social.noyu.me

a friend who shall not be named said this to me. brutal

the best way to think about fil-c is probably as “CHERI in software”

it is very cool that you can now recompile an entire linux distro's worth of c and c++ code with only minimal changes for porting and have it be memory safe, even at a dramatic memory use and performance cost

it's funny seeing people tout it as an alternative to rust because if this thing ends up wildly adopted it might strengthen the case for rust, because it makes c code less efficient and therefore in greater need of rewriting for non-memory-safety reasons :p

if you want a vision of the future of c programming, imagine a boot labelled “expensive runtime checks” stamping on a human face, forever

@hikari It is safer than Rust though. An unsafe in one of your million dependencies can not cause an issue.

@uecker they can't in Rust either if you totally forbid unsafe code, which is an implicit criterion here. Fil-C programs can make unsafe function calls

@uecker and “safer than Rust” is questionable considering how vulnerable to DoS the resulting system is likely to be

@hikari TBH that sounds pretty good

@hikari complete list of problems I have with ASan day-to-day:

1. Vector intrinsic loads/stores morally should be permitted to go out of bounds within an aligned block, because they bind HW semantics, not C semantics.
2. Getting people to use it.

So better marketing could solve half my problems.

@steve @hikari We should add an attribute that tells the compiler (and ASan) that a particular pointer is aligned and may overrun within a page.

@al45tair @hikari protection granularity, not page (they can be different on MTE-like systems), but yeah.

@hikari wait is that bad. i love asan

@mcc well when you're trying to sell it as safer than rust it might be

@hikari Is that a bad thing?