Microsoft Open-Sources 'Checked C,' A Safer C Version

An anonymous reader writes from a report via Softpedia: Microsoft has open-sourced Checked C, an extension to the C programming language that brings new features to address a series of security-related issues. As its name hints, Checked C will add checking to C, and more specifically pointer bounds checking. The company hopes to curb the high-number of security bugs such as buffer overruns, out-of-bounds memory accesses, and incorrect type casts, all which would be easier to catch in Checked C. Despite tangible benefits to security, the problem of porting code to Checked C still exists, just like it did when C# or Rust came out, both C alternatives.

Re:prevents casts to incorrect type? hahahah.

It baffles me the sheer number of warnings some projects generate on compilation. Sure many aren't relevant, but some are, and if your code generates bucketloads the chances of missing the important ones is high. And really: how hard is it to do simple things like putting extra braces around if statements where you really do want to do an assignment, properly casting things (signed -> unsigned for example), or typing (void) foo; when you really want to include argument foo in the function arguments even though it isn't used... yet. Personally I don't consider my code complete until it compiles with no warnings under -Wall at least.

That said... I think people need to accept that C just is what it is, quirks and all. If you want strong type checking etc then there are plenty of alternatives to choose from.

Solve the problem in hardware, have done with it.

[GrahamCox]

The CPU just needs to set aside an area of memory exclusively for return addresses, and make that protected. No more security issues, buffer overruns, execution of arbitrary code. The real problem is that return addresses are mingled with other data. This should be solved at the hardware level, and AFAICS, it could be done totally transparently to code, even binaries.

Re:C99 and C11

[silentcoder]

And sometimes, the weird behavior is actually the right behavior - even when compilers disagree. Remember the issue a few years ago when it turns out almost all the sshkeys generated on any debian (or debian-derived) system were highly predictable ? It happened because the random-number generator in openssh was throwing a compiler warning for "considered dangerous" handling of a pointer - except that, in that case, it was a critical part of the entropy feed. Some debian packager wrote a patch to "fix" the code to proper bounded behaviour... and ended up castrating the entropy feeder function.
It no longer threw a warning - it just led to one of the worst security problems in Linux history and took weeks to recover from when it was discovered years later and everybody had to regenerate their keys.

Re:Better get used to it...

[angel'o'sphere]

As yet, nobody has made an OS that isn't C at the bottom.
What nonsense.

Perhaps you like to google a bit or read wikipedia? Mac OS e.g. was written in Pascal. Other OSes are written in Forth, Java, Oberon, Modula II. There are plenty of OSes you never heard about written in Languages you never heard about.