General purpose multiprocessors are becoming increasingly common. We propose using pairs of processors, one running an ordinary application program and the other monitoring the application's execution. We call the processor doing the monitoring a "shadow processor," as it "shadows" the main processor's execution. We have developed a prototype shadow processing system which supports full-size programs written in C. Our system instruments an executable user program in C to obtain a "main process" and a "shadow process." The main process performs computations from the original program, occasionally communicating a few key values to the shadow process. The shadow process follows the main process, checking pointer and array accesses and detecting memory leaks.
The overhead to the main process is very low -- almost always less than 10%. Further, since the shadow process avoids repeating some of the computations from the input program, it runs much faster than a single process performing both the computation and monitoring. Sometimes the shadow process can even run ahead of the main process catching errors before they actually occur. Our system has found a number of errors (15 so far) in widely-used Unix utilities and SPEC92 benchmarks. It also detected many subtle memory leaks in some test cases. We believe our approach shows great potential in improving the quality and reliability of application programs at a very modest cost.