We made variably modified types mandatory in C23. Compiler support for bounds checking is improving (via UBSan). Static analysis is improving (a bit). Flexible array members can now be secured using length information provided by an attribute. So yes, things are moving in the right direction. For the version after C23 I am relatively sure we will see a bounded pointer type.
The question is whether the fat pointer types will be useful and accesible enough for developers to migrate to them from the pointer+size combination. VMTs, which are considered the current best practice (recommended by CERT too), have a bad name associated with them, due to automatic VLAs and the whole unbounded stack allocation debate, are not compatible with C++, and most notably, Microsoft and some other vendors, like CompCert refuse to implement them. These things mean that programmers are less likely to use them. Also most teaching material for C is stuck on C89isms which doesn't help (just ask a student how to pass a 2D array in a function). I would love for fat pointers to enter the standard (either Walter Bright or Dennis Ritchie's syntax is fine, though a `lengthof` operator is absolutely necessary imo), but if Microsoft and other vendors are not going to implement them and compatibility with other languages (C++, SystemC, OpenCL, ISPC, etc.) is poor, I'm afraid that we will continue to see the confusing pointer+size method.
I think fat pointers are relatively straightforward. VLAs and VMTs are now supported by many compilers (with some exceptions) even very small ones. Microsoft did - for a long time - not implement anything after C89 and wanted people to use C++. They now catched up and I hope that they will implement VMTs as well. Microsoft Research has CheckedC and I hope at some point someone there will understand that VMTs are very similar to what they have their except with better syntax.
C11 threads are now available in VS preview, so there is still hope, though one can't be sure for anything in these times (it's still funny that tcc has support for VMTs and MSVC doesn't). As for the fat pointer discussion, it would be a net positive in the standard (even better if there was an easy way to get access to the length, without using `sizeof`+division). Also, thank you for your contributions to the standard, I'm looking forward to see what people will cook with N3003 once compiler support lands!
