Memory managers are notoriously hard to debug. A garbage collector's header bits, pointer fields, and reachability invariants are implicitly specified — if at all — in comments and programmer convention. When they break, the failure is usually distant from the cause: a header bit that was silently overwritten several GC cycles before the program crashes.
This talk presents the core idea behind Permchecker: instead of waiting for failures, we encode the memory manager's invariants as explicit read/write/execute permissions on memory regions, checked dynamically using binary instrumentation. A permission violation fires at the exact instruction that broke an invariant, not several cycles later when the corruption becomes observable. The result is near-zero false positives and precise attribution of memory safety errors to their source.
Materials
See also: the Permchecker talk (2021) for a fuller treatment of the same work.