CheckedC: A Language Extension to Help Eliminate Memory Errors

Checked C is a research project from Microsoft which adds static and dynamic (runtime) checking for errors such as buffer overruns, out-of-bounds memory accesses, and incorrect type casts.

The project is implemented as an extension to the C language. New pointer and array types are provided with the goal of allowing programmers to better describe intended pointer use and the range of memory that is pointed to. The new Checked C types are:

  • ptr<T>: a pointer without bounds checking, cannot be used in pointer arithmetic, cannot be null when accessing memory
  • array_ptr<T>: a pointer to an element of an array, no bounds checking, can be used in pointer arithmetic, cannot be null when accessing the memory
  • span<T>: a pointer with bounds information, supports pointer arithmetic, cannot be null when accessing memory
  • T array_var checked[s]: an array of type T with size s which is bounds checked

The types provide flexibility - developers can select between types with and without bounds checking, as well as between types that can or cannot be used in pointer arithmetic.

Since Checked C is an extension to the C language, you will need a compiler that supports it. Microsoft provides a port of clang and LLVM that support the extension.

CheckedC can help you identify and eliminate common memory errors which plague us as C & C++ developers. Even better, existing C programs compiled with a Checked C compiler will continue to work. Raw pointers (e.g. int *) remain unchecked and pointer arithmetic is still allowed.

Further Reading

For more on Checked C: