How Close Is Existing C/C++ Code to a Safe Subset?

Christian DeLozier

doi:10.3390/jcp4010001

Journal of Cybersecurity and Privacy (Dec 2023)

How Close Is Existing C/C++ Code to a Safe Subset?

Christian DeLozier

Affiliations

Christian DeLozier: United States Naval Academy, 105 Maryland Ave, Annapolis, MD 21402, USA

DOI: https://doi.org/10.3390/jcp4010001
Journal volume & issue: Vol. 4, no. 1
pp. 1 – 22

Abstract

Read online

Using a safe subset of C++ is a promising direction for increasing the safety of the programming language while maintaining its performance and productivity. In this paper, we examine how close existing C/C++ code is to conforming to a safe subset of C++. We examine the rules presented in existing safe C/C++ standards and safe C/C++ subsets. We analyze the code characteristics of 5.8 million code samples from the Exebench benchmark suite, two C/C++ benchmark suites, and five modern C++ applications using a static analysis tool. We find that raw pointers, unsafe casts, and unsafe library functions are used in both C/C++ code at large and in modern C++ applications. In general, C/C++ code at large does not differ much from modern C++ code, and continued work will be required to transition from existing C/C++ code to a safe subset of C++.

Published in Journal of Cybersecurity and Privacy

ISSN: 2624-800X (Online)
Publisher: MDPI AG
Country of publisher: Switzerland
LCC subjects: Technology: Technology (General)
Website: https://www.mdpi.com/journal/jcp

About the journal

Abstract

Keywords