This paper presents a new approach to enforcing array bounds and pointer checking in the C language. Checking is rigorous in the sense that the result of pointer arithmetic must refer to the same object as the original pointer (this object is sometimes called the 'intended referent'). The novel aspect of this work is that checked code can inter-operate without restriction with unchecked code, without interface problems, with some effective checking, and without false alarms. This ``backwards compatibility'' property allows the overheads of checking to be confined to suspect modules, and also facilitates the use of libraries for which source code is not available. The paper describes the scheme, its prototype implementation (as an extension to the GNU C compiler), presents experimental results to evaluate its effectiveness, and discusses performance issues and the effectiveness of some simple optimisations.