2005Embed

Reference1:

Restricted C + Compiler = Safe language benefits with no garbage collection, no runtime checks.

Safe definition: define a software entity (module, thread, or a complete program) to be safe if:

  1. not out of bound: never reference a memory location outside the data area by or for the entity.

  2. no alien code execution: never executes instructions outside the code area created by the compiler and linker within that space.

Except dangling pointers, detect and prevent all other errors that could be prevented by a language with strong type safety.

Replace null ptr runtime check with hardware address space protection.

Compiler techniques

2 new + 2 previous

  • automatic pool allocation: ‘safe dangling ptrs’
  • interprocedural algorithem: propagating constraints on integer variables & prove the safety of affine array reference on integer variables.

  • memory initialization using illegal address from hardware protection

  • escape analysis: prevent dangling ptrs to stack objects.

Restrictions on C

Complex/Unanalyzable array references are not allowed. (Or in future work, allowed with runtime checks added.)


  1. Memory Safety Without Garbage Collection for Embedded Applications, ACM Transactions on Embedded Computing Systems, 2005. ↩
Created Jul 28, 2019 // Last Updated Aug 31, 2020

If you could revise
the fundmental principles of
computer system design
to improve security...

... what would you change?