No more data leaks: TrapC should solve the memory problems of C and C++

With automatic memory management and memory-safe pointers, the open source compiler TrapC is designed to make code written in C and C++ safer.

(Image: mki / heise online)

Update Mar 4, 2025 at 1:46 pm CET

2 min. read

Developer

By

Manuel Masiero

TrapC is a new variant of the C programming language that specializes in cybersecurity. It aims to prevent the memory problems and buffer overflows that are common in C and C++.

Available as open-source software at the end of 2025

The TrapC compiler developed by Robin Rowe should be available as open-source software by the end of 2025 and will make it possible to use C and TrapC code in parallel. TrapC will also be compatible with simple C++ code, for example:

// hello.cpp
#include <iostream>
int main()
{   std::cout << "hello world" << std::endl;
    return 0;
}

Rowe presented his project at the last ISO-C meeting in Graz at the end of February. The TrapC compiler relies on memory-safe pointers, which should prevent memory leaks and memory overflows. At the same time, safety functions that are missing in C, such as constructors and destructors from C++, are used. TrapC also removes unsafe keywords such as goto and union and adds new keywords such as trap and alias. In a white paper, Robin Rowe gives an example of how TrapC counteracts a buffer overflow: a user dialog in which users enter their names. Written in C, the corresponding code passage looks like this:

// gets_input.h (CWE–242, CWE–120, CWE-77)
#include <stdio.h>
inline
void gets_input()
{    char buffer[24];
     printf("Please enter your name and press <Enter>\n");
     gets(buffer);// TrapC will terminate on overrun!
     printf("%s",buffer);
}

If users enter more than 24 characters, this provokes a buffer overflow and opens an exploit for attackers. In C or C++, this error is not necessarily registered, which leads to a crash.

Videos by heise

In contrast, TrapC does not lead to a crash. In the event of a memory overflow or other errors such as a division by zero, the TrapC compiler terminates the program and issues a corresponding error message, unless a suitable error routine exists.

C languages as a set diagram — How TrapC overlaps with C and C++

(Image: Robin Rowe)

Trapping errors

TrapC introduces its error handling with the keyword trap. An example:

// trap_test.tc
#include "gets_input.h"
int main()
{    gets_input();
     trap
     {     puts("ERROR: invalid input");
           return 1;
     }
     return 0;
}

The calling function must handle the errors, as they cannot be passed on as with C++ exceptions. However, trap.return offers a similar function to throw. Further details on the language can be found in the white paper.

Update 05.03.2025, 08:43 Uhr

TrapC-Developer Robin Rowe made on Reddit some clarifications about the differences between trap and try/catch.

(mki)

Don't miss any news – follow us on Facebook, LinkedIn or Mastodon.

This article was originally published in German. It was translated with technical assistance and editorially reviewed before publication.