Quarantine: Java Heap Protection in the Presence of Native Code

By using Java Native Interface (JNI), programmers can integrate Java programs with legacy systems or third-party libraries written in other languages (e.g., C, C++, and Pascal). However, the use of JNI may violate Java type safety feature because these native programs are not type-safe. As a result, such integration can cause memory errors that can be difficult to isolate. In this paper, we propose Quarantine, a runtime system that preserves memory safety of Java objects in spite of integration with native code. The goal of Quarantine is ensuring that no native threads can directly access objects in the Java heap. We provide a formal proof that our technique can achieve this goal. We then implement a prototype of Quarantine in the OpenJDK 1.7 running in interpreter mode. To evaluate the feasibility of our prototype, we conduct experiments to measure the runtime overhead of Quarantine. Because our current implementation is unoptimized, the overhead can be as high as 42%. We then discuss ways to reduce this overhead and perform a case study of using Quarantine to avoid heap corruption due to out-of-bound writes.