Guide |
Microsoft Open Source Checked C, this is a C language extension version, can be used to solve the C language of a series of security-related pitfalls. As the name suggests, Checked C adds a check to the C language, which can help developers check for common programming errors such as buffer overruns, memory overrun, incorrect type conversions, and so on. These programming errors are often the root cause of many major security breaches, such as shell-breaking vulnerability shellshock, heart Bleed vulnerability Heartbleed, worm sandworm, and so on. |
Checked C solves these problems by modifying the control pointers, which are used by programmers to define the memory addresses that their code operates on. When the number of pointers, pointer control is often easy to get busy, the larger the project tracking them the more difficult, similar to Chromium, Firefox, Office, OpenSSL and other large code base in this regard, there is such a problem, You can see a lot of these bug fixes from their changelog. "Checked C allows programmers to better describe how they want to use pointers, and the range of memory that pointers should point to," said Microsoft, "and this information can be used to add detection in the runtime environment to detect erroneous data access, rather than letting the error happen silently." ”
Checked C will also allow developers to detect misuse of functionality that they think the C language has, but is not actually. In terms of the programming world, this is called "Boundary check bounds checking" To check whether a variable/pointer is assigned to its scope, and C # and Rust already have that functionality, and not just that. Unfortunately, the widespread use of C and C + + does not have such a function, Microsoft would like to only need to make minimal changes to the existing C/D + + program, the use of Checked C can get security improvements, which will attract a large number of developers to start using Checked C.
The Checked C project has been put on GitHub. This is not the first time Microsoft has made its own interpretation of the basic programming language, and the company's programmers have created a superset of JavaScript called TypeScript, and it has been widely recognized.
Microsoft has taken another big step toward open Source: Checked C