security and performance without requiring changes to existing applications.

Operating Systems,Cryptography and Security

Martin Aigner,Christoph M. Kirsch,Michael Lippautz,Ana Sokolova

DOI: https://doi.org/10.1145/2814270.2814294

2015-08-25

Abstract:We demonstrate that general-purpose memory allocation involving many threads on many cores can be done with high performance, multicore scalability, and low memory consumption. For this purpose, we have designed and implemented scalloc, a concurrent allocator that generally performs and scales in our experiments better than other allocators while using less memory, and is still competitive otherwise. The main ideas behind the design of scalloc are: uniform treatment of small and big objects through so-called virtual spans, efficiently and effectively reclaiming free memory through fast and scalable global data structures, and constant-time (modulo synchronization) allocation and deallocation operations that trade off memory reuse and spatial locality without being subject to false sharing.

Programming Languages

Ruizhe Wang,Meng Xu,N. Asokan

2024-05-30

Abstract:Attacks on heap memory, encompassing memory overflow, double and invalid free, use-after-free (UAF), and various heap spraying techniques are ever-increasing. Existing entropy-based secure memory allocators provide statistical defenses against virtually all of these attack vectors. Although they claim protections against UAF attacks, their designs are not tailored to detect (failed) attempts. Consequently, to beat this entropy-based protection, an attacker can simply launch the same attack repeatedly with the potential use of heap spraying to further improve their chance of success. We introduce S2malloc, aiming to enhance UAF-attempt detection without compromising other security guarantees or introducing significant performance overhead. To achieve this, we use three innovative constructs in secure allocator design: free block canaries (FBC) to detect UAF attempts, random in-block offset (RIO) to stop the attacker from accurately overwriting the victim object, and random bag layout (RBL) to impede attackers from estimating the block size based on its address. We show that (a) by reserving 25% of the object size for the RIO offset, an 8-byte canary offers a 69% protection rate if the attacker reuses the same pointer and 96% protection rate if the attacker does not, against UAF exploitation attempts targeting a 64 bytes object, with equal or higher security guarantees against all other attacks; and (b) S2malloc is practical, with only a 2.8% run-time overhead on PARSEC and an 11.5% overhead on SPEC. Compared to state-of-the-art entropy-based allocators, S2malloc improves UAF-protection without incurring additional performance overhead. Compared to UAF-mitigating allocators, S2malloc trades off a minuscule probability of failed protection for significantly lower overhead.

Cryptography and Security

Bobby Powers,David Tench,Emery D. Berger,Andrew McGregor

DOI: https://doi.org/10.1145/3314221.3314582

2019-02-17

Abstract:Programs written in C/C++ can suffer from serious memory fragmentation, leading to low utilization of memory, degraded performance, and application failure due to memory exhaustion. This paper introduces Mesh, a plug-in replacement for malloc that, for the first time, eliminates fragmentation in unmodified C/C++ applications. Mesh combines novel randomized algorithms with widely-supported virtual memory operations to provably reduce fragmentation, breaking the classical Robson bounds with high probability. Mesh generally matches the runtime performance of state-of-the-art memory allocators while reducing memory consumption; in particular, it reduces the memory of consumption of Firefox by 16% and Redis by 39%.

Programming Languages,Data Structures and Algorithms,Performance

Shijie Xu,Qi Guo,Gerhard W. Dueck,David Bremner,Yang Wang

DOI: https://doi.org/10.1145/2843915.2843920

2015-01-01

Abstract:Dynamic memory management has received extensive attention in the last decade. Reducing memory fragmentation is a major design consideration to achieve efficient memory management. However, for some loop intensive applications (e.g., Apache HTTP and Ngnix), state-of-the-art dynamic memory allocators are not capable of reducing fragmentation efficiently due to repeatedly allocations and deallocations of objects with varying size. To address this problem, we propose a smart memory allocator, called Metis, designed for loop intensive applications. In Metis, a program's runtime is divided into two phases: profiling phase and activation phase. For the former, Metis builds a model to group historical allocation instructions, the objects created which are interconnected and likely to be reclaimed together during the same Garbage Collection (GC) cycle. For the latter, a region group (a contiguous piece of memory that can be reclaimed as a whole) is created to serve allocation instructions from one instruction group in the model. Our experiment with extended SPECjvm2008 traces shows that 79% of true fragmentation in the global heap can be reduced and a larger fraction of false fragmentation in region groups.

