type++: Prohibiting Type Confusion with Inline Type Information
Nicolas Badoux
Network and Distributed System Security (NDSS) Symposium 2025 · Day 3 · Software Security: Code and Compiler
In the realm of C++ development, the flexibility offered by object-oriented features like inheritance can, paradoxically, introduce significant security vulnerabilities. The talk "type++: Prohibiting Type Confusion with Inline Type Information," delivered by Nicolas Badoux, addresses a critical class of these vulnerabilities known as **derived type confusion**. This work introduces Type++, a novel C++ dialect meticulously engineered to eliminate these bugs by design, providing robust runtime type checking with remarkably low overhead.
AI review
Solid systems security research tackling a real, persistent problem in C++ with a language-level solution that actually ships numbers: 90B casts protected, sub-1% average overhead, 14 new bugs found in SPEC CPU, and a credible Chromium case study. Not a world-changer, but this is the kind of careful, principled engineering work that moves the field forward rather than just describing the problem.