Ironclad C++: a library-augmented type-safe subset of c++

The C++ programming language remains widely used, despite inheriting many unsafe features from C---features that often lead to failures of type or memory safety that manifest as buffer overflows, use-after-free vulnerabilities, or abstraction violations. Malicious attackers can exploit such violations to compromise application and system security. This paper introduces Ironclad C++, an approach to bringing the benefits of type and memory safety to C++. Ironclad C++ is, in essence, a library-augmented, type-safe subset of C++. All Ironclad C++ programs are valid C++ programs that can be compiled using standard, off-the-shelf C++ compilers. However, not all valid C++ programs are valid Ironclad C++ programs: a syntactic source-code validator statically prevents the use of unsafe C++ features. To enforce safety properties that are difficult to check statically, Ironclad C++ applies dynamic checks via templated ``smart pointer'' classes. Using a semi-automatic refactoring tool, we have ported nearly 50K lines of code to Ironclad C++. These benchmarks incur a performance overhead of 12% on average, compared to the original unsafe C++ code.

[1]  Hans-Juergen Boehm Space efficient conservative garbage collection , 2004, SIGP.

[2]  Rafael Dueire Lins,et al.  Garbage collection: algorithms for automatic dynamic memory management , 1996 .

[3]  David Gay,et al.  Safe manual memory management , 2007, ISMM '07.

[4]  Ira Pohl,et al.  A Copying Collector for C++ , 1991, C++ Conference.

[5]  David B. Lomet Making Pointers Safe in System Programming Languages , 1985, IEEE Transactions on Software Engineering.

[6]  Yutaka Oiwa,et al.  Implementation of the memory-safe full ANSI-C compiler , 2009, PLDI '09.

[7]  John Regehr,et al.  Precise garbage collection for C , 2009, ISMM '09.

[8]  DiwanAmer,et al.  On the type accuracy of garbage collection , 2000 .

[9]  Dinakar Dhurjati,et al.  Memory safety without runtime checks or garbage collection , 2003, LCTES '03.

[10]  Hans-Juergen Boehm,et al.  Garbage collection in an uncooperative environment , 1988, Softw. Pract. Exp..

[11]  Yuanyuan Zhou,et al.  BugBench: Benchmarks for Evaluating Bug Detection Tools , 2005 .

[12]  Robert O. Hastings,et al.  Fast detection of memory leaks and access errors , 1991 .

[13]  Todd M. Austin,et al.  Efficient detection of all pointer and array access errors , 1994, PLDI '94.

[14]  James Cheney,et al.  Cyclone: A Safe Dialect of C , 2002, USENIX Annual Technical Conference, General Track.

[15]  Bjarne Stroustrup Software Development for Infrastructure , 2012, Computer.

[16]  James Cheney,et al.  Region-based memory management in cyclone , 2002, PLDI '02.

[17]  Wei Xu,et al.  An efficient and backwards-compatible transformation to ensure memory safety of C programs , 2004, SIGSOFT '04/FSE-12.

[18]  Jonathan D. Pincus,et al.  Beyond stack smashing: recent advances in exploiting buffer overruns , 2004, IEEE Security & Privacy Magazine.

[19]  John Wilander,et al.  A Comparison of Publicly Available Tools for Dynamic Buffer Overflow Prevention , 2003, NDSS.

[20]  Milo M. K. Martin,et al.  CETS: compiler enforced temporal safety for C , 2010, ISMM '10.

[21]  Emery D. Berger,et al.  DieHard: probabilistic memory safety for unsafe languages , 2006, PLDI '06.

[22]  Milo M. K. Martin,et al.  SoftBound: highly compatible and complete spatial memory safety for c , 2009, PLDI '09.

[23]  Joel F. Bartlett,et al.  Mostly-Copying Garbage Collection Picks Up Generations and C++ , 1999 .

[24]  Rajeev Barua,et al.  MemSafe: Ensuring the Spatial and Temporal Memory Safety of C at Runtime , 2010, 2010 10th IEEE Working Conference on Source Code Analysis and Manipulation.

[25]  Jonathan G. Rossie,et al.  An algebraic semantics of subobjects , 1995, OOPSLA.

[26]  George C. Necula,et al.  CCured: type-safe retrofitting of legacy software , 2005, TOPL.

[27]  Bjarne Stroustrup,et al.  A rationale for semantically enhanced library languages , 2005 .

[28]  Amer Diwan,et al.  On the type accuracy of garbage collection , 2000, ISMM '00.

[29]  Hans-Juergen Boehm,et al.  Garbage collection in the next C++ standard , 2009, ISMM '09.

[30]  Andrei Alexandrescu,et al.  Modern C++ design: generic programming and design patterns applied , 2001 .

[31]  Vikram S. Adve,et al.  LLVM: a compilation framework for lifelong program analysis & transformation , 2004, International Symposium on Code Generation and Optimization, 2004. CGO 2004..

[32]  Dinakar Dhurjati,et al.  Backwards-compatible array bounds checking for C with very low overhead , 2006, ICSE.