According to TheRegister.com, famed mathematician and cryptographer Daniel J. Bernstein has tested the new type-safe C/C++ compiler Fil-C and published favorable notes about his experience. Bernstein, often known just as DJB, wrote some of the safest C code in existence and has offered $1,000 bounties since 2009 for anyone finding security holes in his DNS server djbdns and mail transfer agent qmail. Fil-C is based on Clang, the Apple-developed front-end for LLVM that Nvidia switched to back in December 2011. The compiler can trap whole categories of C errors but comes with performance costs and isn’t completely ABI-compatible with regular C. This testing comes amid growing competition in memory safety approaches including hardware projects like CHERI and OMA, plus software alternatives like Robin Rowe’s TrapC.
Sponsored content — provided for informational and promotional purposes.
Why DJB’s opinion matters
Here’s the thing about Daniel J. Bernstein – he’s not your average developer offering hot takes. This is someone who’s been writing bulletproof C code for decades. When he offers a $1,000 bounty and nobody can claim it for 16 years, that tells you something about his approach to security. So when he takes the time to actually test Fil-C and publish detailed notes, that’s not just casual interest. It means there’s something genuinely worth looking at here.
The memory safety landscape
Basically, we’re seeing an explosion of approaches to solve C’s memory safety problems. You’ve got hardware solutions like CHERI and OMA, software compilers like Fil-C and TrapC, and then completely new languages like Rust and Zig. What’s interesting about Fil-C is that it’s trying to bring safety to existing C codebases without requiring a full rewrite. But there are trade-offs – performance hits and compatibility issues mean you can’t just recompile your entire operating system and expect everything to work.
What this means for developers
Look, most of us aren’t writing code at DJB’s level. But his positive experience suggests Fil-C could be practical for securing specific components of larger C systems. The author Filip Pizlo acknowledges it’s not a silver bullet – he calls regular C “Yolo-C” for a reason. Still, having a tool that can make discrete parts of your codebase safer without rewriting everything in Rust? That’s appealing. Especially when you’re dealing with the billions of lines of C and C++ code out there that aren’t going anywhere soon.
The bigger picture
So where does this leave us? Memory safety is becoming a battleground with multiple fronts. Hardware approaches, software compilers, new languages – they’re all competing to solve the same fundamental problem. DJB’s endorsement gives Fil-C credibility, but the real test will be whether it gains traction beyond early adopters. Can organizations actually use this in production? Will the performance overhead be acceptable? These are the questions that matter now. One thing’s clear though – after decades of memory vulnerabilities, the industry is finally getting serious about solutions.
