research-article

Open access

Ironclad C++: a library-augmented type-safe subset of c++

Authors:

Christian DeLozier,

Richard Eisenberg,

Santosh Nagarakatte,

Peter-Michael Osera,

Milo M.K. Martin,

Steve ZdancewicAuthors Info & Claims

OOPSLA '13: Proceedings of the 2013 ACM SIGPLAN international conference on Object oriented programming systems languages & applications

Pages 287 - 304

https://doi.org/10.1145/2509136.2509550

Published: 29 October 2013 Publication History

Abstract

The C++ programming language remains widely used, despite inheriting many unsafe features from C---features that often lead to failures of type or memory safety that manifest as buffer overflows, use-after-free vulnerabilities, or abstraction violations. Malicious attackers can exploit such violations to compromise application and system security.

This paper introduces Ironclad C++, an approach to bringing the benefits of type and memory safety to C++. Ironclad C++ is, in essence, a library-augmented, type-safe subset of C++. All Ironclad C++ programs are valid C++ programs that can be compiled using standard, off-the-shelf C++ compilers. However, not all valid C++ programs are valid Ironclad C++ programs: a syntactic source-code validator statically prevents the use of unsafe C++ features. To enforce safety properties that are difficult to check statically, Ironclad C++ applies dynamic checks via templated ``smart pointer'' classes.

Using a semi-automatic refactoring tool, we have ported nearly 50K lines of code to Ironclad C++. These benchmarks incur a performance overhead of 12% on average, compared to the original unsafe C++ code.

References

[1]

A. Alexandrescu. Modern C++ Design: Generic Programming and Design Patterns Applied. Addison-Wesley, Boston, MA, 2001.

Digital Library

[2]

T. M. Austin, S. E. Breach, and G. S. Sohi. Efficient Detection of All Pointer and Array Access Errors. In Proceedings of the SIGPLAN 1994 Conference on Programming Language Design and Implementation, June 1994.

Digital Library

[3]

J. Bartlett. Mostly-Copying Garbage Collection Picks Up Generations and C++. Technical report, DEC, 1989.

[4]

E. D. Berger and B. G. Zorn. DieHard: Probabilistic Memory Safety for Unsafe Languages. In Proceedings of the SIGPLAN 2006 Conference on Programming Language Design and Implementation, pages 158--168, June 2006.

Digital Library

[5]

H.-J. Boehm. Space Efficient Conservative Garbage Collection. In Proceedings of the SIGPLAN 1993 Conference on Programming Language Design and Implementation, pages 197--206, June 1993.

Digital Library

[6]

H.-J. Boehm and M. Spertus. Garbage collection in the next C++ standard. In Proceedings of the 2009 International Symposium on Memory Management, pages 30--38, June 2009.

Digital Library

[7]

H.-J. Boehm and M. Weiser. Garbage Collection in an Uncooperative Environment. Software -- Practice & Experience, 18(9):807--820, Sept. 1988.

Digital Library

[8]

D. Colvin, G. and Adler, D. Smart Pointers - Boost 1.48.0. Boost C++ Libraries, Jan. 2012. www.boost.org/docs/libs/1_48_0/libs/smart_ptr/smart_ptr.htm.

[9]

D. Dhurjati and V. Adve. Backwards-Compatible Array Bounds Checking for C with Very Low Overhead. In Proceedings of the 28th International Conference on Software Engineering (ICSE), pages 162--171, 2006.

Digital Library

[10]

D. Dhurjati, S. Kowshik, V. Adve, and C. Lattner. Memory Safety Without Runtime Checks or Garbage Collection. In Proceedings of the 2003 ACM SIGPLAN Conference on Language, Compiler, and Tool for Embedded Systems (LCTES), pages 69--80, 2003.

Digital Library

[11]

D. Edelson and I. Pohl. A Copying Collector for C++. In Proceedings of The 18th ACM SIGPLAN/SIGACT Symposium on Principles of Programming Languages (POPL), pages 51--58, Jan. 1991.

[12]

D. Gay, R. Ennals, and E. Brewer. Safe Manual Memory Management. In Proceedings of the 2007 International Symposium on Memory Management, Oct. 2007.

