HN
Today

Lib0xc: A set of C standard library-adjacent APIs for safer systems programming

Microsoft has released lib0xc, a library offering C standard library-adjacent APIs designed to make systems programming safer by codifying best practices and leveraging modern compiler extensions. This project addresses C's inherent safety challenges without a full language overhaul, sparking community interest in practical, incremental improvements for existing C codebases. Discussions highlight the tension between C's backward compatibility and the desire for more robust, standardized safety features, comparing it to modern languages like Zig.

36
Score
17
Comments
#7
Highest Rank
16h
on Front Page
First Seen
May 1, 9:00 PM
Last Seen
May 2, 12:00 PM
Rank Over Time
20111378810101313161316242324

The Lowdown

Microsoft's lib0xc is a new library aiming to enhance safety in C programming by providing a set of APIs that are familiar yet safer alternatives to standard C library functions. While acknowledging C's limitations in achieving full type and bounds safety at the language level, lib0xc focuses on making its prevailing uses significantly more secure through codified patterns and modern compiler features.

Key aspects and goals of lib0xc include:

  • Stricter Compilation: Designed to facilitate projects using aggressive compiler warnings like -Wall -Wextra -Werror by providing APIs that avoid common pitfalls that would otherwise trigger these warnings.
  • Familiarity and Ease of Adoption: APIs are named and structured to resemble standard library functions, enabling them to be drop-in replacements where appropriate for easier integration into existing projects.
  • Embracing Static Bounds: Leans heavily on the C preprocessor to work with fixed-sized data structures, asserting size information at compile-time to avoid dynamic allocation issues.
  • Clang Bounds-Safety Integration: Fully supports and leverages clang's -fbounds-safety extensions, allowing for source-compatible memory bounds tracking.
  • Codifying Best Practices: Aims to formally document and thoroughly test safe C programming patterns that have existed in various forms for decades, rather than inventing new paradigms.
  • 'Pit of Success' Design: APIs are designed to be easier to use correctly than incorrectly, addressing common liabilities stemming from poorly-designed standard C API contracts.
  • Comprehensive Components: Offers standard library extensions (e.g., alloc.h for typed allocation, cursor.h for in-memory I/O, int.h for safe integer conversions, string.h for static string variants) and systems programming utilities (e.g., buff.h for bounded buffers, log.h for object-oriented logging, queue.h for bounds-safe queues).
  • Prerequisites: Requires C11 with GNU extensions, clang or gcc (with clang recommended), and GNU Make, supporting macOS and Linux platforms.

In essence, lib0xc offers a pragmatic, incremental approach to making C code more robust. It empowers developers to build safer systems without requiring a complete rewrite in a new language, by formalizing common safe practices and leveraging modern compiler capabilities.

The Gossip

Author's Account and Adaptability Affirmations

The author of `lib0xc` clarifies the library's core philosophy: to codify decades of safer C programming patterns into real, documented APIs using GNU extensions and C11 features. They emphasize it's not a replacement for Rust but a tool to enhance existing C codebases. Crucially, the author confirms `lib0xc` is designed for incremental adoption, allowing developers to gradually integrate safer practices like replacing `sprintf` with `ssprintf` or using `__cast_signed_unsigned` for integer conversions, and notes its eventual production use within Azure.

Standardizing Safety: A Lingering Lament

Commenters expressed frustration over the C and C++ standards bodies' perceived reluctance to incorporate similar safety features directly into the languages. Many argue that decades were spent denying safety problems or deferring solutions, leading to a missed opportunity for standardized safer APIs and deprecation of unsafe ones. The sentiment is that while standards prioritize stability and backward compatibility, this often comes at the cost of security and usefulness, highlighting a long-standing tension in language evolution.

C's Future: Beyond Bounds, Towards Broader Bounding

A significant thread explored how `lib0xc` compares to modern, safety-oriented systems languages like Zig or Odin. The author clarified that `lib0xc` primarily provides _bounds_-safety, whereas newer languages offer a broader spectrum of _type_-safety and advanced features like compile-time expression evaluation. This led to a discussion on what fundamental language features C would need to offer a comparable user experience, with suggestions including protocols/traits, improved stack allocation, standardized format specifiers, and first-class bounds safety annotations.