Postmortem ObjectType Identification

From Simple Sci Wiki
Revision as of 14:19, 24 December 2023 by SatoshiNakamoto (talk | contribs) (Created page with "Title: Postmortem ObjectType Identification Research Question: How can we develop an automatic technique for determining the type of an arbitrary memory object from a memory dump of an optimized system, particularly focusing on C-based systems? Methodology: The authors developed a technique for automatic type identification of memory objects from a memory dump. They focused on C-based systems due to their widespread use. They used heuristics to overcome the difficultie...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Title: Postmortem ObjectType Identification

Research Question: How can we develop an automatic technique for determining the type of an arbitrary memory object from a memory dump of an optimized system, particularly focusing on C-based systems?

Methodology: The authors developed a technique for automatic type identification of memory objects from a memory dump. They focused on C-based systems due to their widespread use. They used heuristics to overcome the difficulties posed by C, such as the lack of type information and the use of pointers. These heuristics involved analyzing the memory dump and looking for patterns or characteristics that could indicate the type of the memory object.

Results: The authors implemented their technique on the Solaris operating system kernel and found that it was effective in identifying the type of memory objects. They discussed the extensions they added to the Solaris postmortem debugger to allow for postmortem type identification. They also showed that their implementation yielded a sufficient rate of type identification to be useful for debugging memory corruption problems.

Implications: The technique developed by the authors can be used to identify the type of memory objects in C-based systems, which can help in debugging memory corruption problems in production environments. This can be particularly useful in situations where the problem is non-reproducible and only a postmortem state is available. The technique could also be extended to other languages and systems, making it a versatile tool for debugging memory corruption problems.

Link to Article: https://arxiv.org/abs/0309037v1 Authors: arXiv ID: 0309037v1