Abstract
The C++ programming language remains widely used, despite inheriting many unsafe features from C---features that often lead to failures of type or memory safety that manifest as buffer overflows, use-after-free vulnerabilities, or abstraction violations. Malicious attackers can exploit such violations to compromise application and system security.
This paper introduces Ironclad C++, an approach to bringing the benefits of type and memory safety to C++. Ironclad C++ is, in essence, a library-augmented, type-safe subset of C++. All Ironclad C++ programs are valid C++ programs that can be compiled using standard, off-the-shelf C++ compilers. However, not all valid C++ programs are valid Ironclad C++ programs: a syntactic source-code validator statically prevents the use of unsafe C++ features. To enforce safety properties that are difficult to check statically, Ironclad C++ applies dynamic checks via templated ``smart pointer'' classes.
Using a semi-automatic refactoring tool, we have ported nearly 50K lines of code to Ironclad C++. These benchmarks incur a performance overhead of 12% on average, compared to the original unsafe C++ code.
- A. Alexandrescu. Modern C++ Design: Generic Programming and Design Patterns Applied. Addison-Wesley, Boston, MA, 2001. Google Scholar
Digital Library
- T. M. Austin, S. E. Breach, and G. S. Sohi. Efficient Detection of All Pointer and Array Access Errors. In Proceedings of the SIGPLAN 1994 Conference on Programming Language Design and Implementation, June 1994. Google Scholar
Digital Library
- J. Bartlett. Mostly-Copying Garbage Collection Picks Up Generations and C++. Technical report, DEC, 1989.Google Scholar
- E. D. Berger and B. G. Zorn. DieHard: Probabilistic Memory Safety for Unsafe Languages. In Proceedings of the SIGPLAN 2006 Conference on Programming Language Design and Implementation, pages 158--168, June 2006. Google Scholar
Digital Library
- H.-J. Boehm. Space Efficient Conservative Garbage Collection. In Proceedings of the SIGPLAN 1993 Conference on Programming Language Design and Implementation, pages 197--206, June 1993. Google Scholar
Digital Library
- H.-J. Boehm and M. Spertus. Garbage collection in the next C++ standard. In Proceedings of the 2009 International Symposium on Memory Management, pages 30--38, June 2009. Google Scholar
Digital Library
- H.-J. Boehm and M. Weiser. Garbage Collection in an Uncooperative Environment. Software -- Practice & Experience, 18(9):807--820, Sept. 1988. Google Scholar
Digital Library
- D. Colvin, G. and Adler, D. Smart Pointers - Boost 1.48.0. Boost C++ Libraries, Jan. 2012. www.boost.org/docs/libs/1_48_0/libs/smart_ptr/smart_ptr.htm.Google Scholar
- D. Dhurjati and V. Adve. Backwards-Compatible Array Bounds Checking for C with Very Low Overhead. In Proceedings of the 28th International Conference on Software Engineering (ICSE), pages 162--171, 2006. Google Scholar
Digital Library
- D. Dhurjati, S. Kowshik, V. Adve, and C. Lattner. Memory Safety Without Runtime Checks or Garbage Collection. In Proceedings of the 2003 ACM SIGPLAN Conference on Language, Compiler, and Tool for Embedded Systems (LCTES), pages 69--80, 2003. Google Scholar
Digital Library
- D. Edelson and I. Pohl. A Copying Collector for C++. In Proceedings of The 18th ACM SIGPLAN/SIGACT Symposium on Principles of Programming Languages (POPL), pages 51--58, Jan. 1991.Google Scholar
- D. Gay, R. Ennals, and E. Brewer. Safe Manual Memory Management. In Proceedings of the 2007 International Symposium on Memory Management, Oct. 2007. Google Scholar
Digital Library
- D. Grossman, G. Morrisett, T. Jim, M. Hicks, Y. Wang, and J. Cheney. Region-Based Memory Management in Cyclone. In Proceedings of the SIGPLAN 2002 Conference on Programming Language Design and Implementation, June 2002. Google Scholar
Digital Library
- R. Hastings and B. Joyce. Purify: Fast Detection of Memory Leaks and Access Errors. In Proc. of the Winter Usenix Conference, 1992.Google Scholar
- M. Hirzel and A. Diwan. On the type accuracy of garbage collection. In Proceedings of the 2000 International Symposium on Memory Management, pages 1--11, Oct. 2004. Google Scholar
Digital Library
- International Standard ISO/IEC 14882:2011. Programming Languages -- C++. International Organization for Standards, 2011.Google Scholar
- T. Jim, G. Morrisett, D. Grossman, M. Hicks, J. Cheney, and Y. Wang. Cyclone: A Safe Dialect of C. In Proceedings of the 2002 USENIX Annual Technical Conference, June 2002. Google Scholar
Digital Library
- J. Jonathan G. Rossie and D. P. Friedman. An Algebraic Semantics of Subobjects. In Proceedings of the 17th SIGPLAN Conference on Object-Oriented Programming, Systems, Languages and Application (OOPSLA), Nov. 2002.Google Scholar
