Is there any solution to write C code free from undefined behavior and vulnerability without paying for any tools?

You can use Frama-C open-source toolset, notably its (Evolved) Value Analysis and WP plug-ins:

  http://frama-c.com/

Value analysis is more used to prove absence of undefined behavior, while WP could be used to prove functional properties. Of course, proving complex system-wide properties like in seL4 needs another toolset (Isabelle, Haskell, ...).

Both Value analysis and moreover WP are complex tools, so you need some practice to use them. But you'll find good documentation and tutorials on the web, e.g.:

• http://blog.frama-c.com/index.php?post/2017/03/07/A-simple-EVA-tutorial
• http://blog.frama-c.com/index.php?post/2017/03/17/A-simple-tutorial-part-two
• http://blog.frama-c.com/index.php?post/2017/04/11/A-simple-EVA-tutorial%2C-part-3
  

Best regards,
david