Osera, Peter-Michael
Email Address
ORCID
Disciplines
Search Results
Now showing 1 - 3 of 3
Publication Core Ironclad(2013-01-01) Osera, Peter-Michael; Eisenberg, Richard A.; DeLozier, Christian; Nagarakatte, Santosh; Martin, Milo; Zdancewic, Stephan ACore Ironclad is a core calculus that models the salient features of Ironclad C++, a library-augmented type-safe subset of C++. We give an overview of the language including its definition and key design points. We then prove type safety for the language and use that result to show that the pointer lifetime invariant, a key property of Ironclad C++, holds within the system.Publication Dependent Interoperability(2012-01-01) Osera, Peter-Michael; Sjoberg, Vilhelm; Zdancewic, Stephan AIn this paper we study the problem of interoperability – combining constructs from two separate programming languages within one program – in the case where one of the two languages is dependently typed and the other is simply typed. We present a core calculus called SD, which combines dependently- and simply-typed sub-languages and supports user-defined (dependent) datatypes, among other standard features. SD has “boundary terms" that mediate the interaction between the two sub-languages. The operational semantics of SD demonstrates how the necessary dynamic checks, which must be done when passing a value from the simply-typed world to the dependently typed world, can be extracted from the dependent type constructors themselves, modulo user-defined functions for marshaling values across the boundary. We establish type-safety and other meta-theoretic properties of SD, and contrast this approach to others in the literature.Publication Ironclad C++: A Library-Augmented Type-Safe Subset of C++(2013-03-28) DeLozier, Christian; Eisenberg, Richard A.; Nagarakatte, Santosh; Osera, Peter-Michael; Martin, Milo; Zdancewic, Stephan AC++ remains a widely used programming language, despite retaining many unsafe features from C. These unsafe features often lead to violations of type and memory safety, which manifest as buffer overflows, use-after-free vulnerabilities, or abstraction violations. Malicious attackers are able to exploit such violations to compromise application and system security. This paper introduces Ironclad C++, an approach to bring the benefits of type and memory safety to C++. Ironclad C++ is, in essence, a library-augmented type-safe subset of C++. All Ironclad C++ programs are valid C++ programs, and thus Ironclad C++ programs can be compiled using standard, off-the-shelf C++ compilers. However, not all valid C++ programs are valid Ironclad C++ programs. To determine whether or not a C++ program is a valid Ironclad C++ program, Ironclad C++ uses a syntactic source code validator that statically prevents the use of unsafe C++ features. For properties that are difficult to check statically Ironclad C++ applies dynamic checking to enforce memory safety using templated smart pointer classes. Drawing from years of research on enforcing memory safety, Ironclad C++ utilizes and improves upon prior techniques to significantly reduce the overhead of enforcing memory safety in C++. To demonstrate the effectiveness of this approach, we translate (with the assistance of a semi-automatic refactoring tool) and test a set of performance benchmarks, multiple bug-detection suites, and the open-source database leveldb. These benchmarks incur a performance overhead of 12% on average as compared to the unsafe original C++ code, which is small compared to prior approaches for providing comprehensive memory safety in C and C++.