SafeC is one of the earliest systems to detect (with high probability) all memory errors including all dangling pointer errors in C programs. SafeC creates a unique capability (a 32-bit value) for each memory allocation and puts it in a Global Capability Store (GCS). It also stores this capability with the meta-data of the returned pointer. This metadata gets propagated with pointer copying, arithmetic. Before every access via a pointer, its capability is checked for membership in the global capability store. A free removes the capability from the global capability store and all dangling pointer accesses are detected. FisherPatil and Xuet propose improvements to the basic scheme by eliminating the need for fat-pointers and storing the metadata separately from the pointer for better backwards compatibility. To be able to track meta-data they disallow arbitrary casts in the program, including casts from pointers to integers and back. Their overheads for detecting only the temporal errors on allocation intensive Olden benchmarks are much less than ours – about 56% on average (they donot report overheads for system software).
However, the GCS can consume significant memory: they report increases in (physical and virtual) memory consumption of factors of 1.6x – 4x for different benchmarks sets. For servers in particular, we believe that such significant increases in memory consumption would be a serious limitation.
Our approach to provides better backwards compatibility: we allow arbitrary casts including casts from pointers to integers and back. Furthermore,our approach uses the memory management unit to do a hardware runtime check and does not incur any per access penalty. Our overheads in our experiments on system software,with low allocation frequency, are negligible in most cases and less than 15% in all the cases. However, for programs that perform frequent memory allocations and deallocations like the Olden benchmarks, our overheads are significantly worse (up to 11x slowdown). It would be an interesting experiment to see if a combination of these two techniques can work better for general programs.