Digital Library

[13]

D. Grossman, G. Morrisett, T. Jim, M. Hicks, Y. Wang, and J. Cheney. Region-Based Memory Management in Cyclone. In Proceedings of the SIGPLAN 2002 Conference on Programming Language Design and Implementation, June 2002.

Digital Library

[14]

R. Hastings and B. Joyce. Purify: Fast Detection of Memory Leaks and Access Errors. In Proc. of the Winter Usenix Conference, 1992.

[15]

M. Hirzel and A. Diwan. On the type accuracy of garbage collection. In Proceedings of the 2000 International Symposium on Memory Management, pages 1--11, Oct. 2004.

Digital Library

[16]

International Standard ISO/IEC 14882:2011. Programming Languages -- C++. International Organization for Standards, 2011.

[17]

T. Jim, G. Morrisett, D. Grossman, M. Hicks, J. Cheney, and Y. Wang. Cyclone: A Safe Dialect of C. In Proceedings of the 2002 USENIX Annual Technical Conference, June 2002.

Digital Library

[18]

J. Jonathan G. Rossie and D. P. Friedman. An Algebraic Semantics of Subobjects. In Proceedings of the 17th SIGPLAN Conference on Object-Oriented Programming, Systems, Languages and Application (OOPSLA), Nov. 2002.

[19]

R. Jones and R. Lins. Garbage Collection: Algorithms for Au- tomatic Dynamic Memory Management. John Wiley & Sons, 1996.

Digital Library

[20]

C. Lattner and V. Adve. LLVM: A Compilation Framework for Lifelong Program Analysis & Transformation. In Proceedings of the International Symposium on Code Generation and Optimization, page 75, 2004.

Digital Library

[21]

D. Lomet. Making Pointers Safe in System Programming Languages. IEEE Transactions on Software Engineering, pages 87 -- 96, Jan. 1985.

Digital Library

[22]

S. Lu, Z. Li, F. Qin, L. Tan, P. Zhou, and Y. Zhou. Bug-bench: Benchmarks for Evaluating Bug Detection tools. In PLDI Workshop on the Evaluation of Software Defect Detection Tools, June 2005.

[23]

S. Nagarakatte, J. Zhao, M. M. K. Martin, and S. Zdancewic. SoftBound: Highly Compatible and Complete Spatial Memory Safety for C. In Proceedings of the SIGPLAN 2009 Conference on Programming Language Design and Implementation, June 2009.

Digital Library

[24]

S. Nagarakatte, J. Zhao, M. M. K. Martin, and S. Zdancewic. CETS: Compiler Enforced Temporal Safety for C. In Proceedings of the 2010 International Symposium on Memory Management, June 2010.

Digital Library

[25]

G. C. Necula, J. Condit, M. Harren, S. McPeak, and W. Weimer. CCured: Type-Safe Retrofitting of Legacy Software. ACM Transactions on Programming Languages and Systems, 27(3), May 2005.

Digital Library

[26]

NIST Juliet Test Suite for C/C++. NIST, 2010. http://samate.nist.gov/SRD/testCases/suites/Juliet-2010-12.c.cpp.zip.

[27]

Y. Oiwa. Implementation of the Memory-safe Full ANSI-C Compiler. In Proceedings of the SIGPLAN 2009 Conference on Programming Language Design and Implementation, pages 259--269, June 2009.

Digital Library

[28]

P.-M. Osera, R. Eisenberg, C. DeLozier, S. Nagarakatte, M. M. K. Martin, and S. Zdancewic. Core Ironclad. Technical Report MS-CIS-13-06, University of Pennsylvania, 2013.

[29]

J. Pincus and B. Baker. Beyond Stack Smashing: Recent Advances in Exploiting Buffer Overruns. IEEE Security & Privacy, 2(4):20--27, 2004.

Digital Library

[30]

J. Rafkind, A. Wick, M. Flatt, and J. Regehr. Precise Garbage Collection for C. In Proceedings of the 2009 International Symposium on Memory Management, June 2009.

