"CCured: Type-Safe Retrofitting of Legacy Software"
https://web.eecs.umich.edu/~weimerw/p/p477-necula.pdf
This article describes CCured, a program transformation system that
adds type safety guarantees to existing C programs. CCured attempts to
verify statically that memory errors cannot occur, and it inserts
run-time checks where static verification is insufficient.
CCured extends C’s type system by separating pointer types according
to their usage, and it uses a surprisingly simple type inference
algorithm that is able to infer the appropriate pointer kinds for
existing C programs. CCured uses physical subtyping to recognize and
verify a large number of type casts at compile time. Additional type
casts are verified using run-time type information. CCured uses two
instrumentation schemes, one that is optimized for performance and one
in which metadata is stored in a separate data structure whose shape
mirrors that of the original user data. This latter scheme allows
instrumented programs to invoke external functions directly on the
program’s data without the use of a wrapper function.
This looks ideal for us. I recommend all our senior devs read the
paper.
I found software here:
https://github.com/CTSRD-CHERI/ccured
It seems to be in an unmaintained state.
--
>>esr>>
_______________________________________________
devel mailing list
devel@ntpsec.org
http://lists.ntpsec.org/mailman/listinfo/devel
