Famed mathematician, cryptographer and coder Daniel J. Bernstein has tried out the new type-safe C/C++ compiler, and he's given it a favorable report.

The modestly titled [1]Notes by djb on using Fil-C doesn't sound like much, and indeed, the introduction is similarly modest:

I'm impressed with the level of compatibility of the new memory-safe C/C++ compiler Fil-C (filcc, fil++). Many libraries and applications that I've tried work under Fil-C without changes, and the exceptions haven't been hard to get working.

I've started accumulating miscellaneous notes on this page regarding usage of Fil-C. My selfish objective here is to protect various machines that I manage by switching them over to code compiled with Fil-C, but maybe you'll find something useful here too.

A year ago, The Register [2]introduced readers to Fil-C , a new memory-safe C and C++ compiler. It's based on [3]Clang , which is the [4]Apple-developed [PDF] front-end for the [5]LLVM compiler for the C family of languages. We [6]first mentioned Clang in February 2011 and by December that year [7]reported that Nvidia was switching to it .

Fil-C isn't the only tool of its kind – the Reg covered it mere weeks after another, [8]Robin Rowe's TrapC . There are also hardware efforts to bring much greater memory safety to C and C++, notably the [9]CHERI project which has feratured in these pages [10]more than once . Another is OMA, the Object Memory Architecture, which emerged from founder Ed Nutting's PhD research on an [11]Interleaved Hardware Garbage Collector – Nutting compared the two last month in a blog post called [12]Two Paths to Memory Safety .

It's a hot area of research, and there are more than these two hardware approaches. Fil-C has some of the same aims as CHERI. In response to a comment on Hacker News that "Fil-C is basically CHERI in software", [13]Filip Pizlo , the author of Fil-C, [14]responded :

It's not, actually.

Fil-C is more compatible with C/C++ than CHERI, because Fil-C doesn't change sizeof(void*) .

Fil-C is more compatible in the sense that I can get CPython to work in Fil-C and to my knowledge it doesn't work on CHERI.

Fil-C also has an actual story for use-after-free. CHERI's story is super weak.

There is a lot at stake here. There are billions of lines of C (and C++) code out there, and the language's extreme lack of safety is responsible for the bulk of the software vulnerabilities that require constant updates.

Fil-C isn't a panacea, but it's a very interesting step. It can trap whole categories of C error. Of course, there are drawbacks – code compiled with Fil-C runs rather more slowly than usual for C code, and it's not completely ABI-compatible with what [15]its author terms "Yolo-C" . You can't simply recompile your OS's entire C codebase and run it as before, nor can you just intermix normal C and Fil-C. However, it could be used to make some discrete components of a large C system much safer. Since that's also one of the selling points of Rust (and Zig, Hare, and a lot of other modern "systems languages," as this [16]2024 survey discusses), then Fil-C rather tilts the balance back towards plain old C.

[17]Boffins carve up C so code can be converted to Rust

[18]Rust haters, unite! Fil-C aims to Make C Great Again

[19]To kill memory safety bugs in C code, try the TrapC fork

[20]The US government wants developers to stop using C and C++

When it comes to C, Dan Bernstein should know. He wrote some of the safest C code out there – in 2009, [21]he offered a $1,000 bounty to anyone who could find a security hole in his DNS server, [22]djbdns . Even 16 years later, he [23]still does . He offers [24]the same for his mail transfer agent [25]qmail . And we [26]reported on his cryptography-related activities more than a quarter of a century ago.

His reputation is such that he's sometimes known as just "DJB" – in other words, he's a [27]Three Letter Person , along with RMS, ESR, and JWZ.

[28]

You may indeed find something useful here, but for those of us who are not skilled C or C++ developers – and here the Reg FOSS desk aspires to attain the level of [29]grug brain – it's more about the author than the content. ®

Get our [30]Tech Resources



[1] https://cr.yp.to/2025/fil-c.html

[2] https://www.theregister.com/2024/11/16/rusthaters_unite_filc/

[3] https://clang.llvm.org/

[4] https://llvm.org/devmtg/2007-05/09-Naroff-CFE.pdf

[5] https://llvm.org/

[6] https://www.theregister.com/2011/02/09/fosdem_2011_roundup/

[7] https://www.theregister.com/2011/12/16/nvidia_llvm_cuda_app_dev/

[8] https://www.theregister.com/2024/11/12/trapc_memory_safe_fork/

[9] https://www.cl.cam.ac.uk/research/security/ctsrd/cheri/

[10] https://www.theregister.com/Tag/CHERI/

[11] https://www.bristol.ac.uk/research/groups/trustworthy-systems-laboratory/research/innovative-hardware-design/ihgc/

[12] https://ednutting.com/2025/10/05/cheri-vs-oma.html

[13] https://fil-c.org/meet_fil

[14] https://news.ycombinator.com/item?id=45570029

[15] https://fil-c.org/runtime

[16] https://wiki.alopex.li/SurveyOfSystemLanguages2024

[17] https://www.theregister.com/2025/01/03/mini_c_microsoft_inria/

[18] https://www.theregister.com/2024/11/16/rusthaters_unite_filc/

[19] https://www.theregister.com/2024/11/12/trapc_memory_safe_fork/

[20] https://www.theregister.com/2024/11/08/the_us_government_wants_developers/

[21] https://www.theregister.com/2009/02/28/djbdns_cache_poisoning_vulns/

[22] https://cr.yp.to/djbdns.html

[23] https://cr.yp.to/djbdns/guarantee.html

[24] https://cr.yp.to/qmail/guarantee.html

[25] https://cr.yp.to/qmail.html

[26] https://www.theregister.com/1999/05/07/us_crypto_laws_unconstitutional/

[27] https://wiki.c2.com/?ThreeLetterPerson

[28] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_software/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2aQsuRv-r-wH-ONwjRnWgUQAAAAM&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0

[29] https://grugbrain.dev/

[30] https://whitepapers.theregister.com/