February 19, 2026
Bounds wars: C vs C++ cage match
-fbounds-safety: Enforcing bounds safety for C
Seatbelts for C: fans cheer, C++ snarks, everyone asks “when”
TLDR: A new C extension, -fbounds-safety, would stop dangerous memory mistakes by trapping out-of-bounds access, but it’s still a design, not shipped. Commenters split between wanting whole operating systems built with it, saying “just use C++,” and demanding timelines, citing Microsoft-style annotations as a workaround.
C’s infamous memory mishaps may finally get training wheels: -fbounds-safety promises to clamp pointers to their lane and slam the brakes if code tries to peek outside the fence. The doc says it’s been used across “millions of lines” and keeps compatibility, but also admits it’s still a design and not user-ready — cue the comment section fireworks. One camp is ecstatic: musicale dreams of “an OS where all C is compiled this way,” even name-dropping OpenBSD and CHERI-BSD, while worldsavior wonders why this isn’t already in the big compilers and calls it an obvious security win. Another camp delivers the spicy C vs. C++ clapback: nananana9 drops a five-line C++ “Slice” and quips, basically, “just use C++” — no exotic annotations, no drama. Meanwhile, impatience becomes the meme: ndiddy remembers hearing about this years ago and asks if anything has actually shipped, pointing to Microsoft’s SAL annotations as a practical cousin. The thread devolves into seatbelts vs. sports car jokes, “fat pointers” vs. “portable slices,” and the eternal “ship it already.” It’s safety, compatibility, and a whole lot of timeline thirst, with the crowd split between deploy-everywhere now and just switch languages.
Key Points
- •-fbounds-safety is a proposed C extension that enforces bounds safety by inserting compiler checks and trapping on out-of-bounds accesses.
- •Programmers annotate pointers (e.g., __counted_by(N)); the compiler verifies accesses at compile time or runtime and rejects code lacking sufficient bounds info.
- •The design reconciles explicit annotations at ABI boundaries with implicit fat pointers for locals, preserving C ABI compatibility and reducing annotation burden.
- •The extension supports incremental, partial adoption, interoperates with plain C, conforms to C, and can compile on unsupported toolchains via annotation-empty macros.
- •It has been used on millions of lines of production C code and validated in a consumer OS setting; the document remains under active design updates.