Journal of Cybersecurity and Privacy (Dec 2023)

How Close Is Existing C/C++ Code to a Safe Subset?

  • Christian DeLozier

DOI
https://doi.org/10.3390/jcp4010001
Journal volume & issue
Vol. 4, no. 1
pp. 1 – 22

Abstract

Read online

Using a safe subset of C++ is a promising direction for increasing the safety of the programming language while maintaining its performance and productivity. In this paper, we examine how close existing C/C++ code is to conforming to a safe subset of C++. We examine the rules presented in existing safe C/C++ standards and safe C/C++ subsets. We analyze the code characteristics of 5.8 million code samples from the Exebench benchmark suite, two C/C++ benchmark suites, and five modern C++ applications using a static analysis tool. We find that raw pointers, unsafe casts, and unsafe library functions are used in both C/C++ code at large and in modern C++ applications. In general, C/C++ code at large does not differ much from modern C++ code, and continued work will be required to transition from existing C/C++ code to a safe subset of C++.

Keywords