skip to main content
research-article
Open Access

Ironclad C++: a library-augmented type-safe subset of c++

Published:29 October 2013Publication History
Skip Abstract Section

Abstract

The C++ programming language remains widely used, despite inheriting many unsafe features from C---features that often lead to failures of type or memory safety that manifest as buffer overflows, use-after-free vulnerabilities, or abstraction violations. Malicious attackers can exploit such violations to compromise application and system security.

This paper introduces Ironclad C++, an approach to bringing the benefits of type and memory safety to C++. Ironclad C++ is, in essence, a library-augmented, type-safe subset of C++. All Ironclad C++ programs are valid C++ programs that can be compiled using standard, off-the-shelf C++ compilers. However, not all valid C++ programs are valid Ironclad C++ programs: a syntactic source-code validator statically prevents the use of unsafe C++ features. To enforce safety properties that are difficult to check statically, Ironclad C++ applies dynamic checks via templated ``smart pointer'' classes.

Using a semi-automatic refactoring tool, we have ported nearly 50K lines of code to Ironclad C++. These benchmarks incur a performance overhead of 12% on average, compared to the original unsafe C++ code.

References

  1. A. Alexandrescu. Modern C++ Design: Generic Programming and Design Patterns Applied. Addison-Wesley, Boston, MA, 2001. Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. T. M. Austin, S. E. Breach, and G. S. Sohi. Efficient Detection of All Pointer and Array Access Errors. In Proceedings of the SIGPLAN 1994 Conference on Programming Language Design and Implementation, June 1994. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. J. Bartlett. Mostly-Copying Garbage Collection Picks Up Generations and C++. Technical report, DEC, 1989.Google ScholarGoogle Scholar
  4. E. D. Berger and B. G. Zorn. DieHard: Probabilistic Memory Safety for Unsafe Languages. In Proceedings of the SIGPLAN 2006 Conference on Programming Language Design and Implementation, pages 158--168, June 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. H.-J. Boehm. Space Efficient Conservative Garbage Collection. In Proceedings of the SIGPLAN 1993 Conference on Programming Language Design and Implementation, pages 197--206, June 1993. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. H.-J. Boehm and M. Spertus. Garbage collection in the next C++ standard. In Proceedings of the 2009 International Symposium on Memory Management, pages 30--38, June 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. H.-J. Boehm and M. Weiser. Garbage Collection in an Uncooperative Environment. Software -- Practice & Experience, 18(9):807--820, Sept. 1988. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. D. Colvin, G. and Adler, D. Smart Pointers - Boost 1.48.0. Boost C++ Libraries, Jan. 2012. www.boost.org/docs/libs/1_48_0/libs/smart_ptr/smart_ptr.htm.Google ScholarGoogle Scholar
  9. D. Dhurjati and V. Adve. Backwards-Compatible Array Bounds Checking for C with Very Low Overhead. In Proceedings of the 28th International Conference on Software Engineering (ICSE), pages 162--171, 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. D. Dhurjati, S. Kowshik, V. Adve, and C. Lattner. Memory Safety Without Runtime Checks or Garbage Collection. In Proceedings of the 2003 ACM SIGPLAN Conference on Language, Compiler, and Tool for Embedded Systems (LCTES), pages 69--80, 2003. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. D. Edelson and I. Pohl. A Copying Collector for C++. In Proceedings of The 18th ACM SIGPLAN/SIGACT Symposium on Principles of Programming Languages (POPL), pages 51--58, Jan. 1991.Google ScholarGoogle Scholar
  12. D. Gay, R. Ennals, and E. Brewer. Safe Manual Memory Management. In Proceedings of the 2007 International Symposium on Memory Management, Oct. 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. D. Grossman, G. Morrisett, T. Jim, M. Hicks, Y. Wang, and J. Cheney. Region-Based Memory Management in Cyclone. In Proceedings of the SIGPLAN 2002 Conference on Programming Language Design and Implementation, June 2002. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. R. Hastings and B. Joyce. Purify: Fast Detection of Memory Leaks and Access Errors. In Proc. of the Winter Usenix Conference, 1992.Google ScholarGoogle Scholar
  15. M. Hirzel and A. Diwan. On the type accuracy of garbage collection. In Proceedings of the 2000 International Symposium on Memory Management, pages 1--11, Oct. 2004. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. International Standard ISO/IEC 14882:2011. Programming Languages -- C++. International Organization for Standards, 2011.Google ScholarGoogle Scholar
  17. T. Jim, G. Morrisett, D. Grossman, M. Hicks, J. Cheney, and Y. Wang. Cyclone: A Safe Dialect of C. In Proceedings of the 2002 USENIX Annual Technical Conference, June 2002. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. J. Jonathan G. Rossie and D. P. Friedman. An Algebraic Semantics of Subobjects. In Proceedings of the 17th SIGPLAN Conference on Object-Oriented Programming, Systems, Languages and Application (OOPSLA), Nov. 2002.Google ScholarGoogle Scholar
