Stephen Kell, in "Some Were Meant for C: The Endurance of an Unmanageable Language", writes a simple and fairly strong argument that, for C, that's not a valid complaint. Since C is a systems language, the proper place to look for those (particularly runtime) checks is in the combination of the C standard and the system it's running on, particularly the hardware.
Edit: "Compiler optimizations can lead to
. For example, a false positive that was found in an ASan-instrumented
Firefox build was caused by load-widening  where a series of loads is transformed into a single load of several memory values at once while potentially exceeding the bounds of
an object. Due to platform-specific alignment requirements,
such an optimization can be correct at the system level; however, ASan classified it as a bug because the access would
be out of bounds in C."
Yep, there we go.
Actually C11 Annex K does.
It's just that it is ignored because it came from Microsoft.
"In this paper, we have presented a novel bug-finding tool
for C programs that is based on abstraction of the underlying machine. We implemented our approach in a tool called
Safe Sulong, which discovered several errors in open-source
projects that current bug-finding tools could not find. By
using dynamic compilation, Safe Sulong reaches a peak performance that is comparable to that of Clang
, and even
that of Clang
in some cases."
Does anyone know if such library is available somewhere?
From the FAQ:
> When building musl, you will also need a C99 compiler with support for gcc-style __asm__ statements and assembly source files, and weak symbol support in the linker. gcc 3.3 or later (with the GNU assembler and linker) and clang 3.2 or later are known to work.
They state that "we provide our own libc that is written in standard C and is optimized for safety instead of performance", but I don't see where to find it.
on top of an existing unsafe libc, if glibc, bsd, musl or windows msvcrt/ulibc.