Keita Iwabuchi,Karim Youssef,Kaushik Velusamy,Maya Gokhale,Roger Pearce

DOI: https://doi.org/10.48550/arXiv.2108.07223

2022-03-01

Abstract:Data analytics applications transform raw input data into analytics-specific data structures before performing analytics. Unfortunately, such data ingestion step is often more expensive than analytics. In addition, various types of NVRAM devices are already used in many HPC systems today. Such devices will be useful for storing and reusing data structures beyond a single process life cycle. We developed Metall, a persistent memory allocator built on top of the memory-mapped file mechanism. Metall enables applications to transparently allocate custom C++ data structures into various types of persistent memories. Metall incorporates a concise and high-performance memory management algorithm inspired by Supermalloc and the rich C++ interface developed by <a class="link-external link-http" href="http://Boost.Interprocess" rel="external noopener nofollow">this http URL</a> library. On a dynamic graph construction workload, Metall achieved up to 11.7x and 48.3x performance improvements over <a class="link-external link-http" href="http://Boost.Interprocess" rel="external noopener nofollow">this http URL</a> and memkind (PMEM kind), respectively. We also demonstrate Metall's high adaptability by integrating Metall into a graph processing framework, GraphBLAS Template Library. This study's outcomes indicate that Metall will be a strong tool for accelerating future large-scale data analytics by allowing applications to leverage persistent memory efficiently.

Distributed, Parallel, and Cluster Computing

Ruizhe Wang,Meng Xu,N. Asokan

2024-05-23

Abstract:Use-after-free (UAF) is a critical and prevalent problem in memory unsafe languages. While many solutions have been proposed, balancing security, run-time cost, and memory overhead (an impossible trinity) is hard.

Cryptography and Security

Jiajian Zhang,Fangyu Wu,Hai Jiang,Guangliang Cheng,Genlang Chen,Qiufeng Wang

DOI: https://doi.org/10.1145/3673038.3673069

2024-01-01

Abstract:Dynamic memory allocation on GPUs, increasingly crucial for applications with dynamic computational patterns, encounters significant challenges due to the complex calculations with intricate branches and substantial memory resources consumed by metadata from massive thread allocations. Despite the current research, there is a lack of a scalable and flexible solution that effectively manages dynamic memory allocation while minimizing memory usage on GPUs. This paper introduces SyncMalloc, a synchronized Host-Device Co-Management system that is specifically designed to adeptly handle dynamic memory allocations of diverse magnitudes. Through the integration of pipelining and producer-consumer mechanisms, SyncMalloc effectively reduces communication overhead and resolves architectural mismatches, further enhancing its capability through synergistic integration with CUDA’s unified memory to facilitate oversubscription. Moreover, SyncMalloc advances slab-based memory management to enhance the efficiency of small allocations, reducing conflict probabilities and overhead in high-activity scenarios. Finally, we present a comprehensive performance evaluation, expanding benchmarks and measurement dimensions to reflect the performance of real-world applications more accurately. The experimental results demonstrate the effectiveness of SyncMalloc in supporting dynamic GPU allocations scaled from 4B to 200GB from multiple perspectives. Our source code is available at https://github.com/jjZhang94/SyncMalloc.

