@fj At Apple, I maintained a lot of C code in the OS written in the past by others using many of the libc (and bsd) functions that are considered to be "unsafe”, but I never had time to rewrite all of that code because often “feature work > maintenance work”. If I were still working, I would have had used -fbounds-safety in all of those code bases.

Note that much of that old code did its own bounds checking (for example, by checking string lengths against the buffer size before calling strcat), but I'm sure it could have been done more efficiently.