Digital Library

[31]

M. S. Simpson and R. K. Barua. MemSafe: Ensuring the Spatial and Temporal Memory Safety of C at Runtime. In IEEE International Workshop on Source Code Analysis and Manipulation, pages 199--208, 2010.

Digital Library

[32]

B. Stroustrup. A Rationale for Semantically Enhanced Library Languages. In Library-Centric Software Design, page 44, 2005.

[33]

B. Stroustrup. Software Development for Infrastructure. Computer, 45:47--58, Jan. 2012.

Digital Library

[34]

E. Unger. Severe memory problems on 32-bit Linux, April 2012. https://groups.google.com/d/topic/golang-nuts/qxlxu5RZAI0/discussion.

[35]

J. Wilander and M. Kamkar. A Comparison of Publicly Available Tools for Dynamic Buffer Overflow Prevention. In Proceedings of the Network and Distributed Systems Security Symposium, 2003.

[36]

W. Xu, D. C. DuVarney, and R. Sekar. An Efficient and Backwards-Compatible Transformation to Ensure Memory Safety of C Programs. In Proceedings of the 12th ACM SIGSOFT International Symposium on Foundations of Software Engineering (FSE), pages 117--126, 2004.

Digital Library

Cited By

DeLozier C(2023)How Close Is Existing C/C++ Code to a Safe Subset?Journal of Cybersecurity and Privacy10.3390/jcp40100014:1(1-22)Online publication date: 28-Dec-2023
https://doi.org/10.3390/jcp4010001
Chen ZYan RMa YSui YXue J(2023)A Smart Status Based Monitoring Algorithm for the Dynamic Analysis of Memory SafetyACM Transactions on Software Engineering and Methodology10.1145/3637227Online publication date: 11-Dec-2023
https://dl.acm.org/doi/10.1145/3637227
Derakhshan FZhang ZVasudevan AJia L(2023)Towards End-to-End Verified TEEs via Verified Interface Conformance and Certified Compilers2023 IEEE 36th Computer Security Foundations Symposium (CSF)10.1109/CSF57540.2023.00021(324-339)Online publication date: Jul-2023
https://doi.org/10.1109/CSF57540.2023.00021
Show More Cited By

Index Terms

Ironclad C++: a library-augmented type-safe subset of c++
1. Software and its engineering
  1. Software notations and tools
    1. Compilers
      1. Dynamic compilers
  2. Software organization and properties
    1. Contextual software domains
      1. Operating systems
        Memory management

Recommendations

Ironclad C++: a library-augmented type-safe subset of c++
OOPSLA '13

The C++ programming language remains widely used, despite inheriting many unsafe features from C---features that often lead to failures of type or memory safety that manifest as buffer overflows, use-after-free vulnerabilities, or abstraction ...
Difficulties in Learning C++ and GUI Programming with Qt Platform: View of Students
ICEEG '17: Proceedings of the 1st International Conference on E-commerce, E-Business and E-Government

We have conducted a C++ and GUI programming workshop with Qt platform and a set of 14 tutorials on the several of concepts and topics of programming fundamentals and Qt framework. This is a programming workshop with computer lab sessions without any ...
OOP via C++, C#...?

This presentation describes our experience in transition from C++ to C# while teaching object-oriented programming.

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

OOPSLA '13: Proceedings of the 2013 ACM SIGPLAN international conference on Object oriented programming systems languages & applications

October 2013

904 pages

ISBN:9781450323741

DOI:10.1145/2509136

Co-chair:
Antony Hosking
Purdue University, USA
,
General Chair:
Patrick Eugster
Purdue University, USA
,
Program Chair:
Cristina V. Lopes
University of California, Irvine, USA

ACM SIGPLAN Notices Volume 48, Issue 10
OOPSLA '13
October 2013
867 pages
ISSN:0362-1340
EISSN:1558-1160
DOI:10.1145/2544173
Editor:
Mark W. Bailey
Hamilton College, Clinton, NY
Issue’s Table of Contents

Copyright © 2013 Owner/Author.

Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.

