Abstract
Object lifetimes are a common source of bugs in C++ that can cause crashes, unexpected behavior, or even security vulnerabilities. Herb Sutter, the chair of the C++ standard committee proposed a flow-sensitive analysis to catch lifetime errors statically. Sadly, this analysis is prone to false positives unless the author follows some specific guidelines. We developed mitigations to eliminate some classes of false positives to make it easier to write conforming code. The first mitigation fixes a common false positive from a frequently used coding pattern by introducing local path-sensitivity. The second one is a filter based on reaching definitions and dominance algorithms to remove reports that might be the result of analyzing infeasible paths. We tested the effectiveness of the methods on the open source Google Fuchsia project.
Highlights
Object lifetime, in general, is the time between the construction of an object and the destruction of the same object
The analysis implementation works on the control flow graph (CFG) provided by Clang
Object lifetime related errors are a significant problem for C family languages
Summary
In general, is the time between the construction of an object and the destruction of the same object. Mozilla paints a very similar picture of the distribution of the error types [12] They evaluated how many vulnerabilities could have been prevented using a safer solution like the Rust programming language [3]. Herb Sutter, the chairman of the committee, suggested a flow-based analysis to catch lifetime-related errors [27, 28]. His analysis is part of the C++ Core Guidelines [26]. Listing 1: The dereferenced pointer points to already released memory. Return *p; Listing 2: The dereferenced pointer points to already released memory. Acta Electrotechnica et Informatica, Vol 20, No 4, 2020 positives These mitigations are not part of the original proposal yet and constitute our contributions described in this paper.
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
