[Full-disclosure] Linus mass killing integer overflows
guninski at guninski.com
Sat Apr 1 08:58:43 BST 2006
unofficial C++ support for the linux kernel has been for quite a while:
C++ in the Linux Kernel
We have implemented a complete kernel level run-time support for C++ in
the Linux kernel. In particular our run-time support enables the full use
of C++ exceptions in the Linux kernel, but notably also includes support
for global constructors and destructors, and dynamic type checking.
the news is, the benevolant dictator has said "let there be C++", and there
is more secure, full featured, reliable and faster linux kernel written
mainly in C++. the official release is scheduled for 2.8 or when redhat(tm)
becomes ready for the desktop, whichever comes first.
key improvements include:
a) integer overflows *were* PITA for the kernel janitors. once the classes
SafeInt and SafeLong were implemented with suitable operators, the new
kernel is 100% "int/long too big" free. the refactoring tool made this part
b) some clever abuse of exceptions dramatically reduces the amount of OOPS:
cases like '*(SafeInt*)0=foo->bar()' are now gracefully catch()ed, killing
c) kernel structures *were* just lame emulation of C++ objects. now they are
native C++ objects.
d) exceptions result in cleaner, easier to read code and almost stop the nasty
abuse of "goto"
currently there are discussions for implementing COM in the
kernel and/or scripting the kernel from userland, but Linus hasn't made up
his mind yet.
the first public prerelease will be available from
 "written" is not quite correct. the existing C codebase was refactored
to C++ using a sophisticated refactoring tool based on sparse
Full-Disclosure is hosted and sponsored by Secunia.