Ccured just made my to-do list

[Eric S. Raymond]

"CCured: Type-Safe Retrofitting of Legacy Software"

https://web.eecs.umich.edu/~weimerw/p/p477-necula.pdf

    This article describes CCured, a program transformation system that
    adds type safety guarantees to existing C programs. CCured attempts to
    verify statically that memory errors cannot occur, and it inserts
    run-time checks where static verification is insufficient.

    CCured extends C’s type system by separating pointer types according
    to their usage, and it uses a surprisingly simple type inference
    algorithm that is able to infer the appropriate pointer kinds for
    existing C programs. CCured uses physical subtyping to recognize and
    verify a large number of type casts at compile time. Additional type
    casts are verified using run-time type information.  CCured uses two
    instrumentation schemes, one that is optimized for performance and one
    in which metadata is stored in a separate data structure whose shape
    mirrors that of the original user data.  This latter scheme allows
    instrumented programs to invoke external functions directly on the
    program’s data without the use of a wrapper function.

This looks ideal for us.  I recommend all our senior devs read the
paper.

I found software here:

https://github.com/CTSRD-CHERI/ccured

It seems to be in an unmaintained state.
--
					>>esr>>