0

I'm trying to organize a programming contest for signal processing; originally it was going to be in Python, but the question came up if I could expand allowable entries to C.

The type of programming needed for the entries is really pretty limited:

  • no stdin/stdout needed
  • contestants can declare 1 struct containing state variables
  • entries can declare functions
  • I will create my own trusted C code for a test harness that calls into the contestants' entries

So I am wondering: is it possible to declare a particular C file as "safe" by parsing, if there are severe restrictions on the type of calculations allowed? The one thing I can't seem to figure out is how to easily prevent casting pointers or pointer arithmetic.

Entries would be of this form (more or less):

#include "contest.h"
// includes stdint.h and math.h and some other things
// no "#" signs after this line allowed

typedef struct MyState {
  int16_t somevar;
  int16_t anothervar;
  ...
} MyState_t;

void dosomething(MyState *pstate)
{
  ...
}

void dosomethingelse(MyState *pstate)
{
  ...
}

void calculate_timestep(MyState *pstate, ContestResults *presults)
{
  ...
}

I've read some of the sandboxing questions (this and this) and it looks a bit difficult to find a way to sandbox one part of C code but allow other trusted parts of C code. So I'm hoping that parsing may be able to help "bless" C code that meets certain constraints.

Any advice? I don't really care if it gets stuck in an infinite loop (I can kill it if the time takes too long) but I do want to prevent OS access or unwanted memory access.

Community
  • 1
  • 1
Jason S
  • 184,598
  • 164
  • 608
  • 970

1 Answers1

0

There's no point in allowing C if you also want to disallow things that are part of C, such as pointers, casting, and pointer arithmetic. Many valid C programs then become impossible to write, which would seem counter-intuitive if you're saying "you can use C".

It's hard to detect statically that a program won't do

*(uint32_t *) 0 = 0xdeadf00d;

which might cause a segmentation fault on your host operating system. I'm sure it's possible, or that very good attempts have been made. This Wikipedia article has a list of C and C++ static checking tools that you can investigate.

unwind
  • 391,730
  • 64
  • 469
  • 606
  • Hmm, I disagree with your premise; a limited subset of C is still very useful, and all my entrants want is to be able to use portions of the language they know, rather than having to translate their thoughts into Python. – Jason S Sep 17 '13 at 15:17