Sponsors

SIGPLAN: ACM Special Interest Group on Programming Languages

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 29 October 2013

Check for updates

Author Tags

Qualifiers

Research-article

Conference

SPLASH '13

Sponsor:

SIGPLAN

SPLASH '13: Conference on Systems, Programming, and Applications: Software for Humanity

October 29 - 31, 2013

Indiana, Indianapolis, USA

Acceptance Rates

OOPSLA '13 Paper Acceptance Rate 50 of 189 submissions, 26%;

Overall Acceptance Rate 268 of 1,244 submissions, 22%

Upcoming Conference

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

20
Total Citations
View Citations
1,361
Total Downloads

Downloads (Last 12 months)361
Downloads (Last 6 weeks)34

Reflects downloads up to 18 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

DeLozier C(2023)How Close Is Existing C/C++ Code to a Safe Subset?Journal of Cybersecurity and Privacy10.3390/jcp40100014:1(1-22)Online publication date: 28-Dec-2023
https://doi.org/10.3390/jcp4010001
Chen ZYan RMa YSui YXue J(2023)A Smart Status Based Monitoring Algorithm for the Dynamic Analysis of Memory SafetyACM Transactions on Software Engineering and Methodology10.1145/3637227Online publication date: 11-Dec-2023
https://dl.acm.org/doi/10.1145/3637227
Derakhshan FZhang ZVasudevan AJia L(2023)Towards End-to-End Verified TEEs via Verified Interface Conformance and Certified Compilers2023 IEEE 36th Computer Security Foundations Symposium (CSF)10.1109/CSF57540.2023.00021(324-339)Online publication date: Jul-2023
https://doi.org/10.1109/CSF57540.2023.00021
Chen ZWu JZhang QXue JDwyer M(2022)A dynamic analysis tool for memory safety based on smart status and source-level instrumentationProceedings of the ACM/IEEE 44th International Conference on Software Engineering: Companion Proceedings10.1145/3510454.3516872(6-10)Online publication date: 21-May-2022
https://dl.acm.org/doi/10.1145/3510454.3516872
Gui BSong WXiong HHuang J(2022)Automated Use-After-Free Detection and Exploit Mitigation: How Far Have We Gone?IEEE Transactions on Software Engineering10.1109/TSE.2021.312199448:11(4569-4589)Online publication date: 1-Nov-2022
https://doi.org/10.1109/TSE.2021.3121994
Chen ZWu JZhang QXue J(2022)A Dynamic Analysis Tool for Memory Safety Based on Smart Status and Source-Level Instrumentation2022 IEEE/ACM 44th International Conference on Software Engineering: Companion Proceedings (ICSE-Companion)10.1109/ICSE-Companion55297.2022.9793834(6-10)Online publication date: May-2022
https://doi.org/10.1109/ICSE-Companion55297.2022.9793834
Bauereiss TCampbell BSewell TArmstrong AEsswood LStark IBarnes GWatson RSewell P(2022)Verified Security for the Morello Capability-enhanced Prototype Arm ArchitectureProgramming Languages and Systems10.1007/978-3-030-99336-8_7(174-203)Online publication date: 5-Apr-2022
https://dl.acm.org/doi/10.1007/978-3-030-99336-8_7
Chen ZWang CYan JSui YXue JCadar CZhang X(2021)Runtime detection of memory errors with smart statusProceedings of the 30th ACM SIGSOFT International Symposium on Software Testing and Analysis10.1145/3460319.3464807(296-308)Online publication date: 11-Jul-2021
https://dl.acm.org/doi/10.1145/3460319.3464807
Wang PBangert JKern C(2021)If It's Not Secure, It Should Not CompileProceedings of the 43rd International Conference on Software Engineering10.1109/ICSE43902.2021.00123(1360-1372)Online publication date: 22-May-2021
https://dl.acm.org/doi/10.1109/ICSE43902.2021.00123
Horváth GPataki N(2019)Categorization of C++ Classes for Static Lifetime AnalysisProceedings of the 9th Balkan Conference on Informatics10.1145/3351556.3351559(1-7)Online publication date: 26-Sep-2019
https://dl.acm.org/doi/10.1145/3351556.3351559
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents