Efficient Software-Based Fault Isolation
Robert Wahbe
(Professor S. L. Graham)
(ARPA) MDA972-92-J-1028

One way to provide fault isolation among cooperating software modules
is to place each in its own address space. However, for tightly
coupled modules, this solution incurs prohibitive context switch
overhead. In this research, we investigated a software approach to
implementing fault isolation within a single address space. Our
approach has two parts. First, we load the code and data for a
distrusted module into its own fault domain, a logically separate
portion of the applicationŐs address space. Second, we modify the
object code of a distrusted module to prevent it from writing or
jumping to an address outside its fault domain. Both of these software
operations are portable and programming language independent.

Our approach poses a tradeoff relative to hardware fault isolation:
substantially faster communication between fault domains, at a cost of
slightly increased execution time for distrusted modules. We have
demonstrated [1] that for frequently communicating modules,
implementing fault isolation in software rather than hardware can
substantially improve end-to-end application performance.

[1] R. Wahbe, S. Lucco, T. E. Anderson, and S. L. Graham, "Efficient
Software-Based Fault Isolation," Proc. Symp. Operating System
Principles, December 1993.