Zheng Dang,Shuibing He,Peiyi Hong,Zhenxin Li,Xuechen Zhang,Xian-He Sun,Gang Chen

DOI: https://doi.org/10.1145/3503222.3507743

2022-02-28

Abstract:Persistent memory allocation is a fundamental building block for developing high-performance and in-memory applications. Existing persistent memory allocators suffer from suboptimal heap organizations that introduce repeated cache line flushes and small random accesses in persistent memory. Worse, many allocators use static slab segregation resulting in a dramatic increase in memory consumption when allocation request size is changed. In this paper, we design a novel allocator, named NVAlloc, to solve the above issues simultaneously. First, NVAlloc eliminates cache line reflushes by mapping contiguous data blocks in slabs to interleaved metadata entries stored in different cache lines. Second, it writes small metadata units to a persistent bookkeeping log in a sequential pattern to remove random heap metadata accesses in persistent memory. Third, instead of using static slab segregation, it supports slab morphing, which allows slabs to be transformed between size classes to significantly improve slab usage. NVAlloc is complementary to the existing consistency models. Results on 6 benchmarks demonstrate that NVAlloc improves the performance of state-of-the-art persistent memory allocators by up to 6.4x and 57x for small and large allocations, respectively. Using NVAlloc reduces memory usage by up to 57.8%. Besides, we integrate NVAlloc in a persistent FPTree. Compared to the state-of-the-art allocators, NVAlloc improves the performance of this application by up to 3.1x.

José L. Risco-Martín,J. Manuel Colmenar,David Atienza,J. Ignacio Hidalgo

DOI: https://doi.org/10.1016/j.micpro.2011.08.003

2024-06-22

Abstract:For the last thirty years, a large variety of memory allocators have been proposed. Since performance, memory usage and energy consumption of each memory allocator differs, software engineers often face difficult choices in selecting the most suitable approach for their applications. To this end, custom allocators are developed from scratch, which is a difficult and error-prone process. This issue has special impact in the field of portable consumer embedded systems, that must execute a limited amount of multimedia applications, demanding high performance and extensive memory usage at a low energy consumption. This paper presents a flexible and efficient simulator to study Dynamic Memory Managers (DMMs), a composition of one or more memory allocators. This novel approach allows programmers to simulate custom and general DMMs, which can be composed without incurring any additional runtime overhead or additional programming cost. We show that this infrastructure simplifies DMM construction, mainly because the target application does not need to be compiled every time a new DMM must be evaluated and because we propose a structured method to search and build DMMs in an object-oriented fashion. Within a search procedure, the system designer can choose the "best" allocator by simulation for a particular target application and embedded system. In our evaluation, we show that our scheme delivers better performance, less memory usage and less energy consumption than single memory allocators.

Operating Systems

Zheng Dang,Shuibing He,Xuechen Zhang,Peiyi Hong,Zhenxin Li,Xinyu Chen,Haozhe Song,Xian-He Sun,Gang Chen

DOI: https://doi.org/10.1145/3643886

2024-02-03

ACM Transactions on Computer Systems

Abstract:Persistent memory allocation is a fundamental building block for developing high-performance and in-memory applications. Existing persistent memory allocators suffer from many performance issues. First, they may introduce repeated cache line flushes and small random accesses in persistent memory for their poor heap metadata management. Second, they use static slab segregation resulting in a dramatic increase in memory consumption when allocation request size is changed. Third, they are not aware of NUMA effect, leading to remote persistent memory accesses in memory allocation and deallocation processes. In this paper, we design a novel allocator, named PMAlloc, to solve the above issues simultaneously. (1) PMAlloc eliminates cache line reflushes by mapping contiguous data blocks in slabs to interleaved metadata entries stored in different cache lines. (2) It writes small metadata units to a persistent bookkeeping log in a sequential pattern to remove random heap metadata accesses in persistent memory. (3) Instead of using static slab segregation, it supports slab morphing, which allows slabs to be transformed between size classes to significantly improve slab usage. (4) It uses a local-first allocation policy to avoid allocating remote memory blocks. And it supports a two-phase deallocation mechanism including recording and synchronization to minimize the number of remote memory access in the deallocation. PMAlloc is complementary to the existing consistency models. Results on 6 benchmarks demonstrate that PMAlloc improves the performance of state-of-the-art persistent memory allocators by up to 6.4x and 57x for small and large allocations, respectively. PMAlloc with NUMA optimizations brings a 2.9x speedup in multi-socket evaluation and is up to 36x faster than other persistent memory allocators. Using PMAlloc reduces memory usage by up to 57.8%. Besides, we integrate PMAlloc in a persistent FPTree. Compared to the state-of-the-art allocators, PMAlloc improves the performance of this application by up to 3.1x.

