Checked C adds static and dynamic checking to C to detect or prevent common programming errors such as buffer overruns and out-of-bounds memory accesses. The goal of the project is to improve systems programming by making fundamental improvements to C. This repo contains sample code, the extension specification, and test code.

• For a quick overview of Checked C, more information, and pointers to example code, see our Wiki.
• The PDF of the specification is available here.
• Compilers are available here.
• The Checked C clang repo is here.
• The instructions to build and test the Checked C compiler are documented on the Checked C clang wiki.

• We presented a research paper on Checked C at the IEEE 2018 Cybersecurity Development Conference: "Checked C: Making C Safe by Extension". The paper describes the key ideas of Checked C in 8 pages. Note that we have added features to Checked C for improving type safety (and reducing type confusion) since writing the paper. The Wiki and specification provide up-to-date descriptions of Checked C.

• We presented another paper on Checked C at the 2019 Principles of Security and Trust Conference: "Achieving Safety Incrementally With Checked C". This paper describes a tool for converting existing C code to use Ptr types. It also proves a blame property about checked regions that shows that checked regions are blameless for any memory corruption. This proof is formalized for a core subset of the language extension.

• We presented a poster at the LLVM Dev Meeting 2019: "Overflows Be Gone: Checked C for Memory Safety". The poster provides an introduction to Checked C, outlines the compiler implementation and presents an experimental evaluation of Checked C.

• We presented a talk (slides) at the 2020 LLVM Virtual Dev Meeting: "Checked C: Adding memory safety support to LLVM". The talk describes the design of bounds annotations for checked pointers and array pointers as well as the framework for the static checking of the soundness of bounds. We also briefly describe novel algorithms to automatically widen bounds for null-terminated arrays and for comparison of expressions for equivalence.

Configuration	Testing	Status
Debug X86 Windows	Checked C and clang regression tests
Debug X64 Windows	Checked C and clang regression tests
Debug X64 Linux	Checked C and clang regression tests
Release X64 Linux	Checked C, clang, and LLVM nightly tests

We're happy to have the help! You can contribute by trying out Checked C, reporting bugs, and giving us feedback. There are other ways to contribute too. You can watch the announcement page for announcements about the project.

The software in this repository is covered by the MIT license. See the file LICENSE.TXT for the license. The Checked C specification is made available by Microsoft under the OpenWeb Foundation Final Specification Agreement, version 1.0. Contributions of code to the Checked LLVM/clang repos are subject to the CLANG/LLVM licensing terms.

This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact [email protected] with any additional questions or comments.