Developers of the project llvm offered a number of changes aimed at strengthening the safety of critically important projects to C ++ and the provision of means to exclude errors caused by exit beyond the permissible boundaries of buffers. The work is concentrated in two directions: providing a development model that allows you to safely work with buffers, and work to strengthen the protection of the standard library of functions Libc ++.
The proposed model of safe programming for C ++ involves the use of classes provided by the standard library when working with buffers instead of manipulations with naked signs. For example, it is proposed to use the STD classes :: Array, STD :: Vector and STD :: SPAN, to which the exit of the dedicated memory border, produced during the execution.
To combat dangerous programming techniques in Clang, it is proposed to display a compiler warning for all arithmetic operations with signs similar to Linter-a Clang-Tidy warnings displayed using the flag “ CPPCOREGUIDELINES-PRO-BUNDS-PINTER-ARITHMETIC “, support of which will appear in LLVM 16. For the inclusion of these A separate flag will be added to Clang, not active in default.
In Libc ++, it is planned to implement an optional regime of enhanced protection, when the inclusion of which some situations leading to indefinite behavior will be caught. For example, in the STD classes :: span and STD :: Vector will be monitored outside the allocated memory area, in case of identification of which the program will be accidentally completed. The developers believe that the addition of such changes will preserve the correspondence of LIBC ++ C ++ standards, since the choice of the method of processing cases of uncertain behavior lies on the developers of the library, which can also interpret indefinite behavior as a failure requiring the completion of the program.
The tests performed during the check in Libc ++ plan to divide into categories that can be included separately. Some of the proposed checks that do not complicate the operations or change ABI are already implemented as part of the safe LIBC ++ mode ( Safe Mode ).
It is planned to prepare a tool for adjusting the code that allows you to replace variables with bare indicators with containers and use alternative handlers in situations where the container cannot directly replace the pointer (for example, the design “IF (Array_Pointer)” can be transformed into “IF (IF (IF Span.Data () “). Corrections can be applied not only to local variables, but also to the parameters of types with signs.