Ironclad C++

[bearophile]

"Ironclad C++, A Library-Augmented Type-Safe Subset of C++" by 
Christian DeLozier et al:
http://repository.upenn.edu/cis_reports/982/

It's a strict subset of C++ plus added some libraries and some 
static verifiers. The purpose is to have a safer C++. It has some 
similarities with D.

There are many small differences between C++ and Ironclad C++, 
one of them is that all pointers must be smart pointers. It also 
uses a precise garbage collection.

In my opinion what's most interesting is what it does for Stack 
Deallocation Safety, it uses dynamic lifetime checking, with two 
smart pointers, page 5-8:

>Prior work on preventing use-after-free errors has introduced 
>some notion of a local pointer [10, 18], but these efforts have 
>been focused on purely static enforcement through sophisticated 
>program analyses. Local pointers in Ironclad C++ combine static 
>enforcement and dynamic checking, providing flexibility and 
>simplifying the necessary analysis.<

>Local pointers record the lower bound on addresses that they may 
>point to. Through a combination of static restrictions and 
>dynamic checks, these local pointers are allowed to point only 
>to heap-allocated values or values at the same level or above in 
>the call stack.<

The paper explains the various cases: assign from ptr<T> into 
lptr<T>, assign from lptr<T> into ptr<T>, and assign from lptr<T> 
into lptr<T>.

So with a mix of run-time tests and a small amount of static 
analysis the code is safe and fast enough. It seems a simple 
enough idea.

Bye,
bearophile