The pointer and array access checking technique by Austin et al. [2] is a source-to-source translator that transforms C pointers into the extended pointer representation called safe pointer, and inserts access checks before pointer or array dereferences. The safe pointer contains fields such as the base address, its size and the scope of the pointer. Those fields are used by the access check to determine whether the pointer is valid and is within the range. Since it changes the pointer representation, it is not compatible with existing programs.
The array bounds and pointer checking technique by Jones and Kelly [10] is an extension to the GNU C compiler that imposes the access check on C pointers and arrays. Instead of changing the pointer representation, it maintains a table of all the valid storage objects that holds such informations as the base address and size etc. The heap variables are entered into the table via a modified malloc() function and deleted from the table via a modified free() function. Stack variables are entered into / deleted from the table by the constructor / destructor function, which is inserted inside a function definition at the point a stack variable enters / goes out of the scope. The access check is done by substituting the pointer and array operations with the functions that perform bounds check using the table in addition to the original operation. Since native C pointers are used, this technique is compatible with existing programs.
The obvious advantage of array bounds checking approaches are that they completely eliminate buffer overflow vulnerabilities. However, these are also the most expensive solution, particularly for pointer- and array-intensive programs since every pointer and array operation must be checked. This may not be suitable for a production system.