Cyclone (programming language): Difference between revisions

Browse history interactively

← Previous edit

Content deleted Content added

VisualWikitext

Revision as of 06:53, 14 December 2018 edit 2409:4042:218a:b67:6d14:dd27:8e30:7ea5 (talk) →External links ← Previous edit		Latest revision as of 08:06, 19 August 2025 edit undo Bender the Bot (talk \| contribs) Bots 1,064,377 edits m →top: HTTP to HTTPS for Cornell University Tag: AWB
(34 intermediate revisions by 22 users not shown)
Line 1: {{Short description\|Memory-safe dialect of the C programming language}} {{nouse ~~footnotes~~dmy dates\|date=August ~~2015~~2024}}▼ {{more footnotes\|date=August 2015}} {{Infobox programming language \| name = Cyclone \| logo = \| logo caption = \| file ext = \| paradigm = \| released = {{~~start~~Start date and age\|2002}} \| designer = [[AT&T Labs]] \| developer = [[Cornell University]] \| latest release version = 1.0 \| latest release date = {{~~start~~Start date and age\|2006\|05\|08}} \| latest preview version = \| latest preview date = <!-- {{start date and age\|YYYY\|MM\|DD}} --> Line 16 ⟶ 19: \| dialects = \| influenced by = [[C (programming language)\|C]] \| influenced = [[Rust (programming language)\|Rust]], [[Project Verona]] \| programming language = \| operating system = Line 22 ⟶ 25: \| website = {{URL\|http://cyclone.thelanguage.org}} \| wikibooks = \| discontinued = Yes<ref>{{cite web \|title=Open Access Cyclone (programming language) Journals · OA.mg \|url=https://oa.mg/journals/open-access-cyclone-programming-language-journals \|website=oa.mg \|access-date=30 October 2022 \|archive-date=30 October 2022 \|archive-url=https://web.archive.org/web/20221030192542/https://oa.mg/journals/open-access-cyclone-programming-language-journals \|url-status=live }}</ref> ~~\| discontinued = yes~~ }} The '''Cyclone''' [[programming language]] iswas intended to be a safe dialect of the [[C (programming language)\|C language]].<ref>{{Cite journal \|last1=Jim \|first1=Trevor \|last2=Morrisett \|first2=J. Greg \|last3=Grossman \|first3=Dan \|last4=Hicks \|first4=Michael W. \|last5=Cheney \|first5=James \|last6=Wang \|first6=Yanling \|date=2002-06-10 \|title=Cyclone: isA ~~designed~~Safe toDialect of C \|url=https://dl.acm.org/doi/10.5555/647057.713871 \|journal=Proceedings of the General Track of the Annual Conference on USENIX Annual Technical Conference \|series=ATEC '02 \|___location=USA \|publisher=USENIX Association \|pages=275–288 \|isbn=978-1-880446-00-3}}</ref> It ~~avoid~~avoids [[buffer overflow]]s and other vulnerabilities that are possible in C programs by design, without losing the power and convenience of C as a tool for [[system programming]]. It is no longer supported by its original developers, with the reference tooling not supporting [[64-bit computing\|64-bit platforms]]. The [[Rust (programming language)\|Rust]] language is mentioned by the original developers for having integrated many of the same ideas Cyclone had.<ref>{{cite web \|title=Cyclone \|url=http://cyclone.thelanguage.org/ \|website=cyclone.thelanguage.org \|access-date=11 December 2023 \|archive-date=21 May 2006 \|archive-url=https://web.archive.org/web/20060521202022/http://cyclone.thelanguage.org/ \|url-status=live }}</ref> Cyclone development was started as a joint project of Trevor Jim from [[AT&T Labs]] Research and [[Greg Morrisett]]'s group at [[Cornell University]] in 2001. Version 1.0 was released on May 8, 2006.<ref>{{cite web \|title=Cyclone \|url=https://www.cs.cornell.edu/Projects/cyclone/ \|website=[[Cornell University]] \|access-date=30 October 2022 \|archive-date=15 October 2022 \|archive-url=https://web.archive.org/web/20221015034248/https://www.cs.cornell.edu/Projects/cyclone/ \|url-status=live }}</ref> ==Language features== Line 33 ⟶ 36: * [[Pointer arithmetic]] is limited * Pointers must be initialized before use (this is enforced by [[definite assignment analysis]]) * [[Dangling pointer]]s are prevented through region analysis and limits on ~~[[Malloc\|~~<code>[[free()]]</code>]] * Only "safe" casts and unions are allowed * [[Control