Checked C: Open Source C Extention by Microsoft

Microsoft’s love for open-source community seems to be increasing day by day. After Microsoft CEO Satya Nadella’s declaration last year, proclaiming –

“MICROSOFT ♥ LINUX”

Microsoft has come forward with many contributions to Linux and the open-source community. Some of which are, .NET distribution for Linux & Mac, Visual Studio Code for Linux, Javascript Engine ChakraCore, SQL Server for Linux, Bash on Ubuntu on Windows, FreeBSD image on Azure etc.

And the latest addition is Checked C, an extended version of C programming language that offers more reliable and secure experience to the programmers.

CHECKED C

Checked C was initially a Microsoft Research project aiming to implement bounds-checking on C, for detecting and preventing common programming errors like buffer overruns, out-of-bounds memory accesses, and incorrect type casts. Now that Microsoft has made it open source, the latest version of Checked C and its specification can be found on its GitHub repository’s release page.

HOW IS THIS EXTENDED CHECKED C BETTER?

C programming language uses a special concept for accessing data – pointers. A pointer is the address of a memory cell. Using pointers can be tricky and even experienced programmers can sometimes make mistakes when working with it. Which in turns can cause programs to crash, misbehave or be exposed to vulnerabilities.

Checked C provides programmers with options to better describe their used pointers and how they intend to use them. Using those information, it uses bounds-checking method to check that data is being accessed within its intended bounds. And according to Microsoft,

The name Checked C reflects the fact that static and dynamic checking is being added to C.

And for programming errors like buffer overruns and incorrect type casts, Checked C will enable programmers to add checking to their programs to detect these kinds of errors when a program runs or while it is being written. With these extensions, Checked C will be able to avoid security vulnerabilities or software reliability problems.

Most system software is written in C or C++ programming language. The thing with writing system software is that the programmer needs precise control over the program’s functionalities. And with that in mind, Checked C will definitely mean a great deal of help to the system programmers.

WHAT ABOUT THE EXISTING C CODES?

No need to worry! Checked C is fully backward compatible. This is just an extension for the existing C language. So, the existing C codes will works with Checked C just as fine. And can be modified take advantages of the extended features. As it is described on Checked C project page,

Existing system software can be modified incrementally in a backwards-compatible fashion to have this checking.

What do you think about Checked C? Are you a C programmer? When are you going to give Checked C a try?