Can TrapC Fix C and C++ Memory Safety Issues? (infoworld.com)
(Monday March 03, 2025 @03:34AM (EditorDavid)
from the language-barriers dept.)
- Reference: 0176597041
- News link: https://developers.slashdot.org/story/25/03/03/0654205/can-trapc-fix-c-and-c-memory-safety-issues
- Source link: https://www.infoworld.com/article/3836025/trapc-proposal-to-fix-c-c-memory-safety.html
"TrapC, a fork of the C language, is being developed as a potential solution for memory safety issues that have hindered the C and C++ languages," [1]reports InfoWorld .
But also being developed is a compiler named trapc "intended to be implemented as a cybersecurity compiler for C and C++ code, said developer Robin Rowe..."
> Due by the end of this year, trapc will be a free, open source compiler similar to [2]Clang ... Rowe said.
>
> TrapC has pointers that are memory-safe, addressing the [3]memory safety issue with the two languages . With TrapC, developers write in C or C++ and compile in TrapC, for memory safety...
>
> Rowe presented TrapC at an ISO C meeting this week. Developers can download [4]a TrapC whitepaper and offer Rowe feedback. According to the whitepaper, TrapC's memory management is automatic and cannot leak memory. Pointers are lifetime-managed, not garbage-collected. Also, TrapC reuses a few code safety features from C++, notably member functions, constructors, destructors, and the new keyword.
"TrapC Memory Safe Pointers will not buffer overrun and will not segfault," Rowe told the ISO C Committee standards body meeting, [5]according to the Register . "When C code is compiled using a TrapC compiler, all pointers become Memory Safe Pointers and are checked."
In short, TrapC "is a programming language forked from C, with changes to make it LangSec and Memory Safe," according to that white paper. "To accomplish that, TrapC seeks to eliminate all Undefined Behavior in the C programming language..."
"The startup TRASEC and the non-profit Fountain Abode have a TrapC compiler in development, called trapc ," the whitepaper adds, and their mission is "to enable recompiling legacy C code into executables that are safe by design and secure by default, without needing much code refactoring... The TRASEC trapc cybersecurity compiler with AI code reasoning is expected to release as free open source software sometime in 2025."
In November the Register offered [6]some background on the origins of TrapC ...
[1] https://www.infoworld.com/article/3836025/trapc-proposal-to-fix-c-c-memory-safety.html
[2] https://www.infoworld.com/article/2261861/what-is-llvm-the-power-behind-swift-rust-clang-and-more.html
[3] https://www.infoworld.com/article/2336216/white-house-urges-developers-to-dump-c-and-c.html
[4] https://www.open-std.org/jtc1/sc22/wg14/www/docs/n3423.pdf
[5] https://www.theregister.com/2025/03/02/c_creator_calls_for_action/
[6] https://www.theregister.com/2024/11/12/trapc_memory_safe_fork/
But also being developed is a compiler named trapc "intended to be implemented as a cybersecurity compiler for C and C++ code, said developer Robin Rowe..."
> Due by the end of this year, trapc will be a free, open source compiler similar to [2]Clang ... Rowe said.
>
> TrapC has pointers that are memory-safe, addressing the [3]memory safety issue with the two languages . With TrapC, developers write in C or C++ and compile in TrapC, for memory safety...
>
> Rowe presented TrapC at an ISO C meeting this week. Developers can download [4]a TrapC whitepaper and offer Rowe feedback. According to the whitepaper, TrapC's memory management is automatic and cannot leak memory. Pointers are lifetime-managed, not garbage-collected. Also, TrapC reuses a few code safety features from C++, notably member functions, constructors, destructors, and the new keyword.
"TrapC Memory Safe Pointers will not buffer overrun and will not segfault," Rowe told the ISO C Committee standards body meeting, [5]according to the Register . "When C code is compiled using a TrapC compiler, all pointers become Memory Safe Pointers and are checked."
In short, TrapC "is a programming language forked from C, with changes to make it LangSec and Memory Safe," according to that white paper. "To accomplish that, TrapC seeks to eliminate all Undefined Behavior in the C programming language..."
"The startup TRASEC and the non-profit Fountain Abode have a TrapC compiler in development, called trapc ," the whitepaper adds, and their mission is "to enable recompiling legacy C code into executables that are safe by design and secure by default, without needing much code refactoring... The TRASEC trapc cybersecurity compiler with AI code reasoning is expected to release as free open source software sometime in 2025."
In November the Register offered [6]some background on the origins of TrapC ...
[1] https://www.infoworld.com/article/3836025/trapc-proposal-to-fix-c-c-memory-safety.html
[2] https://www.infoworld.com/article/2261861/what-is-llvm-the-power-behind-swift-rust-clang-and-more.html
[3] https://www.infoworld.com/article/2336216/white-house-urges-developers-to-dump-c-and-c.html
[4] https://www.open-std.org/jtc1/sc22/wg14/www/docs/n3423.pdf
[5] https://www.theregister.com/2025/03/02/c_creator_calls_for_action/
[6] https://www.theregister.com/2024/11/12/trapc_memory_safe_fork/
It's a trap! (Score:2)
by DrMrLordX ( 559371 )
[1]https://www.youtube.com/watch?... [youtube.com]
[1] https://www.youtube.com/watch?v=4F4qzPbcFiA
XrO (Score:3)
by Grady Martin ( 4197307 )
[1]XrO [xr0.dev] is a similar project that has already gained some traction... but does anyone know why these projects insist on forking/extending C, when annotations could simply be contained in comments (particularly in XrO's case)?
[1] https://xr0.dev/learn#compiling
What problem does this solve? (Score:1)
Another solution looking for a problem.
C has issues, but memory safety is not one of them. Direct memory manipulation is the whole point of low level programming.
Re: (Score:3)
Erm, C has memory safety issues coming out of the wazoo. Double frees, null pointers, buffer overflows are all endemic to C (and C++) programs. You can confirm this by looking at the CVE database. Even the Linux kernel. If projects like kernel, openssl suffers from these issues then guaranteed every other project does. There are some mitigations to issues like using static analysis tools but everything is unsafe by default and that will never change.
Re: (Score:2)
What is the point of adding memory safety to C though? It's a language for low level system programming, where the overhead of all that stuff becomes an issue. You don't want to break the close coupling of the language and the resulting assembly code, which is one reason why C++ isn't very popular for that kind of thing.
If you want that stuff there is Rust or languages like C#. What is the benefit of adding it to C? Retrofitting older apps perhaps?
Re: (Score:2)
Personally I don't believe there is a point, at least not unless you have existing, isolated, specific piece of C code where the benefit of TrapC (pointer hygiene) outweighs the downside (additional runtime overhead). In which case maybe there is a case for wanting to recompile it.
I certainly see no reason to use C or C++ for any new code without a compelling reason. Rust has safety baked into it and also the conveniences of a modern language. It certainly has a learning curve especially for people with ing
Re: (Score:2)
You can hand in your geek card on the way out through the basement and don't let the door hit you in the ass.