flow\|<code>goto</code>]] into scopes is disallowed * [[Control flow\|<code>switch</code>]] labels in different scopes are disallowed * Pointer-returning functions must execute <code>return</code> * [[Setjmp~~/longjmp~~.h\|<code>setjmp</code>]] and ~~[[Setjmp/longjmp\|~~<code>longjmp</code>]] are not supported To maintain the tool set that C programmers are used to, Cyclone provides the following extensions: * ~~'''~~Never-<code>NULL</code> pointers~~'''~~ do not require <code>NULL</code> checks * ~~'''~~"Fat" pointers~~'''~~ support pointer arithmetic with run-time [[bounds checking]] * ~~'''~~Growable regions~~'''~~ support a form of safe manual memory management * ~~'''~~[[Garbage collection (computer science)\|Garbage collection]]~~'''~~ for heap-allocated values * ~~'''~~[[Tagged union]]s~~'''~~ support type-varying arguments * ~~'''~~Injections~~'''~~ help automate the use of tagged unions for programmers * ~~'''~~[[Polymorphism (computer science)\|Polymorphism]]~~'''~~ replaces some uses of [[void pointer\|<code>void </code>]] ~~'''~~varargs~~'''~~ are implemented as fat pointers * ~~'''~~[[Exception handling\|Exceptions]]~~'''~~ replace some uses of <code>setjmp</code> and <code>longjmp</code> For a better high-level introduction to Cyclone, the reasoning behind Cyclone and the source of these lists, see [http://www.cs.umd.edu/projects/cyclone/papers/cyclone-safety.pdf this paper]. Cyclone looks, in general, much like [[C ~~(programming language)\|C]]~~, but it should be viewed as a C-like language. ===Pointer types=== Line 61 ⟶ 64: * <code>?</code> (the only type with [[pointer arithmetic]] allowed, [[fat pointer\|"fat" pointer]]s). The purpose of introducing these new pointer types is to avoid common problems when using pointers. Take for instance a function, called <code>foo</code> that takes a pointer to an int: <~~source~~syntaxhighlight lang="C"> int foo(int ); </syntaxhighlight> ~~</source>~~ Although the person who wrote the function <code>foo</code> could have inserted <code>NULL</code> checks, let us assume that for performance reasons they did not. Calling <code>foo(NULL);</code> will result in [[undefined behavior]] (typically, although not necessarily, a [[SIGSEGV]] [[Unix signal\|signal]] being sent to the application). To avoid such problems, Cyclone introduces the <code>@</code> pointer type, which can never be <code>NULL</code>. Thus, the "safe" version of <code>foo</code> would be: <~~source~~syntaxhighlight lang="C"> int foo(int @); </syntaxhighlight> ~~</source>~~ This tells the Cyclone compiler that the argument to <code>foo</code> should never be <code>NULL</code>, avoiding the aforementioned undefined behavior. The simple change of <code></code> to <code>@</code> saves the programmer from having to write <code>NULL</code> checks and the operating system from having to trap <code>NULL</code> pointer dereferences. This extra limit, however, can be a rather large stumbling block for most C programmers, who are used to being able to manipulate their pointers directly with arithmetic. Although this is desirable, it can lead to [[buffer overflow]]s and other "off-by-one"-style mistakes. To avoid this, the <code>?</code> pointer type is delimited by a known bound, the size of the array. Although this adds overhead due to the extra information stored about the pointer, it improves safety and security. Take for instance a simple (and naïve) <code>strlen</code> function, written in C: <~~source~~syntaxhighlight lang="C"> int strlen(const char s) { int ~~iter~~i = 0; if (s == NULL) return 0; while (s[~~iter~~i] != '\0') { ~~iter~~i++; } return ~~iter~~i; } </syntaxhighlight> ~~</source>~~ This function assumes that the string being passed in is terminated by ~~NULL (~~<code>'\0'</code>). However, what would happen if <{{code>\|style=white-space:nowrap\|2=c\|1=char~~ ~~ buf[6]~~ ~~ =~~ ~~ {'h','e','l','l','o','!'