[Prev][Next][Index][Thread]

Memory safe implementations of C/C++


Hi Phil,

Ellis and Detlefs did the pioneering work on the memory-safe implementation
of C/C++ almost a decade ago.  See 

	http://citeseer.nj.nec.com/ellis93safe.html

The critical problems in such an implementation are storage
management, bounds checking on array operations, pointer operations,
and union types.  Free operations have to be interpreted as no-ops and
conservative garbage collection is used to reclaim unreachable
heap storage.  I am not an expert on the ANSI Standard for C but I would be
very surprised if the restrictions required for memory safety are
compatible with an efficient implementation of the standard.

For example, I don't see how to implement stepping through an array 
with a pointer efficiently.  How do you know when you run off the
end?  You can't use a sentinel because all possible bit patterns 
are used by most C primitive types (e.g. int, char).  

Since the ANSI C Standard was not carefully designed to accommodate
a memory safe implementation, I am very skeptical that an efficient,
memory safe implementation can be pulled out of a hat.  I will believe
it when I see it.

In practice, I suspect that full conformance with the ANSI C Standard
is not that important.  Who needs to access array elements using
pointer operations?  On the other hand, efficient storage management
issue is very important.  The Boehm-Weiser conservative collector has
been available for over a decade yet its level of acceptance in the C
community is disappointing.  I suspect that most C programmers are
uncomfortable with the idea of GC pause times and the possibility of
false retention of unreachable data structures because word aligned
bits somewhere in reachable memory happen to point to the retained
structures.

-- Corky Cartwright