ACM SIGPLAN Notices - OOPSLA '13
The C++ programming language remains widely used, de- spite inheriting many unsafe features from C—features that often lead to failures of type or memory safety that manifest as buffer overflows, use-after-free vulnerabilities, or abstrac- tion violations. Malicious attackers can exploit such viola- tions to compromise application and system security.
This paper introduces Ironclad C++, an approach to bringing the benefits of type and memory safety to C++. Ironclad C++ is, in essence, a library-augmented, type-safe subset of C++. All Ironclad C++ programs are valid C++ programs that can be compiled using standard, off-the-shelf C++ compilers. However, not all valid C++ programs are valid Ironclad C++ programs: a syntactic source-code val- idator statically prevents the use of unsafe C++ features. To enforce safety properties that are difficult to check statically, Ironclad C++ applies dynamic checks via templated “smart pointer” classes.
Using a semi-automatic refactoring tool, we have ported nearly 50K lines of code to Ironclad C++. These benchmarks incur a performance overhead of 12% on average, compared to the original unsafe C++ code.
© ACM, 2013. This is the author's version of the work. It is posted here by permission of ACM for your personal use. Not for redistribution. The definitive version was published in ACM SIGPLAN Notices - OOPSLA '13, Volume 48, Issue 10, (October 2013) http://doi.acm.org/10.1145/2544173.2509550
Christian DeLozier, Richard Eisenberg, Santos Nagarakatte, Peter-Michael Osera, Milo M.K. Martin, Steve Zdancewic, "Ironclad C++: a library-augmented type-safe subset of C++," ACM SIGPLAN Notices - OOPSLA '13 48.10 (October 2013): 287-304.