Cuckoo: A memory- and thread-safe language

"In Italy, for thirty years under the Borgias, they had warfare, terror, murder, bloodshed, but they produced Michelangelo, Leonardo da Vinci and the Renaissance. In Switzerland, they had brotherly love; they had 500 years of democracy and peace -- and what did that produce? The cuckoo clock." -- Orson Welles as Harry Lime in THE THIRD MAN (1949)

Overview

• The Cuckoo Project is not concerned with the design of cuckoo clocks, although at some future point we envision its use in the development of a distributed real-time system. Rather, the Cuckoo Project is focused on the development of memory- and thread-safe language support for application-specific object code, that can be mapped into address spaces shared with other protection domains.
• Just as a Cuckoo bird can lay its eggs in other birds' nests, the Cuckoo compiler enables objects for one specific address space to be loaded into a memory area within other address spaces. The memory safety of Cuckoo makes it suitable for writing extensible systems and/or applications with configurable services that must be executed outside the protection domain of the application's private address space.
• Type-safe languages such as Cyclone exist, that guarantee memory-safety using fat pointers, but fail to ensure atomic updates to such pointers in multi-threaded environments. Other approaches such as Java support multiple threads but place restrictions on memory usage. By comparison, the Cuckoo language is syntactically similar to C, with support for pointers (albeit without support for pointer-arithmetic) and assurances that multiple threads will not inadvertently manipulate references to objects in a manner that can violate memory safety.
• The first version of our prototype compiler is now available to the public, upon request. We are still developing the run-time support for dynamic memory allocation, along with a trusted system interface (akin to a trusted libc) library. Preliminary tests suggest that our first Cuckoo prototype compiler can generate code that executes nearly as fast as untrusted C code (compiled using gcc without optimizations). It can produce memory-safe code for multi-threaded applications, while allowing for more fine-grained control over memory usage than Java. Given that we do not need a large virtual machine footprint, for the interpretation of byte-codes, as with Java, Cuckoo object code can easily fit within the memory areas of user-level sandboxes, thereby making it suitable for our extensible systems research.
  

People

• Richard West
  
• Gary Wong
  

Selected Papers

Richard West and Gary Wong, "Cuckoo: a Language for Implementing Memory- and Thread-safe System Services", Technical Report, 2005-006, Boston University, February 2005

[pdf][ps.gz]

---