> A safe variant of C wouldn't have been that hard to create, but the culture wouldn't permit it.
C is a non-language. It's a tool used to give developers complete control of the hardware. It's just one step up from Assembler (to make the developers job a little bit easier).
Adding type checking, buffer overflow mitigation, or any other extraneous domain-specific feature is completely outside scope of the language. If you need those features, write a language, dialect, or compiler extension which supports them.
Anyhow, I seriously object to calling "buffer overflow mitigation" a "domain specific feature" since there's hardly a domain that hasn't been hammered by it being missing.
Furthermore, obviously the C that is not C is not the true C. I'm not trying to play semantics. My point is that "not the true C" should have been written decades ago and completely replaced C swiftly. There's an old saying about how you can make any program run quickly if there's no requirement for it to be correct. I don't care how small your processor is or how special your embeddedness makes you; ample evidence says that letting input data segfault your or worse, get executed as code, is a real and pressing problem, vs. the almost-always hypothetical problems of a little bit of overhead when dealing with buffers (to do it properly, no less). Start with correct code.
By the way, as I use this word "correct" I'm feeling a bit like an academic wonk, but bear in mind that I'm not talking "provable" or anything. I'm talking about making tens of thousands of critical security bugs over the past several decades go away, with programmers actually spending less time on bugs, too. It's not exactly a hypothetical consideration.
> Anyhow, I seriously object to calling "buffer overflow mitigation" a "domain specific feature" since there's hardly a domain that hasn't been hammered by it being missing.
C is a non-language. It's a tool used to give developers complete control of the hardware. It's just one step up from Assembler (to make the developers job a little bit easier).
Adding type checking, buffer overflow mitigation, or any other extraneous domain-specific feature is completely outside scope of the language. If you need those features, write a language, dialect, or compiler extension which supports them.