parts/6.47.Inter-languageCalling-DJS.md

6.47 Inter-language Calling [DJS]

6.47.1 Applicability to language

The vulnerability as described in ISO/IEC TR 24772-1:2019 clause 6.47 is applicable to C++.

C++ is a multi-paradigm language with a number of features that do not interface simply with other language systems. It is left to the implementation team the task of converting the results of these paradigms to constructs that can cross an interface for further processing in other languages.

C++ compilers provide an application binary interface (ABI) that delineates areas of interoperability with other languages or other C++ compiler/runtime systems. An ABI includes calling conventions, data layout, error and exception handling and return conventions, name mangling, data model, initialization of memory, and linkage to operating systems and libraries.

C++ compilers implement a C++ language linkage and a C language linkage. It is implementation-defined what other languages the implementation supports. Alternatively, other language systems provide linkages to C systems[^3](Ada has developed a standard for interfacing with C. Fortran has included a Clause 15 that explains how to call C functions.), leaving the developer the task of channeling everything through this common language system.

6.47.2 Avoidance mechanisms for language users

To avoid the vulnerability or mitigate its ill effects, C++ software developers can:

• Follow the avoidance mechanisms of ISO/IEC 24772-1 clause 6.47.5

• Use standard layout types for the interoperable interfaces.

  •   Use language linkage facilities that support the languages being

    used.

  •   EXP56-CPP. Do not call a function with a mismatched language

    linkage (-> 6.47)

  •   EXP60-CPP. Do not pass a nonstandard-layout type object across

    (-> 6.47 ?)
    execution boundaries

• Be aware that the static initialization phase and dynamic initialization for every language system are required before the system begins execution

• Be aware that C++ exceptions are not usually compatible with exceptions in other languages.

• Segregate outgoing cross-language interfacing code into functions that present a C++ interface to the C++ code and implements that interface by calling code compatible with the other language system. Similarly implement incoming cross-language interfaces by providing simplified functions that presents a simplified (C or other language) interface and is implemented by calling C++ code with the correct style.

• Separate the interfacing code from the code containing the main functionality

See also the C++ Core Guidelines CPL.3.

AI 63-6 – group – add the guidance from 6.47.2 Interoperability into the Core Guidelines.