computer science, theory & methods

Yu Zhang,Yongwang Zhao,David Sanán,Lei Qiao,Jinkun Zhang

DOI: https://doi.org/10.1007/978-3-030-35540-1_8

2019-01-01

Abstract:Formal verification of real-time services is important because they are usually associated with safety-critical systems. In this paper, we present a verified Two-Level Segregated Fit (TLSF) memory management model. TLSF is a dynamic memory allocator and is designed for real-time operating systems. We formalize the specification of TLSF algorithm based on the client requirements. The specification contains both functional correctness of allocation and free services and invariants and constraints of the global memory state. Then we implement an abstract TLSF memory allocator using state monads in Isabelle/HOL. The allocator model is built from a high-level view and the details of data structures are simplified but it covers all the behavioral principles and procedures of a concrete TLSF implementation. Finally, we verify that our TLSF model is correct w.r.t. the specification using a verification condition generator (VCG) and verification tools in Isabelle/HOL.

Xiangzhen Ouyang,Yian Zhu

DOI: https://doi.org/10.1145/3533724

2022-01-01

ACM Transactions on Embedded Computing Systems

Abstract:Dynamic memory allocation plays a vital role in modern application programs. Modern lock-free memory allocators based on hardware atomic primitives usually provide good performance. However, threads may starve in these lock-free implementations, leading to unbounded worst-case execution time that is not allowed in real-time embedded systems. This article presents decentralized dynamic memory management, wfspan, based on non-linearizable wait-free lists. It employs a helping mechanism to ensure no starvation in the lock-free implementation. From the perspective of design tradeoff, wfspan guarantees bounded execution steps in both allocation and deallocation procedure, at the cost of increasing bounded worst-case memory footprint. The results of running benchmarks on an x86/64 and an aarch64 machine illustrate that wfspan achieves competitive performance and memory footprint compared to lock-based and lock-free practical memory allocators while showing superior to other allocators in terms of worst-case execution time.

Irina Aleksandrovna Astrakhantseva,Roman Gennadevich Astrakhantsev,Arseny Viktorovich Mitin

DOI: https://doi.org/10.1088/1742-6596/2001/1/012006

2021-08-24

Abstract:Dynamic memory management requires special attention in programming. It should be fast and secure at the same time. This paper proposes a new randomized dynamic memory management algorithm designed to meet these requirements. Randomization is a key feature intended to protect applications from "use-after-free" or similar attacks. At the same time, the state in the algorithm consists only of one pointer, so it does not consume extra memory for itself. However, our algorithm is not a universal solution. It does not solve the memory fragmentation problem and it needs further development and testing.

Data Structures and Algorithms,Cryptography and Security,Performance

Songping Yu,Nong Xiao,Mingzhu Deng,Fang Liu,Wei Chen

DOI: https://doi.org/10.1145/2997651

2017-01-01

Abstract:The non-volatile memory (NVM) has the merits of byte-addressability, fast speed, persistency and low power consumption, which make it attractive to be used as main memory. Commonly, user process dynamically acquires memory through memory allocators. However, traditional memory allocators designed with in-place data writes are not appropriate for the non-volatile main memory (NVRAM) due to the limited endurance. In this article, first, we quantitatively analyze the wear-oblivious of DRAM-oriented designed allocator—glibc malloc and the inefficiency of wear-conscious allocator NVMalloc. Then, we propose WAlloc, an efficient wear-aware manual memory allocator designed for NVRAM: (1) decouples metadata and data management; (2) distinguishes metadata with volatility; (3) redirects the data writes around to achieve wear-leveling; (4) redesigns an efficient and effective NVM copy mechanism, bypassing the CPU cache partially and prefetching data explicitly. Finally, experimental results show that the wear-leveling of WAlloc outperforms that of NVMalloc about 30% and 60% under random workloads and well-distributed workloads, respectively. Besides, WAlloc reduces the average data memory writes in 64 bytes block by 1.5 times comparing with glibc malloc. With the fulfillment of data persistency, cache bypassing NVM copy is better than cache line flushing NVM copy with performance improvement circa 14%.

