1. Technical Field
The present invention relates generally to memory management in an operating system, and more specifically, to a memory management scheme that is adapted to address the problem of debugging dangling pointers.
2. Description of the Related Art
“Dangling pointers” (also referred to as “wild pointers”) are some of the most common and devastating types of computer programming errors (bugs). A dangling pointer is a pointer or memory reference that does not point to a valid object of the appropriate type or, in certain languages, to a distinguished null pointer value (i.e., a null pointer value that does not correspond to any numerical memory address [e.g., JAVA null pointers], as opposed to non-distinguished null pointers, where a null pointer is a numerical address that is defined by convention [e.g., C's NULL pointer, by convention, has a numerical value of 0].). Dereferencing a dangling pointer in an application can corrupt not only that application's data, but the application program itself, as well as any other data, applications, memory-mapped input/output, or system software residing in memory, thus producing unpredictable and often quite bizarre results. Indeed, the unpredictable (“wild” in the sense of “erratic”) behavior of a dangling (wild) pointer, which can depend on many factors outside of the program containing the error, also makes dangling pointers some of the most difficult errors to detect (“wild” in the sense of “difficult to contain”). A demonstrable malfunction may only occur under very particular circumstances, which may be extremely difficult to reliably reproduce.
Because these types of errors are so destructive and so common, most modern multitasking operating systems and the hardware platforms that support them provide some form of facility for “memory protection.” Each application is allocated memory by the operating system and must access only those addresses in memory allocated to it. If a process attempts to access memory that is outside of the memory regions allocated to it, the illegal access attempt is detected by the operating system as an error (often called a “protection fault” or “segmentation fault”) and the offending process is terminated before disaster occurs. The current processing state of the terminated process is usually saved to disk just prior to termination to allow for post mortem debugging to determine where in the program the fault occurred and why. This saving of the processing state is usually referred to as “dumping core,” a throwback to the days when most computers used ferromagnetic core memory.
Memory protection can prevent many of the most potentially destructive dangling pointers from causing system crashes and is an important tool for a software developer in that it can alert the developer to potentially serious errors that might otherwise lie undetected until long after the software has been released.
While memory protection is highly useful in detecting dangling pointers, memory protection cannot detect all dangling pointers, however. In particular, memory protection typically cannot detect “internal corruption,” where a process corrupts its own data with an invalid memory access. An example, in the C programming language, of “internal corruption” is provided in FIG. 1. Line 102 of FIG. 1 allocates a block of memory (using the C library function “malloc”) and assigns the address of the allocated block to the pointer variable “a.” Line 104 calls the C function “free” to deallocate the block pointed to by “a.” Line 106 then allocates a new block of memory pointed to by a different pointer variable “b.” For the purpose of this example, assume that this new block occupies the space previously allocated at line 102. The dangling pointer dereference occurs at line 108, where the stale pointer “a” is used to store a string to memory. Because the memory pointed to by “a” has been reallocated back to the same program, however, the improper memory access at line 108 will not trigger a protection fault.
What is needed, therefore, is a method for preventing undetectable internal corruption due to dangling pointers during the debugging phase of software development. The present invention provides a solution to this and other problems, and offers other advantages over previous solutions.