Selected past projects


These projects have been completed and may serve as an example of the kinds of project that I would be interested in supervising.

Code Editing in Local Style (Part II project)

Prerequisites: Knowledge of C, understanding of coding conventions, familiarity with revision control

Outcome: Peter Conn presented the work at EuroLLVM 2013

Most large projects have their own set of style guidelines, controlling things like indentation (tabs, spaces, tabs for indent and spaces for alignment) and braces style, where variables are declared (e.g. at point of first use versus the start of the function) and certain naming conventions (e.g. camel case, underscore separated, initial capitals for globals). When working with multiple projects, switching between the styles can be difficult. Ideally, a user would be able to check out the code, translate it into their own preferred style, edit it, and then commit it upstream in the project’s style.

This project aims to use libclang to accomplish this. The first step is an automatic indent tool. This should be a more semantically-aware version of the standard UNIX tool, built using libclang. Initially, it should require an explicit style definition, but as an extension it should be able to infer a style from an example (and point to contradictions).

The other part of the puzzle involves a semantically-aware diff, so that only new parts of the code are pushed upstream. Editing code in this mode should not change any existing code, so before committing the tool must revert to the old style, including all style violations in parts of the code that were not modified.

The criteria for success would be editing, for example, LLVM and FreeBSD source code files in the same local style.

Poster presented at EuroLLVM


CHERI Garbage Collection (Part II project)

Prerequisites: Knowledge of C, graph theory, virtual memory, MIPS assembly

Outcome: Munraj Vadera continued the project as a research assistant.

This project depends on an ongoing research project and will involve working with the research team. It is probably best suited to a masters student.

The CHERI (Capability Enhanced RISC Instructions) architecture is a MIPS-based softcore containing a capability coprocessor. Capabilities, in this setting, are fat pointers that contain a base, a range, and a set of permissions and flags. The architecture provides tagged memory, distinguishing between memory storing capabilities and memory containing only data. All memory accesses must go via a capability and so interior pointers stored in normal memory are just offsets.

This project should implement a garbage collector that takes advantage of the ability to accurately identify memory. There are a lot of potential activities within this project. The simplest would be a single-scan for address space reclamation. In typical use, C code on CHERI will never reuse address space. A 64-bit virtual address space provides a lot of scope for this, but it will eventually be exhausted, especially for sandboxed libraries that are in a smaller address space within a larger system. Being able to identify address ranges that have no capabilities pointing to them is useful for this, allowing safe address space reuse. This project depends on an ongoing research project and will involve working with the research team. It is probably best suited to a masters student.

The CHERI (Capability Enhanced RISC Instructions) architecture is a MIPS-based softcore containing a capability coprocessor. Capabilities, in this setting, are fat pointers that contain a base, a range, and a set of permissions and flags. The architecture provides tagged memory, distinguishing between memory storing capabilities and memory containing only data. All memory accesses must go via a capability and so interior pointers stored in normal memory are just offsets.

This project should implement a garbage collector that takes advantage of the ability to accurately identify memory. There are a lot of potential activities within this project. The simplest would be a single-scan for address space reclamation. In typical use, C code on CHERI will never reuse address space. A 64-bit virtual address space provides a lot of scope for this, but it will eventually be exhausted, especially for sandboxed libraries that are in a smaller address space within a larger system. Being able to identify address ranges that have no capabilities pointing to them is useful for this, allowing safe address space reuse.


CHERI sandboxing for JNI (MPhil project)

Prerequisites:

Outcome: David Brazdil completed the project and then went to work on ART at Google

Java has a rich security model for code hosted in the JVM, but any native code using the JNI can trivially bypass it.

The CHERI CPU provides support for fine-grained sandboxing of native code. This can be combined with the JNI in a number of ways:

  • Provide a source-compatible JNI implementation that will run library code in a sandbox
  • Use the capability mechanism to revoke access to Java objects once they are freed
  • Allow fine-grained delegation of buffers to C code from Java without copying or violating Java memory safety

The project should explore these and contrast the performance with existing isolation techniques.