How Close Is Existing C/C++ Code to a Safe Subset?-Reference-Cited by-同舟云学术

How Close Is Existing C/C++ Code to a Safe Subset?

Published:2023-12-28 Issue:1 Volume:4 Page:1-22
ISSN:2624-800X
Container-title:Journal of Cybersecurity and Privacy
language:en
Short-container-title:JCP

Author:

DeLozier Christian¹^ORCID

Affiliation:

1. United States Naval Academy, 105 Maryland Ave, Annapolis, MD 21402, USA

Abstract

Using a safe subset of C++ is a promising direction for increasing the safety of the programming language while maintaining its performance and productivity. In this paper, we examine how close existing C/C++ code is to conforming to a safe subset of C++. We examine the rules presented in existing safe C/C++ standards and safe C/C++ subsets. We analyze the code characteristics of 5.8 million code samples from the Exebench benchmark suite, two C/C++ benchmark suites, and five modern C++ applications using a static analysis tool. We find that raw pointers, unsafe casts, and unsafe library functions are used in both C/C++ code at large and in modern C++ applications. In general, C/C++ code at large does not differ much from modern C++ code, and continued work will be required to transition from existing C/C++ code to a safe subset of C++.

Publisher

MDPI AG

Subject

General Earth and Planetary Sciences,General Environmental Science

Link

https://www.mdpi.com/2624-800X/4/1/1/pdf

Reference35 articles.

1. (2023, July 27). National Vulnerability Database CWE Over Time, Available online: https://nvd.nist.gov/general/visualizations/vulnerability-visualizations/cwe-over-time.

2. (2023, July 27). National Security Agency Cybersecurity Information Sheet, Available online: https://media.defense.gov/2022/Nov/10/\2003112742/-1/-1/0/CSI_SOFTWARE_MEMORY_SAFETY.PDF.

3. Biden, J. (2023, October 06). Executive Order on Improving the Nation’s Cybersecurity. The White House. 12 May 2021, Available online: https://www.whitehouse.gov/briefing-room/presidential-actions/2021/05/12/executive-order-on-improving-the-nations-cybersecurity/.

4. Hinnant, R., Orr, R., Stroustrup, B., Vandevoorde, D., and Wong, M. (2023). The C++ Standards Committee, ISO. Document Number P2759R0.

5. Austin, T.M., Breach, S.E., and Sohi, G.S. (1994, January 20–24). Efficient detection of all pointer and array access errors. Proceedings of the ACM SIGPLAN 1994 Conference on Programming Language Design and Implementation (PLDI ’94), Orlando, FL, USA.