Safe C++

Introduction

Software of Unknown Provenance (SOUP)

• Properly documented / validated / verified /tested
• Even the compiler needs to be verified

Software Bill of materials (SBOM)

• Vulenrability management
• Compliance and reporting
• Supply chain transparency

Cybersecurity Bill of Materials

• SBOM + Cybersecurity items

Functional correctness

• Meets specifications and requirements

Functional safety

• Zero unintended behavior

Security

• Protection of systems, networks and data from unauthorized access, attacks, damage or theft

Why C++

• Standards, Framwworks, Libraries
• Popular / Mature Language
• Performance
• Large and active community
• Interoperability, Portability, Compatibility

Compiler Hardening

• -Werror -Wall -Wextra

Setup

-O2 -Wall -Wformat -Wformat=2 -Wconversion -Wimplicit-fallthrough
-Werror=format-security
-U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=3
-D_GLIBCXX_ASSERTIONS
-fstrict-flex-arrays=3
-fstack-clash-protection -fstack-protector-strong
-Wl,-z,nodlopen -Wl,-z,noexecstack
-Wl,z,relro -Wl,z,now
-Wl,-as-needed -Wl,--no-copy-dt-needed-entries

Important

• -Wconversion, -Wsign-conversion
• -fstack-protector-strong
• -fno-delete-null-pointer-checks
• -fno-strict-overflow
• -fno-strict-aliasing
• -ftrivial-auto-var-init
• -fstack-clash-protection

Sanitizers

• Address
• Thread
• Leak
• Undefined Behavior
• Realtime

References

• Building Safe and Reliable Surgical Robotics with C++ - Milad Khaledyan - CppCon 2024
• Compiler Options Hardening Guide for C and C++
• Explain GNU style linker options
• GCC Options That Control Optimization
• GCC Program Instrumentation Options
• GCC Options to Request or Suppress Warnings
• GCC Link Options