Cyclone is a programming language based on C that is safe, meaning that it rules out programs that have buffer overflows, dangling pointers, format string attacks, and so on. High-level, type-safe languages, such as Java, Scheme, or ML also provide safety, but they don't give the same control over data representations and memory management that C does (witness the fact that the run-time systems for these languages are usually written in C.). . .
Cyclone is a programming language based on C that is safe, meaning that it rules out programs that have buffer overflows, dangling pointers, format string attacks, and so on. High-level, type-safe languages, such as Java, Scheme, or ML also provide safety, but they don't give the same control over data representations and memory management that C does (witness the fact that the run-time systems for these languages are usually written in C.) Furthermore, porting legacy C code to these languages or interfacing with legacy C libraries is a difficult and error-prone process. The goal of Cyclone is to give programmers the same low-level control and performance of C without sacrificing safety, and to make it easy to port or interface with legacy C code.

Cyclone achieves safety while remaining compatible with C by:

  • Enforcing type safety (e.g., a cast from t1 to t2 is allowed only if it is safe to view a t1 as a t2)
  • Not changing data representation or calling conventions
  • Providing region-based, manual memory management
  • Using a combination of type information and run-time checks to prevent array-bound violations
  • Wrapping the C standard library with appropriate run-time checks as necessary (e.g., has a FILE already been closed)

The link for this article located at AT&T Labs Research is no longer available.