Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Programming

Can TrapC Fix C and C++ Memory Safety Issues? (infoworld.com) 99

"TrapC, a fork of the C language, is being developed as a potential solution for memory safety issues that have hindered the C and C++ languages," reports InfoWorld.

But also being developed is a compiler named trapc "intended to be implemented as a cybersecurity compiler for C and C++ code, said developer Robin Rowe..." Due by the end of this year, trapc will be a free, open source compiler similar to Clang... Rowe said.

TrapC has pointers that are memory-safe, addressing the memory safety issue with the two languages. With TrapC, developers write in C or C++ and compile in TrapC, for memory safety...

Rowe presented TrapC at an ISO C meeting this week. Developers can download a TrapC whitepaper and offer Rowe feedback. According to the whitepaper, TrapC's memory management is automatic and cannot leak memory. Pointers are lifetime-managed, not garbage-collected. Also, TrapC reuses a few code safety features from C++, notably member functions, constructors, destructors, and the new keyword.

"TrapC Memory Safe Pointers will not buffer overrun and will not segfault," Rowe told the ISO C Committee standards body meeting, according to the Register. "When C code is compiled using a TrapC compiler, all pointers become Memory Safe Pointers and are checked."

In short, TrapC "is a programming language forked from C, with changes to make it LangSec and Memory Safe," according to that white paper. "To accomplish that, TrapC seeks to eliminate all Undefined Behavior in the C programming language..."

"The startup TRASEC and the non-profit Fountain Abode have a TrapC compiler in development, called trapc," the whitepaper adds, and their mission is "to enable recompiling legacy C code into executables that are safe by design and secure by default, without needing much code refactoring... The TRASEC trapc cybersecurity compiler with AI code reasoning is expected to release as free open source software sometime in 2025."

In November the Register offered some background on the origins of TrapC...
This discussion has been archived. No new comments can be posted.

Can TrapC Fix C and C++ Memory Safety Issues?

Comments Filter:
  • by Grady Martin ( 4197307 ) on Monday March 03, 2025 @05:58AM (#65206445)
    XrO [xr0.dev] is a similar project that has already gained some traction... but does anyone know why these projects insist on forking/extending C, when annotations could simply be contained in comments (particularly in XrO's case)?
  • C and C++ are not safe, that's how it is, leave it FFS. If you want safety as a major feature then use a language where you can't read or write where you shouldn't, there's plenty of them.

    • by HiThere ( 15173 )

      This fixes (or at least claims to fix) one set of problems with C in a manner that is largely transparent. (Most existing C programs would be compiled without changes.) I find this approach a lot more attractive than rust. But the standard library needs to be extended to include hash tables and RB trees, and there needs to be a better handling of unicode (preferably "everything is utf8") with libraries to deal with it.

  • by Viol8 ( 599362 ) on Monday March 03, 2025 @07:18AM (#65206531) Homepage

    ""TrapC Memory Safe Pointers will not buffer overrun and will not segfault,"

    So what will they do then, just assert with an error? Not much difference really though possibly slightly more helpful to the person running it. Or worse will the program continue running somehow which sounds like a nightmare waiting to happen?

    Or if Mr Rowe thinks his compiler will catch all potential out of bounds at compile time then he's discovered one of the holy grails of CS.

    • by dfghjk ( 711126 )

      We are to believe it will automagically unfuck bad code. It is not to be taken seriously.

      A language is not merely a compiler anyway, Apparently these people think it is.

      • by psmears ( 629712 )

        We are to believe it will automagically unfuck bad code. It is not to be taken seriously.

        This is the correct answer. Having read most of the white paper, I'm left wondering whether this is an April Fool's joke released too soon. Some of my favourites:

        TrapC is compatible with most C code

        followed shortly afterwards by

        TrapC compatibility when compiling C code is limited in a small way by the removal of ‘goto’ and ‘union’.

        So that'll rule out probably 98% of real life C programs then!

        also

        how TrapC translation is implemented is a compiler implementation detail. Translations might be from a local dictionary, be captured ad hoc from user-provided input or be AI-generated across the Internet.

        The paper claims that the standard unmodified C "Hello, world" program, if compiled with TrapC and run with LANG=fr_FR, will output "Bonjour le monde". With translation automatically provided by AI. I can see literally no way how that could end badly!

