Abstract:In this work, we present StarMalloc, a verified, security-oriented, concurrent memory allocator that can be used as a drop-in replacement in real-world projects. Using the Steel separation logic framework, we show how to specify and verify StarMalloc, relying on dependent types and modular abstractions to enable efficient verification. As part of StarMalloc, we also develop several generic datastructures and proof libraries directly reusable in future systems verification projects. We finally show that StarMalloc can be used with real-world projects, including the Firefox browser, and evaluate it against 10 state-of-the-art memory allocators, demonstrating its competitiveness.
What problem does this paper attempt to address?
The problem that this paper attempts to solve is the deficiencies in security and performance of existing memory allocators. Specifically, although memory - safe languages such as Rust and Go are gradually becoming popular, C and C++ are still the preferred languages in low - level, critical - safety applications that need to interact with the operating system. However, C and C++ are essentially memory - unsafe languages and are prone to causing memory errors and security vulnerabilities.
### Core Problems of the Paper
1. **Security of Memory Management**: Most existing memory allocators are written in C or C++. These languages are not memory - safe in themselves. Therefore, memory allocators are vulnerable to various memory vulnerabilities, such as buffer overflows, dangling pointers, etc. These problems not only affect the reliability of the memory allocator itself but also make the applications that depend on them more vulnerable to attacks.
2. **Complexity of Memory Allocators**: In order to meet the requirements in multiple aspects such as high performance, low memory consumption, and maximizing concurrent processing capabilities, modern memory allocator designs are very complex. This complexity increases the risk of errors in implementation. Even strictly - audited allocators (such as the allocator in glibc) still have problems.
3. **Lack of Formal Verification**: Although formal verification has been applied in multiple fields, so far, there is no modern memory allocator that has been formally verified and has both advanced security mechanisms and performance optimization at the same time. This makes existing allocators unable to provide the highest level of assurance, especially in security - critical environments.
### Goals of StarMalloc
To solve the above problems, the paper proposes StarMalloc, which is a formally - verified, security - oriented, concurrent memory allocator. Its main goals include:
- **Security**: Ensure the functional correctness and security of the allocator through formal verification, and prevent memory errors and common heap vulnerabilities.
- **Performance**: Maintain high performance and be able to be used as a substitute for system allocators in actual projects.
- **Concurrent Processing**: Support fine - grained concurrency, reduce race conditions, and improve performance in multi - threaded environments.
- **Compatibility**: Be able to directly replace the existing `malloc` and `free` functions and be suitable for a wide range of practical application scenarios, including large - scale projects such as the Firefox browser.
### Summary
The main contribution of the paper lies in the development and verification of a new memory allocator, StarMalloc. It not only meets the functional requirements of modern applications but also provides strict guarantees in terms of security. Through formal verification, StarMalloc ensures the correctness of its internal data structures and operations, thereby providing a reliable memory management solution for critical - safety applications.