Ran Liu,Haibo Chen

DOI: https://doi.org/10.1145/2349896.2349911

2012-01-01

Abstract:Allocation latency, access locality and performance scalability are three key factors affecting the efficiency of a memory allocator for many cores. However, many previous state-of-the-art memory allocators focus one or two of them, making the application performance not satisfactory enough when the other factors become dominant.

Oren Bell,Ashwin Kumar,Chris Gill

DOI: https://doi.org/10.48550/arXiv.2405.07079

2024-05-12

Abstract:Memory allocation is a fairly mature field of computer science. However, we challenge a prevailing assumption in the literature over the last 50 years which, if reconsidered, necessitates a fundamental reevaluation of many classical memory management algorithms. We pose a model where the allocation algorithm runs on host memory but allocates device memory and so incur the following constraint: the allocator can't read the memory it is allocating. This means we are unable to use boundary tags, which is a concept that has been ubiquitous in nearly every allocation algorithm. In this paper, we propose alternate algorithms to work around this constraint, and discuss in general the implications of this system model.

Software Engineering

Songping Yu,Nong Xiao,Mingzhu Deng,Yuxuan Xing,Fang Liu,Zhiping Cai,Wei Chen

DOI: https://doi.org/10.1109/PCCC.2015.7410326

2015-01-01

Abstract:The non-volatile memory (NVM) has the illustrious merits of byte-addressability, fast speed, persistency and low power consumption, which make it attractive to be used as main memory. Commonly, user process dynamically acquires memory through memory allocators. However, traditional memory allocators designed with in-place data writes are not appropriate for non-volatile main memory (NVRAM) due to the limited endurance. For instance, the number of write operations is merely 108 times per PCM cell. In this paper, we quantitatively analyze the wear-oblivious of DRAM-oriented designed allocator¿glibc malloc and the inefficiency of wear-conscious allocator¿NVMalloc. For example, the average imbalance factor (the maximum/the average) of memory allocation is about 7.5 and 3, respectively. Based on our observations, we propose WAlloc, an efficient wear-aware manual memory allocator designed for NVRAM, decouples metadata and data, uses Less Allocated First Out allocation policy and redirects the data writes. Experimental results show that the wear-leveling of WAlloc outperforms that of NVMalloc about 30% and 60% under random workloads and well-distributed workloads, respectively. In addition, considering the trade-off between space and wear-leveling, WAlloc reduces average data memory writes in 64 bytes block by average 1.5X comparing with malloc with almost 8% extra space overhead.

Guoxi Li,Wenzhi Chen,Yang Xiang

DOI: https://doi.org/10.1109/tc.2020.3009124

2021-01-01

Abstract:Currently, with the booming growth of cloud computing, workloads from broad ranges of functions and demands are crammed into a single physical machine. They lay considerable stress on the need of evolution of the operating system underneath, especially the memory subsystem. Even enhancing large pages with main memory compression is not intuitively straightforward due to rigid rules imposed by the state-of-the-art manager Buddy System from the beginning of the design. To relieve the aforementioned problems and provide broader design space for system designers, we propose Zweilous, a clean slate physical memory management framework. It is self-contained, highly decoupled, and thus can co-exist with the vanilla memory manager. Separate self-contained metadata/functions guarantee a flexible extension with little modification to current frameworks. To show it is easy to add enhanced functions that accelerate the evolution of the memory management subsystem, we implement Hzmem, a new large page memory manager redesign enhanced with the function of main memory compression. Our method achieves competitive performance compared with native and virtualized large page support, effective memory size increased and fewer impacts on other parts of the operating system.