};~~</code>~~}} were passed to this string? This is perfectly legal in C, yet would cause <code>strlen</code> to iterate through memory not necessarily associated with the string <code>s</code>. There are functions, such as <code>strnlen</code> which can be used to avoid such problems, but these functions are not standard with every implementation of [[ANSI C]]. The Cyclone version of <code>strlen</code> is not so different from the C version: <~~source~~syntaxhighlight lang="C"> int strlen(const char ? s) { int ~~iter~~i, n = s.size; if (s == NULL) return 0; for (~~iter~~i = 0; ~~iter~~i < n; ~~iter~~i++, s++) { if (s == '\0') return ~~iter~~i; } return n; } </syntaxhighlight> ~~</source>~~ Here, <code>strlen</code> bounds itself by the length of the array passed to it, thus not going over the actual length. Each of the kinds of pointer type can be safely cast to each of the others, and arrays and strings are automatically cast to <code>?</code> by the compiler. (Casting from <code>?</code> to <code></code> invokes a [[bounds checking\|bounds check]], and casting from <code>?</code> to <code>@</code> invokes both a <code>NULL</code> check and a bounds check. Casting from <code></code> to <code>?</code> results in no checks whatsoever; the resulting <code>?</code> pointer has a size of 1.) ===Dangling pointers and region analysis=== Consider the following code, in C: <~~source~~syntaxhighlight lang="C"> char itoa(int i) { Line 106 ⟶ 108: return buf; } </syntaxhighlight> ~~</source>~~ ~~Function~~The function <code>itoa</code> allocates an array of chars <code>buf</code> on the stack and returns a pointer to the start of <code>buf</code>. However, the memory used on the stack for <code>buf</code> is deallocated when the function returns, so the returned value cannot be used safely outside of the function. While [[GNU Compiler Collection~~\|gcc~~]] and other compilers will warn about such code, the following will typically compile without warnings: <~~source~~syntaxhighlight lang="C"> char itoa(int i) { Line 116 ⟶ 118: return z; } </syntaxhighlight> ~~</source>~~ [[GNU Compiler Collection~~\|gcc]]~~ can produce warnings for such code as a side-effect of option {{code\|-O2}} or {{code\|-O3}}, but there are no guarantees that all such errors will be detected. Cyclone does regional analysis of each segment of code, preventing dangling pointers, such as the one returned from this version of <code>itoa</code>. All of the local variables in a given scope are considered to be part of the same region, separate from the heap or any other local region. Thus, when analyzing <code>itoa</code>, the Cyclone compiler would see that <code>z</code> is a pointer into the local stack, and would report an error. Line 126 ⟶ 128: ==References== {{Reflist}} ▲{{no footnotes\|date=August 2015}} * [http://cyclone.thelanguage.org/wiki/User%20Manual Cyclone User Manual]▼ * [http://www.cs.umd.edu/~mwh/papers/cyclone-cuj.pdf Cyclone: a Type-safe Dialect of C] by Dan Grossman, Michael Hicks, Trevor Jim, and Greg Morrisett - published January 2005▼ ==External links== * [http://cyclone.thelanguage.org/ Cyclone ~~Homepage~~homepage] * [https://web.archive.org/web/20111227232825/http://www.eecs.harvard.edu/~greg/cyclone/old_cyclone.html Old web site] ~~since official web site is not available.~~ * [http://cyclone.thelanguage.org/wiki/Download Cyclone - ~~Source~~source code repositories]▼ * [https://allaboutprogramming62.blogspot.com/2018/12/chapter-1-overview-of-c-programming.html]{{dead link\|date=August 2017 \|bot=InternetArchiveBot \|fix-attempted=yes }} ▲* [http://cyclone.thelanguage.org/wiki/Download Cyclone - Source code repositories] * [http://cyclone.thelanguage.org/wiki/Frequently%20Asked%20Questions Cyclone - FAQ] * [http://cyclone.thelanguage.org/wiki/Cyclone%20for%20C%20Programmers Cyclone for C programmers] ▲* [http://cyclone.thelanguage.org/wiki/User%20Manual Cyclone ~~User~~user ~~Manual~~manual] ▲* [http://www.cs.umd.edu/~mwh/papers/cyclone-cuj.pdf Cyclone: a Type-safe Dialect of C] by Dan Grossman, Michael Hicks, Trevor Jim, and Greg Morrisett - published January 2005 Presentations: Line 146 ⟶ 147: {{DEFAULTSORT:Cyclone (Programming Language)}} [[Category:C programming language family]] [[Category:Programming languages created in 2002]]