  19. R. Jones and R. Lins. Garbage Collection: Algorithms for Au- tomatic Dynamic Memory Management. John Wiley & Sons, 1996. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. C. Lattner and V. Adve. LLVM: A Compilation Framework for Lifelong Program Analysis & Transformation. In Proceedings of the International Symposium on Code Generation and Optimization, page 75, 2004. Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. D. Lomet. Making Pointers Safe in System Programming Languages. IEEE Transactions on Software Engineering, pages 87 -- 96, Jan. 1985. Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. S. Lu, Z. Li, F. Qin, L. Tan, P. Zhou, and Y. Zhou. Bug-bench: Benchmarks for Evaluating Bug Detection tools. In PLDI Workshop on the Evaluation of Software Defect Detection Tools, June 2005.Google ScholarGoogle Scholar
  23. S. Nagarakatte, J. Zhao, M. M. K. Martin, and S. Zdancewic. SoftBound: Highly Compatible and Complete Spatial Memory Safety for C. In Proceedings of the SIGPLAN 2009 Conference on Programming Language Design and Implementation, June 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. S. Nagarakatte, J. Zhao, M. M. K. Martin, and S. Zdancewic. CETS: Compiler Enforced Temporal Safety for C. In Proceedings of the 2010 International Symposium on Memory Management, June 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. G. C. Necula, J. Condit, M. Harren, S. McPeak, and W. Weimer. CCured: Type-Safe Retrofitting of Legacy Software. ACM Transactions on Programming Languages and Systems, 27(3), May 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. NIST Juliet Test Suite for C/C++. NIST, 2010. http://samate.nist.gov/SRD/testCases/suites/Juliet-2010-12.c.cpp.zip.Google ScholarGoogle Scholar
  27. Y. Oiwa. Implementation of the Memory-safe Full ANSI-C Compiler. In Proceedings of the SIGPLAN 2009 Conference on Programming Language Design and Implementation, pages 259--269, June 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. P.-M. Osera, R. Eisenberg, C. DeLozier, S. Nagarakatte, M. M. K. Martin, and S. Zdancewic. Core Ironclad. Technical Report MS-CIS-13-06, University of Pennsylvania, 2013.Google ScholarGoogle Scholar
  29. J. Pincus and B. Baker. Beyond Stack Smashing: Recent Advances in Exploiting Buffer Overruns. IEEE Security & Privacy, 2(4):20--27, 2004. Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. J. Rafkind, A. Wick, M. Flatt, and J. Regehr. Precise Garbage Collection for C. In Proceedings of the 2009 International Symposium on Memory Management, June 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  31. M. S. Simpson and R. K. Barua. MemSafe: Ensuring the Spatial and Temporal Memory Safety of C at Runtime. In IEEE International Workshop on Source Code Analysis and Manipulation, pages 199--208, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. B. Stroustrup. A Rationale for Semantically Enhanced Library Languages. In Library-Centric Software Design, page 44, 2005.Google ScholarGoogle Scholar
  33. B. Stroustrup. Software Development for Infrastructure. Computer, 45:47--58, Jan. 2012. Google ScholarGoogle ScholarDigital LibraryDigital Library
  34. E. Unger. Severe memory problems on 32-bit Linux, April 2012. https://groups.google.com/d/topic/golang-nuts/qxlxu5RZAI0/discussion.Google ScholarGoogle Scholar
  35. J. Wilander and M. Kamkar. A Comparison of Publicly Available Tools for Dynamic Buffer Overflow Prevention. In Proceedings of the Network and Distributed Systems Security Symposium, 2003.Google ScholarGoogle Scholar
  36. W. Xu, D. C. DuVarney, and R. Sekar. An Efficient and Backwards-Compatible Transformation to Ensure Memory Safety of C Programs. In Proceedings of the 12th ACM SIGSOFT International Symposium on Foundations of Software Engineering (FSE), pages 117--126, 2004. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Ironclad C++: a library-augmented type-safe subset of c++

      Recommendations

      Comments

      Login options

      Check if you have access through your login credentials or your institution to get full access on this article.

      Sign in

      Full Access

      • Published in

        cover image ACM SIGPLAN Notices
        ACM SIGPLAN Notices  Volume 48, Issue 10
        OOPSLA '13
        October 2013
        867 pages
        ISSN:0362-1340
        EISSN:1558-1160
        DOI:10.1145/2544173
        Issue’s Table of Contents
        • cover image ACM Conferences
          OOPSLA '13: Proceedings of the 2013 ACM SIGPLAN international conference on Object oriented programming systems languages & applications
          October 2013
          904 pages
          ISBN:9781450323741
          DOI:10.1145/2509136

        Copyright © 2013 Owner/Author

        Publisher

        Association for Computing Machinery

        New York, NY, United States

        Publication History

        • Published: 29 October 2013

        Check for updates

        Qualifiers

        • research-article

      PDF Format

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader
      About Cookies On This Site

      We use cookies to ensure that we give you the best experience on our website.

      Learn more

      Got it!