Full Report
A ‘three-letter person’ experiments with the new type-safe C, and is impressed Famed mathematician, cryptographer and coder Daniel J. Bernstein has tried out the new type-safe C/C++ compiler, and he's given it a favorable report.…
Analysis Summary
# Main Topic
Favorable initial assessment by renowned mathematician and coder Daniel J. Bernstein (DJB) regarding his experimentation with Fil-C, a new type-safe C/C++ compiler built on Clang/LLVM.
## Key Points
- Daniel J. Bernstein is impressed with the practical compatibility of Fil-C, noting that many libraries and applications worked without modification.
- Fil-C aims to enhance memory safety in C/C++ code, addressing vulnerabilities resulting from the language's inherent lack of safety, which is responsible for the majority of software vulnerabilities.
- Fil-C author Filip Pizlo distinguishes Fil-C from CHERI, stating Fil-C maintains greater C/C++ compatibility (e.g., does not change `sizeof(void*)`) and has a stronger story for mitigating use-after-free errors.
- Drawbacks include performance degradation compared to standard C code and lack of full ABI compatibility, preventing seamless intermixing of normal C and Fil-C compiled code.
- The goal for DJB using Fil-C is to secure machines he manages by switching components to Fil-C compiled code.
## Threat Actors
- No specific threat actors or campaigns are mentioned.
- The narrative focuses on defensive coding practices and new language tooling intended to counter widespread vulnerability classes inherent in legacy C/C++ codebases.
## TTPs
- This section does not detail adversarial TTPs, but rather **defensive/mitigative technologies**:
- **Memory Safety Compilation:** Utilizing Fil-C to trap whole categories of C errors (e.g., potential use-after-free issues).
- **Compiler Basis:** Fil-C utilizes the LLVM compiler front-end, Clang.
## Affected Systems
- **Affected Codebase Type:** Billions of lines of existing C and C++ codebases that suffer from inherent memory safety issues.
- **Specific Impact Target:** Systems managed by Daniel J. Bernstein that he intends to harden by switching components to Fil-C compiled code.
- **Compatibility Note:** Standard C environments are not immediately compatible due to ABI differences between Fil-C and "Yolo-C" (standard C).
## Mitigations
- **Primary Mitigation:** Adoption and utilization of the Fil-C compiler for compiling sensitive C/C++ components.
- **Comparative Mitigation:** Fil-C is discussed alongside other memory safety approaches like the CHERI hardware project and other modern systems languages (Rust, Zig, Hare).
- **Implementation Strategy:** Deploying Fil-C for discrete, high-risk components within larger C systems rather than attempting a full OS recompilation immediately.
## Conclusion
The introduction of type-safe C compilers like Fil-C represents a significant defensive step against pervasive memory safety vulnerabilities in legacy code. Daniel J. Bernstein's positive initial review validates Fil-C as a practical measure for systems hardening, despite performance trade-offs. Organizations relying heavily on C/C++ should investigate memory-safe compilation alternatives like Fil-C for risk reduction, particularly in critical components.