Filip Pizło, creator of Phil C, discusses his experimental C compiler that achieves memory safety without requiring developers to rewrite code in a new language. Memory safety is defined as preventing attackers from exploiting localized bugs (like buffer overflows or use-after-free) to gain control over all program memory and execute arbitrary code. Phil C works by replacing raw pointers with capability-tracked pointers that enforce memory range access at runtime, integrating a garbage collector to handle use-after-free, and using 'invisible capabilities' to maintain ABI-compatible pointer sizes. The project has successfully compiled Linux userland, Emacs, Python, Ruby, CMake, and is working toward a full browser. Key challenges include handling programs that store pointers as integers, custom allocators/arenas, and inline assembly. Performance is currently suboptimal due to heap-allocated function arguments and local variables, but the compiler is functional enough for real-world use. Phil C is notable for enabling memory safety across the full software stack including shared libraries, unlike Rust or Go which lose memory safety at dynamic linking boundaries.
Sort: