Most C tutorials teach you to write code that seems to work. They show syntax, patterns, maybe some best practices. Then you ship, and something explodes.
The Ariane 5 rocket exploded because of an integer overflow. The Therac-25 killed patients because of race conditions. Knight Capital lost $440 million in 45 minutes because of a deployment bug. These weren’t written by bad programmers. They were written by engineers who didn’t have a methodology for proving their code correct.
C From Scratch is now available on Leanpub. It teaches a different approach: prove your code correct before you write it.
The Problem with Traditional C Education
Traditional C courses follow a predictable path: variables, loops, functions, pointers, then “good luck with memory management.” They teach syntax but not safety. They show how to write code but not how to verify it works.
The result is a generation of programmers who can write C but can’t prove their C is correct. In web development, this leads to bugs. In safety-critical systems, it leads to disasters.
The gap between “learning C” and “writing certified C” shouldn’t require a decade of on-the-job training to bridge. The methodology exists. It just hasn’t been taught to beginners.
The MATH → STRUCT → CODE → TEST Methodology
The book introduces a four-phase approach used in safety-critical development:
MATH: Before writing any code, define the mathematical properties. What invariants must hold? What are the preconditions and postconditions? What does “correct” even mean for this function?
STRUCT: Design data structures that make incorrect states unrepresentable. If the structure enforces the invariants, the code can’t violate them.
CODE: Implementation becomes transcription. The mathematics tells you what to write. The structure tells you how to write it.
TEST: Verify that the implementation satisfies the mathematical specification. Every contract clause becomes a test case.
This isn’t academic exercise. It’s how flight control software, pacemakers, and automotive safety systems are actually built. The book makes that methodology accessible to anyone learning C.
What the Book Covers
Part I: Foundations (Chapters 1-3)
The book opens with philosophy — why undefined behaviour exists, why the C standard allows it, and why this matters. Then fixed-width integers (and why int destroyed a $370 million rocket), followed by booleans and decision logic.
Every chapter opens with a real disaster. Ariane 5 for integer overflow. Therac-25 for state machine failures. These aren’t scare tactics — they’re motivation for why rigour matters.
Part II: Memory (Chapters 4-7)
Arrays with bounds checking. Strings done right (why gets() was removed from C11, why strncpy() isn’t the answer). Structures that enforce invariants at compile time. Pointers without the mystery.
The memory chapters emphasise static allocation over dynamic. In safety-critical systems, malloc() is often forbidden entirely. The book teaches patterns that work within those constraints.
Part III: Behaviour (Chapters 8-9)
Functions with contracts — preconditions, postconditions, and how to enforce them. State machines that can’t enter invalid states, with transitions defined as mathematical functions.
The state machine chapter introduces the dense matrix pattern for O(1) transition lookup, and explains why the order of operations (update state, then run action) matters for crash safety.
Part IV: Integration (Chapters 10-11)
A complete tic-tac-toe implementation that treats a toy problem with the severity of flight control software. Every function has contracts. Every invariant is enforced. The validator proves the game state is mathematically consistent.
The final chapter bridges to production: DO-178C for aerospace, IEC 62304 for medical devices, ISO 26262 for automotive. It shows how the book’s methodology maps directly to certification requirements.
Appendices
Four appendices cover practical tooling: development environment setup (compiler flags, static analysis, CI), a contracts quick reference, further reading (from MISRA to Nancy Leveson), and a comprehensive catalogue of undefined behaviours.
Who This Book Is For
Self-taught developers wanting rigorous foundations. If you’ve learned C from tutorials and Stack Overflow, this book fills the gaps they left.
Engineers transitioning to safety-critical domains. The methodology translates directly to certification work. The book explains what DO-178C, IEC 62304, and ISO 26262 actually require.
Students tired of “just trust me” explanations. Every claim is grounded in mathematics or demonstrated with code. No magic, no hand-waving.
Embedded developers wanting formal verification intuition. Even without using formal methods tools, thinking in contracts catches bugs at design time.
Anyone burned by undefined behaviour. If you’ve ever had code that “works in debug but fails in release,” this book explains why and how to prevent it.
The Companion Course
The book accompanies the open-source c-from-scratch course, which provides hands-on modules for building safety-critical components:
- Pulse: Existence detection
- Baseline: Statistical normalcy
- Timing: Jitter analysis
- Drift: Trend detection
- Consensus: Triple modular redundancy
- Pressure: Bounded queues with backpressure
- Mode: System orchestration
Each module follows the same MATH → STRUCT → CODE → TEST methodology, with complete implementations and test suites.
Why Now
Safety-critical software is expanding beyond traditional domains. Autonomous vehicles, medical AI, drone delivery, industrial automation — all require software that doesn’t just work but can be proven to work.
The engineers building these systems need training. Not just syntax tutorials, but methodology. Not just “how to write C” but “how to write C that won’t kill someone.”
That’s what this book teaches.
Getting the Book
C From Scratch is available now on Leanpub.
The book includes:
- 11 chapters covering philosophy through production
- 4 appendices with practical tooling and references
- Complete, compilable code examples throughout
- Exercises with the “prove first, then implement” pattern
Leanpub’s model means you get updates as the book evolves. Buy once, receive all future revisions.
Conclusion
The gap between “knowing C syntax” and “writing certifiable C” is real, but it doesn’t have to take a decade to cross. The methodology exists. It’s been used in aerospace, medical devices, and automotive systems for years.
C From Scratch makes that methodology accessible to anyone willing to think before they code.
The disasters that opened each chapter didn’t happen because engineers were careless. They happened because engineers lacked a systematic approach to proving correctness. This book provides that approach.
Write code as if lives depend on it. Sometimes they will.
C From Scratch is available on Leanpub. The companion course is open-source at github.com/SpeyTech/c-from-scratch.