Cyclcone a safe dialect of C

576 views
493 views

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
576
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
2
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Cyclcone a safe dialect of C

  1. 1. Cyclone a safe dialect of C Prepared by: Ahmed Magdy Ezzeldin
  2. 2. What is CYCLONE Cyclone is a safer dialect of C that is not vulnerable to buffer overflows, format string attacks, double free bugs, dangling pointer accesses, etc... It qualifies ordinary C code with some annotations to make it safer. Cyclone has a special C compiler named ”cyclone” (built on GCC) which supports the special annotations of Cyclone.
  3. 3. How it works Cyclone works on the following aspects to make C safer. Pointers Regions Arrays Structs Unions Exceptions Subtyping Other Restrictions
  4. 4. Pointers @nullable : forces NULL-Check when dereferenced @thin : 1 machine word. It does not allow pointer arithmetics. @fat : 3 machine words. It allows pointer arithmetics forces NULL-Check and Bounds check when dereferenced. @notnull : It can never be NULL, so it does not need a NULL- Check. @zeroterm : It is used with strings to do safe pointer arithmetics on pointers by knowing the place of the zero byte delimiter. @effect(`e) : used to set the memory regions that this pointer can work. @aqual : used to define aliasability.
  5. 5. Regions Every pointer is assigned to a region Before dereferencing a pointer cyclone checks if its region is deallocated. Helps to secure against dangling pointers. Also important for securing against memory leaks as a data structure like a list or a queue can be assigned to one region, so when we free the region the whole data structure is freed without looping on pointers to free them.
  6. 6. Arrays Stack Arrays like in C Heap arrays using the word ”new” Arrays of pointers all pointers must be initialized which make it safer. Arrays can have the same annotations (qualifiers) as pointers.
  7. 7. Structs Cyclone structs are like C structs. Tuples is a form of structs that is not parameterized which means that its fields are accessed by their position (offset) $(int,char,bool) x = $(42,z,true); if (x[2]) x[0]++; Tuples are equivalent if they are structurally equivalent.
  8. 8. Unions Tagged Unions: are unions that save the last written field identifier in a tag so that if we try to get the value of another field an exception is thrown. union T a; int x; a.String = "hello, world"; /* Next line fails */ x = a.Integer + 3; Untagged Pointers: It has no tag to know the last written field but It does not allow to have a pointer as one of its fields to be safer.
  9. 9. Exceptions Pointers NULL-Check and Bounds check and many other checks throw exceptions when they fail. Makes it easy for the developer to write robust code and take corrective measures on error. FILE *f = fopen("/etc/passwd","r"); int c;try { c = getc((FILE *@notnull)f);} catch {case &Null_Exception: printf("Error: cant open /etc/passwdn"); exit(1);case &Invalid_argument(s): printf("Error: Invalid_argument(%s)n",s); exit(1);}
  10. 10. Subtyping Cyclone allows structural subtyping which allows polymorphism which is not allowed in C.typedef struct Point {float x,y;} *point;typedef struct CPoint {float x,y; int color;} *cpoint;float xcoord(point p) { return p->x;} Note that both Point and CPoint are equal in structure with the exception of the last field in CPoint.
  11. 11. Other Restrictions Cant cast an integer to a pointer Cant do pointer arithmetic on a pointer unless the pointer performs bounds check Cyclone does not permit gotos from one scope into another. Cant explicitly free a heap-allocated object, but you can either use regions or the garbage collector to free memory.
  12. 12. References http://cyclone.thelanguage.org:8181/ "Cyclone: A Type-Safe Dialect of C" by Dan Grossman, Michael Hicks, Trevor Jim, and Greg Morrisett "Region-Based Memory Management in Cyclone" by Dan Grossman, Greg Morrisett, Trevor Jim, Michael Hicks, Yanling Wang, and James Cheney (Computer Science Department, Cornell University)
  13. 13. Thank you

×