- R. Jones and R. Lins. Garbage Collection: Algorithms for Au- tomatic Dynamic Memory Management. John Wiley & Sons, 1996. Google Scholar
Digital Library
- C. Lattner and V. Adve. LLVM: A Compilation Framework for Lifelong Program Analysis & Transformation. In Proceedings of the International Symposium on Code Generation and Optimization, page 75, 2004. Google Scholar
Digital Library
- D. Lomet. Making Pointers Safe in System Programming Languages. IEEE Transactions on Software Engineering, pages 87 -- 96, Jan. 1985. Google Scholar
Digital Library
- S. Lu, Z. Li, F. Qin, L. Tan, P. Zhou, and Y. Zhou. Bug-bench: Benchmarks for Evaluating Bug Detection tools. In PLDI Workshop on the Evaluation of Software Defect Detection Tools, June 2005.Google Scholar
- S. Nagarakatte, J. Zhao, M. M. K. Martin, and S. Zdancewic. SoftBound: Highly Compatible and Complete Spatial Memory Safety for C. In Proceedings of the SIGPLAN 2009 Conference on Programming Language Design and Implementation, June 2009. Google Scholar
Digital Library
- S. Nagarakatte, J. Zhao, M. M. K. Martin, and S. Zdancewic. CETS: Compiler Enforced Temporal Safety for C. In Proceedings of the 2010 International Symposium on Memory Management, June 2010. Google Scholar
Digital Library
- G. C. Necula, J. Condit, M. Harren, S. McPeak, and W. Weimer. CCured: Type-Safe Retrofitting of Legacy Software. ACM Transactions on Programming Languages and Systems, 27(3), May 2005. Google Scholar
Digital Library
- NIST Juliet Test Suite for C/C++. NIST, 2010. http://samate.nist.gov/SRD/testCases/suites/Juliet-2010-12.c.cpp.zip.Google Scholar
- Y. Oiwa. Implementation of the Memory-safe Full ANSI-C Compiler. In Proceedings of the SIGPLAN 2009 Conference on Programming Language Design and Implementation, pages 259--269, June 2009. Google Scholar
Digital Library
- P.-M. Osera, R. Eisenberg, C. DeLozier, S. Nagarakatte, M. M. K. Martin, and S. Zdancewic. Core Ironclad. Technical Report MS-CIS-13-06, University of Pennsylvania, 2013.Google Scholar
- J. Pincus and B. Baker. Beyond Stack Smashing: Recent Advances in Exploiting Buffer Overruns. IEEE Security & Privacy, 2(4):20--27, 2004. Google Scholar
Digital Library
- J. Rafkind, A. Wick, M. Flatt, and J. Regehr. Precise Garbage Collection for C. In Proceedings of the 2009 International Symposium on Memory Management, June 2009. Google Scholar
Digital Library
- M. S. Simpson and R. K. Barua. MemSafe: Ensuring the Spatial and Temporal Memory Safety of C at Runtime. In IEEE International Workshop on Source Code Analysis and Manipulation, pages 199--208, 2010. Google Scholar
Digital Library
- B. Stroustrup. A Rationale for Semantically Enhanced Library Languages. In Library-Centric Software Design, page 44, 2005.Google Scholar
- B. Stroustrup. Software Development for Infrastructure. Computer, 45:47--58, Jan. 2012. Google Scholar
Digital Library
- E. Unger. Severe memory problems on 32-bit Linux, April 2012. https://groups.google.com/d/topic/golang-nuts/qxlxu5RZAI0/discussion.Google Scholar
- J. Wilander and M. Kamkar. A Comparison of Publicly Available Tools for Dynamic Buffer Overflow Prevention. In Proceedings of the Network and Distributed Systems Security Symposium, 2003.Google Scholar
- W. Xu, D. C. DuVarney, and R. Sekar. An Efficient and Backwards-Compatible Transformation to Ensure Memory Safety of C Programs. In Proceedings of the 12th ACM SIGSOFT International Symposium on Foundations of Software Engineering (FSE), pages 117--126, 2004. Google Scholar
Digital Library
Index Terms
Ironclad C++: a library-augmented type-safe subset of c++
Recommendations
Ironclad C++: a library-augmented type-safe subset of c++
OOPSLA '13: Proceedings of the 2013 ACM SIGPLAN international conference on Object oriented programming systems languages & applicationsThe C++ programming language remains widely used, despite inheriting many unsafe features from C---features that often lead to failures of type or memory safety that manifest as buffer overflows, use-after-free vulnerabilities, or abstraction ...
OOP via C++, C#...?
This presentation describes our experience in transition from C++ to C# while teaching object-oriented programming.
OpenCL C++
GPGPU-6: Proceedings of the 6th Workshop on General Purpose Processor Using Graphics Processing UnitsWith the success of programming models such as Khronos' OpenCL, heterogeneous computing is going mainstream. However, these models are low-level, even when considering them as systems programming models. For example, OpenCL is effectively an extended ...







Comments