    • From the white paper link there is a simple example:-
      void gets_input()
      {
      char buffer[24];
      printf("Please enter your name and press \n");
      gets(buffer);// TrapC will terminate on overrun!
      printf("%s",buffer);
      }
      If the user inputs more data than the 24-byte buffer can hold, that is a typical C buffer overrun
      error. In C/C++, such an error is not implicitly caught, may crash or enable a hacker exploit. The
      action TrapC takes on overrun, or any other unanticipat

      • by tepples ( 727027 )

        Legacy system maintainers who like ‘goto’ and ‘union’ may prefer to keep such code in C.

        A lot of C code that I have read uses the keyword "goto" to jump to code to that deallocates resources allocated by the function. This somewhat corresponds to the keyword "finally" of Python and Java. What's the common practice in programs written in C without the keyword "goto" to write resource deallocation code only once rather than duplicating it, likely with errors, at each place that a function returns?

        • by _merlin ( 160982 )

          Deeply nested "if" blocks. But I think TrapC allows you to have C++-like automatic unwind to make the cleanup happen automatically on return.

    • So what will they do then, just assert with an error?

      They will fail to compile.

    • by HiThere ( 15173 )

      If you don't trap the errors, it will terminate with a reasonable message. If you do trap the errors, you can handle the problem and continue. (I really hate the obscure segfault messages.)
      I'm not sure I'd use it, as I use lots of containers, and libraries to handle them aren't standard in C, but it's a lot nicer than rust.

  • Done To Death (Score:5, Informative)

    by Spinlock_1977 ( 777598 ) <Spinlock_1977 @ y a h o o . c om> on Monday March 03, 2025 @08:48AM (#65206633) Journal

    Hardly a new concept. Been tried before. The problem has never been "can we do it", the problem was always "how badly does it affect performance". You can't do bounds-checking for free, and that hasn't changed.

  • "TrapC, a fork of the C language,"

    There's a lot more to a C(++) compiler and its surrounding ecosystem than just the paradigm of "memory safety".

    • by HiThere ( 15173 )

      Yes, but the claim seems to be that this could be tit into the existing ecosystem without many changes except replacing C. (As someone else commented, though, the kicker may be "How much execution time does it add?".)

  • No (Score:3, Insightful)

    by gweihir ( 88907 ) on Monday March 03, 2025 @09:48AM (#65206735)

    And seriously,
    1. C is not "hindered" at all. That is just a lie by misdirection.
    2. Lack of memory safety in C is a feature, not a bug. It gives you control that you otherwise do not have. Of course, with great control comes great responsibility.
    3. C is not a language for low-skill coders. Please stay away unless you are competent.

    • with great control comes great responsibility

      We can't have that. The burden of responsibility should be on the computer. That's what they're made for. It's like saying parents should be responsible for their children.

      Sarcasm aside, I am in favour of tools and a compiler which can optionally provide the extra security of memory checks and other known risky behaviour, but I say once again, optionally.
      And no removing features just because of hype. There are logical cases for manipulating memory access and using goto and unions after all.

      • by gweihir ( 88907 )

        Sarcasm aside, I am in favour of tools and a compiler which can optionally provide the extra security of memory checks and other known risky behaviour, but I say once again, optionally.

        I completely agree to that. Warnings are entirely find. Still takes somebody that actually understand the warnings.

        And no removing features just because of hype. There are logical cases for manipulating memory access and using goto and unions after all.

        Indeed. These are decidedly "experts only", but they are there for really good reasons.

    • by SirSlud ( 67381 )

      Long gone are the days in which saying something like "I'm a skilled programmer, I don't make mistakes, I wouldn't benefit from better safety features" wouldn't get you laughed out of the building (at least in any environment I would consider reputable). And it's embarrassing that anybody who would consider themselves a professional programmer doesn't know that most languages which do have better safety posture support unsafe "control" when you explicitly choose to use it. Including TrapC - by being abi com

      • by gweihir ( 88907 )

        Why does this absolutely stupid argument gets made time and again? We are not talking about "I do not make mistakes", we are talking about "I make absolutely stupid beginners mistakes and are not competent to put in even the most elementary redundancies that prevent them from being exploitable". Have you looked at the utterly incompetent mistakes people make when lack of memory safety does lead to exploits? It is like they insist on using a hammer to hammer in nails, but do not even know which part of the h

