Checked C is a research project from Microsoft which adds static and dynamic (runtime) checking for errors such as buffer overruns, out-of-bounds memory accesses, and incorrect type casts.
The project is implemented as an extension to the C language. New pointer and array types are provided with the goal of allowing programmers to better describe intended pointer use and the range of memory that is pointed to. The new Checked C types are:
ptr<T>
: a pointer without bounds checking, cannot be used in pointer arithmetic, cannot be null when accessing memoryarray_ptr<T>
: a pointer to an element of an array, no bounds checking, can be used in pointer arithmetic, cannot be null when accessing the memoryspan<T>
: a pointer with bounds information, supports pointer arithmetic, cannot be null when accessing memoryT array_var checked[s]
: an array of type T with sizes
which is bounds checked
The types provide flexibility – developers can select between types with and without bounds checking, as well as between types that can or cannot be used in pointer arithmetic.
Since Checked C is an extension to the C language, you will need a compiler that supports it. Microsoft provides a port of clang and LLVM that support the extension.
CheckedC can help you identify and eliminate common memory errors which plague us as C & C++ developers. Even better, existing C programs compiled with a Checked C compiler will continue to work. Raw pointers (e.g. int *
) remain unchecked and pointer arithmetic is still allowed.
Further Reading
For more on Checked C: