| 21 Mar 2026 |
 piegames | Fil-C is awesome | 12:42:59 |
| piegames | Except that memory safety is not our main problem with C++ | 12:43:37 |
 K900 | I do wonder if cppnix built with fil-c would be 10x slower or less somehow | 13:10:06 |
 ShalokShalom | I read that compiled stuff becomes significantly slower, and that people use it to detect the issues, and not to run it it production. | 13:11:03 |
| ShalokShalom | What is? | 13:11:18 |
 raitobezarius | Fil-C is not memory safe | 13:13:45 |
| raitobezarius | Don't see any interest in that thing | 13:14:21 |
| piegames | In reply to @shalokshalom:kde.org
What is? Ergonomics, developer experience, stdlib | 13:15:45 |
 aloisw | It isn't? Memory safety is basically their headline claim … | 13:16:04 |
| piegames | Like, have you tried writing C++ code? C++ iterators are a work of madness | 13:16:32 |
 Qyriad | ^^^^^ | 13:18:14 |
| raitobezarius | it doesn't solve data races, it doesn't any sort of reasoning over mutable aliasing | 13:18:16 |
| raitobezarius | it has a spatial safety instrumentation pass to clang (so out of band accesses) | 13:18:36 |
| raitobezarius | a runtime support library and a concurrent GC for temporal safety | 13:18:45 |
| Qyriad | Writing production C++ is like writing production Bash. It is extremely difficult to write Correct C++ code and it is extremely difficult to debug | 13:19:02 |
| raitobezarius | "memory safe, bounds checked, GCed ahead-of-time languages" (in the sense Fil-C claim to be) have been existing for a long time | 13:19:26 |
| raitobezarius | * it doesn't solve data races, it doesn't do any sort of reasoning over mutable aliasing | 13:20:12 |
| aloisw | "Doesn't solve data races" in the C "they are still undefined behaviour" sense or in the Java "you may get weird values, but nothing bad happens otherwise" sense? | 13:31:10 |
| raitobezarius | still UB | 13:32:07 |
| raitobezarius | anything that atomically updates a pointer must use the LLVM IR atomics in Fil-C | 13:32:26 |
| raitobezarius | (and so if you store a pointer in one thread and load in another, you may have tearing betwen the addr and caps parts of that pointer) | 13:32:58 |
| K900 | Honestly fil-c is a good sanitizer | 13:33:18 |
| K900 | It's just not any of the things they advertise it as | 13:33:30 |
| raitobezarius | i mean, i understand the demand for these tools and I'm happy someone actually made an implementation of two ideas that have been roaming | 13:33:58 |
| raitobezarius | e.g. https://dl.acm.org/doi/10.1145/1543135.1542504 | 13:34:14 |
| raitobezarius | and uhm https://cheri-alliance.org/ :D | 13:34:23 |
| raitobezarius | (which all are cited by Fil-C to be clear) | 13:34:33 |
| K900 | Also, this is a stupid thing that I should not get this hung up on | 13:34:53 |
| K900 | But naming a programming language after yourself is rancid fucking vibes | 13:35:04 |
| raitobezarius | I think it would help too if the author was not claiming things like Fil-C is safer than Rust | 13:36:23 |
