News

Microsoft Research Modernizes C for Security, Reliability

• By David Ramel
• June 16, 2016

Microsoft Research published details on its open source Checked C project to increase the security and reliability of C code, which, despite being some 44 years old, still provides the bedrock code base for the bulk of systems software that runs today's infrastructure.

"The Checked C research project is investigating how to extend the C programming language so that programmers can write more secure and reliable C programs," Microsoft Research says on its Web site. "The project is developing an extension to C called Checked C that adds checking to C to detect or prevent common programming errors such as buffer overruns, out-of-bounds memory accesses, and incorrect type casts. The extension is designed to be used for existing system software written in C."

Although the project is in the research stage, it's already being put to use in real-world projects such as LLVM/clang. LLVM provides a set of modular and reusable compiler and toolchain technologies, according to its site, which describes Clang as "an "LLVM native" C/C++/Objective-C compiler, which aims to deliver amazingly fast compiles."

Reducing errors such as buffer overruns, bad type casts and mistakes with pointers -- which "point" to certain memory locations where specific data is supposed to reside rather than to the actual data itself -- can help with program reliability and security, Microsoft said. That's because pointers and array indices aren't bounds checked in C and C++, which borrows much from its older cousin.

"Between 2010 and 2015, buffer overflows accounted for between 10-16 percent of publicly reported security vulnerabilities in the U.S. National Vulnerability Database each year," Microsoft Research said in the latest version of the Checked C specification (PDF download), just published on Tuesday. "The vulnerabilities have affected software implemented in C and C++ that is widely used, including the Windows and Linux operating systems, the Internet Explorer, Chrome, and Safari Web browsers, the Apache Web server, the OpenSSL security library, scripting language implementations for Bash, Ruby, and PHP, and media playback software such as QuickTime."

While many more modern programming languages such as Java and C# include bounds checking by automatically adding it to data structures, that functionality isn't available to developers writing systems software.

"This is a problem for system software, where the programmer needs precise control over what a program is doing," Microsoft Research said. "In Checked C, the programmer controls the placement of information needed for bounds-checking and how the information flows through the program, so the programmer retains precise control over what a program is doing."

The Checked C extension provides new kinds of pointer types and array types, programmer-inserted dynamic checks, bounds declarations and many more mechanisms to address the aforementioned problems for developers writing new systems code or modifying legacy code.

"The Checked C extension will let programmers add checking to their programs to detect these kinds of errors when a program runs or while it is being written," the company said. "Existing system software can be modified incrementally in a backwards-compatible fashion to have this checking."

Microsoft Research said the Checked C project is an open and collaborative research project, undertaken with the cooperation of researchers at the University of Maryland and incorporating feedback from other researchers at Samsung and Cornell.