A study of the limits of Java's memory safety.
The purpose of this project is to study the limits of Java's memory safety. The Java language and the Java Virtual Machine (JVM) provide strong mechanisms to prevent developers to mismanage memory. All array primitives in the Java language come with boundary checks to prevent issues such as buffer overflows. The language does not include a raw pointer type to address arbitrary memory to prevent memory access violations (the dreaded segmentation fault). The JVM's garbage collector mitigates the risk of dangling pointers and reduces memory leaks.
But the Java SDK and third-party libraries provide ways to circumvent these protections to allow expert developers to push the limits of what regular Java applications can do (for example to manipulate efficiently huge amounts of data). Self-managed memory in Java is often referred to as off-heap memory (although not all off-heap memory is managed by the application, some is also used by the JVM itself). Off-heap memory usage is also necessary to interchange data when interfacing a Java application with non-Java libraries like operating system libraries.
I presentated this stiday as a talk to various meetups and conferences. You can see the slides.
The unsafe directory contains various code samples that show how NOT
to write Java code. As its name indicate, the code inside this
directory is not safe and must not be used for purpose other than
illustrating the point of this study. All the samples can be run as a
proof of concept. It can also be used to benchmark the ability to
detect memory safety issues with static application security testing
(SAST) tools.
The safe directory contains safer alternative implemetations.
The exploit directory contains scripts to automate the
exploitation of the unsafe implementations above. The same code can be
used against the safe implementations for comparison.
The checkstyle directory contains a Checkstyle
configuration file to detect occurrences of non memory-safe Java code.
The spotbugs directory contains a SpotBugs plugin to
detect occurrences of non memory-safe Java code.
The reports directory contains some data that was
gathered during the research needed for this project.
Results from this study are shared in this document and key takeaways are published in the OSSF Memory Safety SIG Best Practices series (especially Memory-Safe By Default Languages and Interfacing Between Memory-Safe By Default and Non-Memory-Safe by Default Languages).