This internship provides an opportunity to work on the Checked C project that aims to make programs more secure and reliable by ensuring their memory safety.
Microsoft is looking for currently enrolled PhD/MS(research-based) students in PL/Compilers/Static Analysis or closely related areas who have already taken a course in Compilers/Static Analysis and who have had at least a year’s experience implementing research ideas or doing related development.
The internship involves implementing some parts of the Checked C language extension in the Checked C compiler based on clang/LLVM. It may also involve implementing static checking for Checked C, prototyping or implementing language features for static checking, and other aspects of the Checked C compiler implementation.
More details are present in the internship posting.
The Checked C Project:
The Checked C project is investigating how to improve the C programming language. C and C++ are the languages of choice for system programming. Checked C is an extension to C that adds checking to detect or prevent common programming errors like unsafe typecasts, null dereferences and illegal memory accesses caused by buffer overflows. Checked C does this by allowing a programmer to specify bounds for arrays and pointers that are then checked. A programmer specifies bounds on the range of memory locations that can be legally accessed by each array or pointer, using program variables. The Checked C compiler ensures that all accesses to memory through these array and pointer variables honor the programmer-specified bounds. Checked C is particularly useful in dealing with legacy C code. The design of Checked C allows one to incrementally convert code in C that may potentially be insecure and vulnerable into secure code in Checked C. Partially converted C code is still a valid Checked C program. A novel aspect of the Checked C extension is that it incorporates extensive static checking into the language definition. More information on Checked C can be found at https://github.com/Microsoft/checkedc.