{"id":25820428,"url":"https://github.com/thomasleplus/java-memory-safety","last_synced_at":"2025-07-06T15:04:28.633Z","repository":{"id":278828795,"uuid":"936778282","full_name":"thomasleplus/java-memory-safety","owner":"thomasleplus","description":"A study of the limits of Java's memory safety.","archived":false,"fork":false,"pushed_at":"2025-07-02T18:04:24.000Z","size":219,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-07-02T19:20:44.486Z","etag":null,"topics":["java","jdk","jvm","memory","memory-management","memory-safety","sast"],"latest_commit_sha":null,"homepage":"","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/thomasleplus.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-02-21T17:08:08.000Z","updated_at":"2025-07-02T18:04:28.000Z","dependencies_parsed_at":"2025-02-21T23:47:18.858Z","dependency_job_id":"c5c4de70-5e7b-4b33-bc3d-78c447faa5c8","html_url":"https://github.com/thomasleplus/java-memory-safety","commit_stats":null,"previous_names":["thomasleplus/java-memory-safety"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/thomasleplus/java-memory-safety","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thomasleplus%2Fjava-memory-safety","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thomasleplus%2Fjava-memory-safety/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thomasleplus%2Fjava-memory-safety/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thomasleplus%2Fjava-memory-safety/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/thomasleplus","download_url":"https://codeload.github.com/thomasleplus/java-memory-safety/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thomasleplus%2Fjava-memory-safety/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":263922499,"owners_count":23530336,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["java","jdk","jvm","memory","memory-management","memory-safety","sast"],"created_at":"2025-02-28T09:54:13.598Z","updated_at":"2025-07-06T15:04:28.592Z","avatar_url":"https://github.com/thomasleplus.png","language":"Java","readme":"# Java Memory Safety\n\nA study of the limits of Java's memory safety.\n\n[![Maven](https://github.com/thomasleplus/java-memory-safety/workflows/Maven/badge.svg)](https://github.com/thomasleplus/java-memory-safety/actions?query=workflow:\"Maven\")\n[![CodeQL](https://github.com/thomasleplus/java-memory-safety/workflows/CodeQL/badge.svg)](https://github.com/thomasleplus/java-memory-safety/actions?query=workflow:\"CodeQL\")\n\n## Goals\n\nThe purpose of this project is to study the limits of Java's [memory\nsafety](https://en.wikipedia.org/wiki/Memory_safety). The Java\nlanguage and the Java Virtual Machine (JVM) provide strong mechanisms to\nprevent developers to mismanage memory. All array primitives in the\nJava language come with boundary checks to prevent issues such as\nbuffer overflows. The language does not include a raw pointer type to\naddress arbitrary memory to prevent memory access violations (the\ndreaded segmentation fault). The JVM's garbage collector mitigates the\nrisk of dangling pointers and reduces memory leaks.\n\nBut the Java SDK and third-party libraries provide ways to circumvent\nthese protections to allow expert developers to push the limits of\nwhat regular Java applications can do (for example to manipulate\nefficiently huge amounts of data). Self-managed memory in Java is\noften referred to as off-heap memory (although not all off-heap memory\nis managed by the application, some is also used by the JVM\nitself). Off-heap memory usage is also necessary to interchange data\nwhen interfacing a Java application with non-Java libraries like\noperating system libraries.\n\n## Code\n\nThe `unsafe` directory contains various code samples that show how NOT\nto write Java code. As its name indicate, the code inside this\ndirectory is not safe and must not be used for purpose other than\nillustrating the point of this study. All the samples can be run as a\nproof of concept. It can also be used to benchmark the ability to\ndetect memory safety issues with static application security testing\n(SAST) tools.\n\nThe `safe` directory contains safer alternative implemetations.\n\n## Results\n\nResults from this study are shared in this document and key takeaways\nare published in the OSSF Memory Safety SIG Best Practices series\n(especially [Memory-Safe By Default Languages](https://github.com/ossf/Memory-Safety/blob/main/docs/best-practice-memory-safe-by-default-languages.md)\nand [Interfacing Between Memory-Safe By Default and Non-Memory-Safe by Default Languages](https://github.com/ossf/Memory-Safety/blob/main/docs/best-practice-interfacing.md)).\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fthomasleplus%2Fjava-memory-safety","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fthomasleplus%2Fjava-memory-safety","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fthomasleplus%2Fjava-memory-safety/lists"}