Microsoft Open-Sources 'Checked C,' A Safer C Version

An anonymous reader writes from a report via Softpedia: Microsoft has open-sourced Checked C, an extension to the C programming language that brings new features to address a series of security-related issues. As its name hints, Checked C will add checking to C, and more specifically pointer bounds checking. The company hopes to curb the high-number of security bugs such as buffer overruns, out-of-bounds memory accesses, and incorrect type casts, all which would be easier to catch in Checked C. Despite tangible benefits to security, the problem of porting code to Checked C still exists, just like it did when C# or Rust came out, both C alternatives.

Re:What a Waste of Time

strcpy_s is part of the C11 standard, and it was a library addition, not a language change.

Some old GCC?

[snikulin]

Long long time ago (~2000?) I used GCC's bounds checking feature.
If I recall correctly, I had to compile my own GCC because it was the only way to enable it.

a pointer to VLA is a bounded pointer type

[Uecker]

The funny little known fact is: C99 already has a bounded pointer type: A pointer to a variable-length array.

    void foo(int N, char (*ptr)[N])
    {
        (*ptr)[N + 3] = 10; // undefined behaviour
    }

Using the undefined-behaviour sanitizer, you can also have the compiler add automatic checks.

Re:Solve the problem in hardware, have done with i

[sdw]

That's the right direction. Apple already has a pretty good version of it. (See below.)

Bounds checking C like this now is weak and very, very late:
https://gcc.gnu.org/ml/gcc/199...
https://www.lrde.epita.fr/~aki...
http://blog.qt.io/blog/2013/04...
http://valgrind.org/docs/manua...
https://en.wikipedia.org/wiki/...

But the grand champion memory debugger is the Mac OS X standard malloc libraries. You can simply set environment variables and instantly get better debugging than most methods on all other platforms. I presume this is because Objective C/C++ is such a pain to debug that they just built in features to always be available, even for production apps.

http://www.cocoawithlove.com/2...

Those libraries are clever because when debugging array bounds corruption and used/free, all mallocs get their own mmapped memory block surrounded by unmapped memory. Plus writing patterns into free / allocated memory to detect writing to freed memory, etc. This is great because it triggers a system signal that debuggers can catch deterministically.

I found and used those techniques on my last big project a couple years ago. The Windows desktop app and imaging C++ libraries were full of errors, memory corruption, struct and 32bit/64bit problems, etc. I had to do a lot of debugging and rewriting to port to Mac OS X, then a lot to solve corruption and threading issues. And found out, the hard way, what a mess the "standard" pthreads API / libraries were. Just spurred me on to switch to C++11 to have standard threads. This Mac OS X built-in debugging along with gdb made it a snap to find all of those kinds of errors, even for code meant for Android, Linux, and Windows.

Re:Better get used to it...

[Ash-Fox]

As yet, nobody has made an OS that isn't C at the bottom.

Pretty sure a lot of operating systems used Assembler at the bottom in the early 2000s. Now, I think they're pretty flexible, like:
https://github.com/CosmosOS/Co...

Re:checked C

[angel'o'sphere]

and all of it is C.
That is wrong.
All embedded systems I was involved in the last 10 years used: C++

And still half of all embedded systems build in Avionics use: Ada

For example, the Freescale line of coldfire processors all use a tool called codewarrior.
You clearly have no idea what you are talking about.
Codewarrior is an IDE!!! It uses what ever compiler you put behind it. And usually that is a variation of GCC.
Codewarrior is an IDE that was originally written by Metroworks for MAC OS, an IDE focused solely around C++. The fastes C++ compiler for Macs around that time and later acquired by Freescale.
http://www.nxp.com/products/so...
Scroll down to: "Unlimited C/C++/EC++/cC++ Compiler and Debugger for HCS12(X) derivatives and XGATE module "

C has been ported to every instruction set that has ever been invented, and there are more C compilers in the world than there are Java, C++ and Python compilers / interpreters combined.
How is that relevant to the points I made? (If it is even true)

The IEEE keeps a list of the top languages, and their list includes the embedded space which is ignored by these other lists. C and C++ take the #2 and #3 spots, which accurately reflects the underlying reality.
For embedded programming!!! Yes. Not for business code. Not for web pages ... not for smart watches, not for iPads, iPhones, Samsung Galaxies or any other Android device.

If one hires a developer because he has used Codewarrior and ditches one who used Code Composer Studio instead: he is an idiot.

If I had to hire an embedded programmer I would insist on seeing some C/C++ code and would not care what kind of tools he used.