Please note: This master’s thesis presentation will take place in DC 3317 and online.

Michael Brooks, Master’s candidate
David R. Cheriton School of Computer Science

Supervisor: Professor Peter Buhr

C∀ strives to fix issues in C, chief among them safety. This thesis presents a significant step forward in C∀’s goal to remove unsafe pointer operations. It describes improvements to the C∀ language design to support advanced collection features. These features are implemented across the C∀ compiler and runtime libraries. The results maintain another C∀ goal of offering strong backwards compatibility with C. To achieve these goals, this work leverages preexisting C∀ contributions by prior students, particularly novel applications of the compiler’s type system.

All modern programming languages provide these three high-level collections (containers): array, linked-list, and string. Often, the array is part of the programming language, while linked lists are built from (recursive) pointer types, and strings from arrays and/or linked lists. For all three types, languages and/or their libraries supply varying degrees of high-level mechanisms for manipulating these objects at the bulk and component levels, such as copying, slicing, extracting, and iterating among elements. Unfortunately, typical implementations for these key types in C cause 60%–70% of the reported software vulnerabilities involving memory errors, where 70%–80% of hacker attack-vectors target these types. Therefore, hardening these three C types and suggesting programmers use them as their default types goes a long way to increase memory safety in the majority of C programs.

Specifically, an array is provided that tracks its length internally, relieving the user and implementor from managing explicit length arguments/parameters and stopping buffer-overrun errors. This feature requires augmenting the C∀ type system, making array length available at compile and runtime. A linked-list utility is provided that obviates many user-managed recursive pointers, while catering directly to system-programming using intrusive linking. Finally, a string utility is provided with implicit memory management of text in a specialized heap, removing error-prone buffer management, including overrun, and providing a copy-on-write speed boost. For all three utilities, performance is argued to be on-par or surpass those in other comparable languages. With the array, this case is made by showing complete erasure down to a naked C array, modulo runtime bound checks, which are removable more often than with Java-style length management. With the linked list and string, empirical measures are compared with C and C++ comparable libraries. These collections offer programmers workable alternatives to hand-rolling specialized libraries, which is a huge safety benefit, eliminating many system vulnerabilities. The results establish C∀’s position as a safety-forward programming alternative.

To attend this master’s thesis presentation in person, please go to DC 3317. You can also attend virtually on Zoom.