DieHard
 
If you see this in Mozilla 1.0.2 or 1.7.3, you're using DieHard.
download   build   tech details   graphs   questions   license
  DieHard automatically hardens software applications against a wide range of bugs. These bugs — known as memory errors — often end up as serious security vulnerabilities, cause crashes, or lead to unpredictable behavior. DieHard either eliminates these bugs altogether, or avoids them with high probability. In other words, DieHard can take some buggy programs and make them bug-free (or close to it).

DieHard has multiple uses. It has been used to allow buggy programs to run correctly. More importantly, DieHard can be used as a plug-in replacement for malloc to protect your applications from unanticipated errors and vulnerabilities.

NEWS: Release 1.0, June 26 2006 - adapts to application memory usage requirements and prevents all standard library-based heap overflows.

How do I get DieHard?

Download DieHard. It is strongly recommended that you sign up for the DieHard mailing list for information about new releases.

Technical details: DieHard prevents invalid and multiple frees and heap corruption, and probabilistically avoids buffer overflows, dangling pointer errors, and uninitialized reads. For more details, see the following (technical) paper:

DieHard: Probabilistic Memory Safety for Unsafe Languages
Emery D. Berger and Benjamin G. Zorn, PLDI 2006.

Or view this PowerPoint presentation.

DieHard works in two modes: standalone and replicated. The standalone version replaces the memory manager with the DieHard randomized memory manager. This randomization increases the odds that buffer overflows will have no effect, and reduces the risk of dangling pointers. The replicated version provides greater protection against errors by running several instances of the application simultaneously and voting on their output. Because each replica is randomized differently, each replica will likely have a different output if it has an error, and some replicas are likely to run correctly despite the error.

The standalone version works for Linux, Solaris, and Windows, while the replicated version currently only supports Linux or Solaris console applications.

How do I build and use DieHard?

The source code for DieHard is in the src/ directory.

standalone

To use the standalone version, just enter compile (Linux, Solaris) or compile-winhard (Windows). On Linux and Solaris, use DieHard by setting the LD_PRELOAD environment variable, as in

setenv LD_PRELOAD /path/to/diehard/libdiehard.so

On Windows, you need to link your program with the /MD flag and usewinhard.obj and winhard.lib. Then copy winhard.dll to the same directory as the executable.

replicated

To use the replicated version, compile with make and invoke your program with (for example):

diehard 3 /path/to/libdiehard_r.so yourapp

This would create 3 replicas of yourapp. If the application does not read from standard input, add < /dev/null to the command line.

How well does DieHard work?


This graph shows how DieHard (in standalone mode) protects against dangling pointer errors. These errors occur when an application frees an object prematurely.

Here's how much DieHard protects against buffer overflows of a whole object (i.e., at least 8 bytes), depending on how full the heap is.

Where can I discuss DieHard or get notified about future releases?

The right place to do all that is on the DieHard mailing list.

How's the performance?

DieHard is fast, sometimes faster than the default Windows allocator. Of course, it consumes more memory, but provides much more reliability.

Terms of use

DieHard is Copyright (C) 2005-6 Emery Berger, University of Massachusetts Amherst, and is free for noncommercial use.