Pages

Wednesday, October 29, 2008

Cyclone – A safe dialect of C

Cyclone – A safe dialect of C

Abstract
Cyclone is a programming language based on C that is safe, meaning that it rules out programs that have buffer overflows, dangling pointers, format string attacks, and so on. High-level, type-safe languages, such as Java, Scheme, or ML also provide safety, but they don't give the same control over data representations and memory management that C does. Furthermore, porting legacy C code to these languages or interfacing with legacy C libraries is a difficult and error-prone process. The goal of Cyclone is to give programmers the same low-level control and performance of C without sacrificing safety, and to make it easy to port or interface with legacy C code.
Many software systems, including operating systems, device
drivers and file servers require fine-grained control over data representation (e.g., field layout) and resource management (e.g., memory management). The de facto language for coding such systems is C. However, in providing low-level control, C admits a wide class of dangerous — and extremely common — safety violations, such as incorrect type casts, buffer overruns, dangling-pointer dereferences, and space leaks.

"C is a very powerful language, but you can also hang yourself with that power," says Graham Hutton, an expert in computer languages at the University of Nottingham.

Higher-level, type-safe languages avoid these drawbacks, but in so doing, they often fail to give programmers the control needed in low-level systems. Moreover, porting or extending legacy code is often prohibitively expensive.
Therefore, a safe language at the C level of abstraction, with an easy porting path, would be an attractive option. Cyclone is a safe dialect of C. It has been designed to prevent the buffer overflows, format string attacks, and memory management errors that are common in C programs, while retaining C’s syntax and semantics. Inorder to have this safety, Cyclone introduces some run time checks like the Null check so that it cannot access a null location. Also it has put some restriction like free operation is a no-op and pointer arithmetic is not allowed on those pointers whose bounds information is not available with the compiler.

No comments:

Post a Comment