Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Microsoft open-sources a safer version of C language

Serdar Yegulalp | June 29, 2016
Checked C proposes to reduce programming errors by adding safety features to the C language, but whether it'll be used outside of a lab setting is another story

Microsoft has open-sourced a research project called Checked C to add new syntax and typing to the C language. The primary goal is to neutralize some hazards of C programming, such as the bugs that gave rise to the Heartbleed and Shellshocksecurity incidents.

It's a bold idea, at least on paper. The tough part will be finding a way to provide incentive for C developers to change existing code -- a task the legacy weight of C has always made difficult.

It's a bold idea, at least on paper. The tough part will be finding a way to provide incentive for C developers to change existing code -- a task the legacy weight of C has always made difficult.

Check yourself before you wreck yourself

Checked C is a modified version of C that addresses the issues that arise with pointers, C's mechanism for accessing memory directly. The language provides several new kinds of pointer and array types that come with built-in safeguards. They're distinct from the existing unsafe pointer types in C, so a programmer can use the new, checked pointer types for safety and revert back to the unsafe types if that's ever required.

The new version also provides checked program scopes. These are blocks of the program code where bounds checking is turned on by default. If the programmer attempts to use an unchecked pointer within such a scope, the compiler will reject it. It's also possible to specify that a whole program be checked by default, by way of a compiler #pragma directive.

An assortment of tools already exists for analyzing C code and detecting problems of this nature -- such as Cppcheck -- but they're generally separate static analysis tools. Checked C builds safety features directly into C as programs are conceived and planned.

Hurdles ahead

As ambitious and valuable as Checked C sounds, it must also deal with two challenges that come up whenever changes are suggested to any existing language. The first is that such changes are typically not backward-compatible. Second, they sometimes involve disruptive changes to the toolchain. Both are all but guaranteed to inhibit uptake.

Microsoft at least partly takes care of backward compatibility. The changes introduced by Checked C don't invalidate existing C programs; they still compile as-is. All of the new syntax and alterations to the language co-exist with its legacy incarnation.

An existing C program doesn't even need to be converted to Checked C all at once; it can be converted file-by-file or function-by-function. Microsoft also claims the new-style checked constructions are "layout-compatible with existing pointer and array types." This high degree of backward and forward compatibility gives Checked C an advantage, but again, not an automatic win, as the language still has to pass into general use first.

 

1  2  Next Page 

Sign up for CIO Asia eNewsletters.