C言語でのシステム開発をより安全に！標準ライブラリ代替API「Lib0xc」が登場

Lib0xcは、より安全なシステムプログラミングを実現するために設計された、C標準ライブラリの代替となるAPIセットです。

I truly hope something like this catches on. There is so much low hanging fruit in both the C and C++ standard libraries. Spatial memory could be 90% solved in both languages by mandating the use of safe interfaces.

Interesting. I'll be studying this later tonight so I can apply it to my C projects. Especially clang's -fbounds-safety.

The title looks very promising. I’ve added this library to my to-do list to take a deeper look at it. Using this standart library within restricted safe subset of C++ can be a strong opponent for Zig (at least for myself).

there are no good reasons we don't do this in the standards themselves, C, C++, and POSIX should all be working on editions that add safer APIs and mark unsafe APIs as deprecated, to start a long term migration. we know how to do this, we've had a lot of success with this. there are real engineering concerns, sure, but they're not reasons to not do it. compilers and library chains can retain support for less safe variants for plenty of time.

I'm curious – is MSFT using this in production, or is this a "20% time" project? I'm not sure MSVC could compile the GNU extensions used.

Author here, I posted this in Show HN but someone clearly beat me to it. So I'll repost my blurb from there.

Various patterns for safer C programming have been cargo-culting around the industry for decades. Because the language evolves intentionally slowly, these patterns rarely get folded into the language as first-class constructs and are passed down through the generations in a sort of oral tradition of programming.

lib0xc leverages GNUC extensions and C11 features to codify safer C practices and patterns into real APIs with real documentation and real testing. Reduce your casts to and from void * with the context_t tagged pointer type. Enable type-checked, deferred function invocation with call_t. Interrogate structure descriptors with struct_field_t. Stop ignoring -Wint-conversion and praying you won't regret it when you assign a signed integer to an unsigned integer and use __cast_signed_unsigned. These are just a few of lib0xc's standard-library-adjacent offerings.

lib0xc also provides a basic systems programming toolkit that includes logging, unit tests, a buffer object designed to deal with types, a unified Mach-O and ELF linker set, and more.

Everything in lib0xc works with clang's bounds-safety extensions if they are enabled. Both gcc and clang are supported. Porting to another environment is a relatively trivial effort.

It's not Rust, and it's not type safety, but it's not supposed to be. It's supposed to help you make your existing C codebase significantly safer than it was yesterday.

My employer holds the copyright and has permitted its release under the MIT license.

Unfortunate naming. I thought this was about https://libxc.gitlab.io/ (https://libxc.gitlab.io/) but there's an extra '0' in the name here.

This is very cool!

Quick question for those who've tried it — does this play with existing C
codebases incrementally, or is it more of a "new project only" situation?
The README didn't make that obvious to me.