Famed mathematician, cryptographer and coder Daniel J. Bernstein has tried out the new type-safe C/C++ compiler, and he’s given it a favorable report.

The modestly titled Notes by djb on using Fil-C doesn’t sound like much, and indeed, the introduction is similarly modest:

A year ago, The Register introduced readers to Fil-C, a new memory-safe C and C++ compiler. It’s based on Clang, which is the Apple-developed [PDF] front-end for the LLVM compiler for the C family of languages. We first mentioned Clang in February 2011 and by December that year reported that Nvidia was switching to it.

Fil-C isn’t the only tool of its kind – the Reg covered it mere weeks after another, Robin Rowe’s TrapC. There are also hardware efforts to bring much greater memory safety to C and C++, notably the CHERI project which has feratured in these pages more than once. Another is OMA, the Object Memory Architecture, which emerged from founder Ed Nutting’s PhD research on an Interleaved Hardware Garbage Collector – Nutting compared the two last month in a blog post called Two Paths to Memory Safety.

It’s a hot area of research, and there are more than these two hardware approaches. Fil-C has some of the same aims as CHERI. In response to a comment on Hacker News that “Fil-C is basically CHERI in software”, Filip Pizlo, the author of Fil-C, responded:

There is a lot at stake here. There are billions of lines of C (and C++) code out there, and the language’s extreme lack of safety is responsible for the bulk of the software vulnerabilities that require constant updates.

Fil-C isn’t a panacea, but it’s a very interesting step. It can trap whole categories of C error. Of course, there are drawbacks – code compiled with Fil-C runs rather more slowly than usual for C code, and it’s not completely ABI-compatible with what its author terms “Yolo-C”. You can’t simply recompile your OS’s entire C codebase and run it as before, nor can you just intermix normal C and Fil-C. However, it could be used to make some discrete components of a large C system much safer. Since that’s also one of the selling points of Rust (and Zig, Hare, and a lot of other modern “systems languages,” as this 2024 survey discusses), then Fil-C rather tilts the balance back towards plain old C.

• Boffins carve up C so code can be converted to Rust
• Rust haters, unite! Fil-C aims to Make C Great Again
• To kill memory safety bugs in C code, try the TrapC fork
• The US government wants developers to stop using C and C++

When it comes to C, Dan Bernstein should know. He wrote some of the safest C code out there – in 2009, he offered a $1,000 bounty to anyone who could find a security hole in his DNS server, djbdns. Even 16 years later, he still does. He offers the same for his mail transfer agent qmail. And we reported on his cryptography-related activities more than a quarter of a century ago.

His reputation is such that he’s sometimes known as just “DJB” – in other words, he’s a Three Letter Person, along with RMS, ESR, and JWZ.

You may indeed find something useful here, but for those of us who are not skilled C or C++ developers – and here the Reg FOSS desk aspires to attain the level of grug brain – it’s more about the author than the content. ®