Filnix Fil-C Nix
16 days ago
- #Nix
- #memory-safety
- #C-programming
- Fil-C by Filip Pizlo is a memory-safe C and C++ implementation that prevents use-after-free, out-of-bounds access, and type confusion without code changes or unsafe escape hatches.
- Every pointer in Fil-C carries hidden capability metadata (bounds + type), and all accesses are checked. A concurrent garbage collector prevents use-after-free.
- Fil-C can run programs like OpenSSH, CPython, curl, SQLite, Emacs, and over 100 others, demonstrating its practical applicability.
- The `runfilc` command compiles and runs C code as a one-liner, showcasing Fil-C's ability to catch and report memory safety violations with detailed errors.
- This repository packages Fil-C as reproducible Nix derivations, offering modular, reproducible builds and integration with the Nix ecosystem.
- A lighttpd demo showcases a complete memory-safe web stack, including CGI scripts in bash and C, with Fil-C trapping out-of-bounds access attempts.
- Experiments include defining a minimal 'Linux distribution' with memory-safe utilities, available via Docker, systemd-nspawn, or QEMU VM.
- Ported packages not in upstream Fil-C include lighttpd, nethack, wasm3, and more, with a technical deep-dive available in `ports/analysis.md`.
- The `ports.nix` file uses a DSL for porting packages, aiming for large parts of Nixpkgs to work automatically with Fil-C in the future.