AD5010: EnableAutomaticReferenceCounting¶
Summary¶
| Property | Value |
|---|---|
| ID | AD5010 |
| Name | EnableAutomaticReferenceCounting |
| Category | Security |
| Severity | Warning |
| Applies to | Mach-O with Objective-C (macOS/iOS) |
Description¶
Automatic Reference Counting (ARC) is a compiler feature that automatically manages Objective-C object lifetimes. This eliminates entire classes of memory safety bugs including use-after-free and double-free vulnerabilities.
How It Works¶
The rule checks for ARC runtime symbols:
objc_retainobjc_releaseobjc_autoreleaseobjc_autoreleaseReturnValue- And other ARC runtime functions
These symbols indicate the code uses ARC instead of manual retain/release.
Why This Matters¶
ARC eliminates entire classes of memory vulnerabilities by automating object lifetime management. Use-after-free, double-free, and memory leak vulnerabilities become structurally impossible in ARC-managed code.
Manual Memory Management Vulnerabilities¶
// WITHOUT ARC - vulnerable patterns:
// Double-free:
NSData *data = [[NSData alloc] init];
[data release];
[data release]; // CRASH or exploitable!
// Use-after-free:
NSString *str = [[NSString alloc] initWithUTF8String:"secret"];
[str release];
NSLog(@"%@", str); // Use-after-free!
// Leak leading to DoS:
while (processing) {
NSData *data = [[NSData alloc] initWithContentsOfFile:path];
// Forgot [data release] - memory leak!
}
ARC Automatic Protection¶
// WITH ARC - all safe:
NSData *data = [[NSData alloc] init];
// Compiler inserts release at end of scope
// Cannot double-free
NSString *str = [[NSString alloc] initWithUTF8String:"secret"];
// Compiler tracks lifetime
// Cannot use after free
while (processing) {
NSData *data = [[NSData alloc] initWithContentsOfFile:path];
// Compiler inserts release
// No leak!
}
Vulnerability Classes Prevented¶
| Vulnerability | Without ARC | With ARC |
|---|---|---|
| Use-after-free | Common | Impossible |
| Double-free | Possible | Impossible |
| Memory leak | Common | Prevented* |
| Dangling pointer | Possible | Prevented |
*ARC doesn't prevent retain cycles, but tools detect them.
Real-World Security Impact¶
Use-after-free bugs have enabled:
| Attack Type | Example |
|---|---|
| Browser exploits | Object confusion after free |
| Kernel exploits | Freed object reuse |
| Server compromises | Dangling pointer dereference |
ARC eliminates these at the source.
ARC Runtime Symbols¶
ARC uses these runtime functions:
objc_retain - Increment reference count
objc_release - Decrement, free if zero
objc_autorelease - Delayed release
objc_storeStrong - Assign with retain/release
Migration Considerations¶
| Codebase | Recommendation |
|---|---|
| New code | Always use ARC |
| Legacy Obj-C | Migrate to ARC |
| Mixed C/Obj-C | ARC for Obj-C parts |
| Swift | Uses ARC automatically |
Performance¶
| Aspect | Impact |
|---|---|
| Runtime | Similar to well-written MRC |
| Binary size | Slightly larger |
| Development time | Much faster |
ARC often generates better code than hand-written MRC.
Memory Safety Vulnerabilities Prevented¶
Without ARC (Manual Memory Management):
NSData *data = [[NSData alloc] initWithBytes:buf length:len];
[data release]; // Manual release
[data release]; // Double-free vulnerability!
// Or:
NSData *data = [self getData];
[data release];
// ... later ...
[data bytes]; // Use-after-free!
With ARC:
NSData *data = [[NSData alloc] initWithBytes:buf length:len];
// Compiler automatically manages lifetime
// No manual release needed
// No double-free or use-after-free possible
Security Benefits¶
- Eliminates use-after-free: Objects freed at correct time
- Eliminates double-free: No manual release calls
- Eliminates memory leaks: Automatic cleanup
- Compile-time safety: Errors caught at build time
Resolution¶
Enable ARC Globally¶
Xcode:
- Select your target
- Go to Build Settings → Apple Clang - Language - Objective C
- Set Objective-C Automatic Reference Counting to Yes
Command Line:
Migrate Existing Code¶
Xcode provides an automatic migration tool:
- Edit → Refactor → Convert to Objective-C ARC...
- Select targets to convert
- Review and apply changes
CMake¶
set(CMAKE_OBJC_FLAGS "${CMAKE_OBJC_FLAGS} -fobjc-arc")
set(CMAKE_OBJCXX_FLAGS "${CMAKE_OBJCXX_FLAGS} -fobjc-arc")
Per-File ARC Control¶
If you need to disable ARC for specific files:
When to Suppress¶
This rule may be suppressed for:
- Swift-only applications: Swift has its own memory management
- Non-Objective-C code: Pure C/C++ binaries
- Xamarin applications: Managed by .NET runtime
- Legacy frameworks: Third-party code not yet migrated
Important Notes¶
- ARC was introduced in iOS 5 and OS X 10.7
- New Xcode projects use ARC by default
- ARC and non-ARC code can coexist in the same project
- Swift code is always memory-safe (no ARC symbols needed)
Related Rules¶
- AD5003 - Stack protection