Fail-Safe C is a safe implementation of the C language being developed
by Oiwa et al. in the Yonezawa group.  It uses its own internal data
representations such as 2-word pointers and memory blocks with headers
describing their contents.  Because of this, calls to external
functions compiled by conventional compilers require conversion of
data representations.  Moreover, for safety, many of those functions
need additional checks on their arguments and return values.

This paper presents a method of semi-automatically generating stub
code doing such work.  Our approach is to develop an Interface
Definition Language to describe what the stubs have to do before and
after function calls.  Our language is based on CamlIDL, which was
developed for a similar purpose between Objective Caml and C.  Our IDL
processor generates code by using the types and the \emph{attributes}
of function parameters.  Attributes are additional information
describing properties which cannot be expressed only by types such as
whether a pointer can be NULL, what range of memory can be safely
accessed via a pointer, etc.  We examined Linux system calls as test
cases and designed a (not so large) set of attributes necessary for
generating their stub code.