Affiliation:
1. University of Pennsylvania, Philadelphia, PA, USA
2. Rutgers University, New Brunswick, NJ, USA
Abstract
The C++ programming language remains widely used, despite inheriting many unsafe features from C---features that often lead to failures of type or memory safety that manifest as buffer overflows, use-after-free vulnerabilities, or abstraction violations. Malicious attackers can exploit such violations to compromise application and system security.
This paper introduces Ironclad C++, an approach to bringing the benefits of type and memory safety to C++. Ironclad C++ is, in essence, a library-augmented, type-safe subset of C++. All Ironclad C++ programs are valid C++ programs that can be compiled using standard, off-the-shelf C++ compilers. However, not all valid C++ programs are valid Ironclad C++ programs: a syntactic source-code validator statically prevents the use of unsafe C++ features. To enforce safety properties that are difficult to check statically, Ironclad C++ applies dynamic checks via templated ``smart pointer'' classes.
Using a semi-automatic refactoring tool, we have ported nearly 50K lines of code to Ironclad C++. These benchmarks incur a performance overhead of 12% on average, compared to the original unsafe C++ code.
Publisher
Association for Computing Machinery (ACM)
Subject
Computer Graphics and Computer-Aided Design,Software
Cited by
3 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献
1. Accelerating Type Confusion Detection by Identifying Harmless Type Castings;Proceedings of the 20th ACM International Conference on Computing Frontiers;2023-05-09
2. PDL: Scaffolding Problem Solving in Programming Courses;Proceedings of the 26th ACM Conference on Innovation and Technology in Computer Science Education V. 1;2021-06-26
3. Boosting the precision of virtual call integrity protection with partial pointer analysis for C++;Proceedings of the 26th ACM SIGSOFT International Symposium on Software Testing and Analysis;2017-07-10