Language-Independent Sandboxing of Just-In-Time Compilation and Self-Modifying Code

This paper, presented at PLDI ’11, describes a key innovation behind Native Client, which is (as far as I’m aware) an industry first: the ability to verify the safety of a code-generating program, like a JIT or language runtime, and that of its output, on the fly.

We can even support self-modifying code, with very little runtime overhead for verification. I firmly believe that active runtimes involving some degree of JIT code generation are the future, and this paper shows that we don’t have to sacrifice security or reliability to support them.

I designed the mechanisms behind this technology with Bennet Yee and David Sehr, for x86, x86-64, and ARM processors. The rest of the authors did the hard part: implementing it in a portable way and shipping it to the masses. If you’re using Chrome, you’re already using this technology.

We received an internal Google award for this paper.