Decades of experience teach us (1) that the great mass of buggy C code is simply not going away, and the best we can hope for is that it dwindles into more niche situations (compare Fortran and COBOL: those codebases haven't gone away either); and (2) that mitigations at the hardware and system software level are of at least some use, if they can be implemented without breaking a significant chunk of that great mass of existing C code. My impression is that "make arrays track their sizes and trap on bad accesses" may be a valid-to-the-standard C implementation but it breaks too much real-world code (I don't have references to hand though, so it could be a wrong impression).