        • by SirSlud ( 67381 )

          Because everyone in a position of actual power wrt the future of programmer agrees with me, and not you. Look, if you're in a 2 person shop writing whatever, go for it. But nobody directing the bodies that produce software at scale for the most widely used systems and platforms in the world takes the "its a people problem" argument seriously anymore. Mostly because it's a bullshit false dichotomy. In 25+ years of embedded C/C++ I've seen utterly incompetent mistakes done by every range of expertise and comp

    • 3. C is not a language for low-skill coders. Please stay away unless you are competent.

      I agree. And given that we have CVEs related to memory safety all the way up to and including places such as the Linux kernel I can only conclude that there's no coder in the world with a high enough skill.

      That said I would frame it differently rather than implying all programmers are idiots, which is something that has to be concluded based on your post and statistics of memory safety problems.

    • 3. C is not a language for low-skill coders. Please stay away unless you are competent.

      That statement screams of arrogance: "I am a god programmer who will never make a mistake." The list of CVEs in Linux due to C programming issues says everyone makes mistakes.

      • by gweihir ( 88907 )

        3. C is not a language for low-skill coders. Please stay away unless you are competent.

        That statement screams of arrogance: "I am a god programmer who will never make a mistake." The list of CVEs in Linux due to C programming issues says everyone makes mistakes.

        This is not about not making mistakes. This is about not making really dumb mistakes and then having no redundancies in place.

        • This is not about not making mistakes. This is about not making really dumb mistakes and then having no redundancies in place.

          What you missed is you called people who have ever coded a CVE that went into Linux "a low-skill coder". I am pretty sure they are far more skilled at C than you.

          • by gweihir ( 88907 )

            Well, you invalid (and, incidentally untrue) AhHominem shows you have nothing, as does your "Appeal to Authority". Moron.

  • There are already tools like valgrind and address sanitizers in gcc which can be used to find many memory/pointer handling bugs.
  • At least there does not seem to be a rust style unsafe keyword.

    I'm not a fan of banning goto and there is no mention of switch in the whitepaper. I'm not sure if they are trying to make it easier to enforce some constraint or this is some kind of misguided editorial decision. At the very least they should allow some kind of constrained version of goto.

    "Returning a pointer to a local variable is not an error" ... and this notion of auto resetting garbage for example if you increment a pointer beyond whatev

  • The problem is not that C, one of the most successful languages ever, is not "memory safe". The problem comes from governments trying to add beaureucratic nonsense into programming language selection and then failing because fixing coding problems with language selection just produces more problems.

    Torvalds pushed back against C++ for decades, using pure C in building objects, event handling and memory management. Clear guidelines and many eyes on the code worked better than the numerous attempts to use C++
    • by SirSlud ( 67381 )

      Perhaps in aviation where low piloting experience is 'fixed' by more and more features of flight controlling computers.

      This might be one of the dumbest things I've ever read on slashdot, and that's saying something

      • by PPH ( 736903 )

        low piloting experience is 'fixed' by more and more features of flight controlling computers.

        That was accomplished by the replacement of the first officer with a dog. The captain's job is to feed and play with the dog. The dog's job is to bite the captain should he attempt to touch the flight controls.

  • by Bill, Shooter of Bul ( 629286 ) on Monday March 03, 2025 @01:29PM (#65207421) Journal
    He was the force behind Cinepaint ( also previously known as Film Gimp) and did a lot of hollywood ditgital effects on major pictures using them. But as a working daily job, he never had time to fully commit to improving the app to keep up with commercial aps. There was hope that Glasgow University would take over and re-write the base to be more modern and updatable, but their version was never stable and it ended up a dead end.

    So in summary, Really talented individual, but previously failed to get a community to take his ideas to the next level. So I'm a bit skeptical for that reason in addition to all the other ones people have brought up. If there is some long standing commercial entity funding him in this work, then maybe it has a bit of a chance.

Top Ten Things Overheard At The ANSI C Draft Committee Meetings: (5) All right, who's the wiseguy who stuck this trigraph stuff in here?

Working...