Microsoft wants to help developers create better and more reliable C programs. The company is currently conducting research into how it can extend the C programming language and help developers build more secure solutions.
According to the company, most system software such as operating systems, browsers, database and programming language interpreters are written using C or C++. The problem is that these languages often present programming errors that can lead to security vulnerabilities and unreliable software. As a result, Microsoft wants to create an extension dubbed Checked C to help programmers detect and prevent common errors like buffer overruns, out-of-bounds memory accesses, and incorrect type casts.
“The Checked C extension will let programmers add checking to their programs to detect these kinds of errors when a program runs or while it is being written. Existing system software can be modified incrementally in a backward-compatible fashion to have this checking,” wrote the Microsoft Research team in a post.
In addition, developers will be able to tell the extension how they are going to use pointers and the range of memory in order to make sure their programs don’t read or write the wrong data.
“Many programming languages already have bounds checking,” the team wrote. “C# and Java are examples of such languages. However, those languages automatically add the information needed for bounds checking to data structures. This is a problem for system software, where the programmer needs precise control over what a program is doing.
“In Checked C, the programmer controls the placement of information needed for bounds checking and how the information flows through the program, so the programmer retains precise control over what a program is doing.”
The company is making the extension’s specification, test code and samples available via GitHub, where developers can also contribute to the specification and compiler implementation.