Would Fil-C have prevented the first or third?

pizlonator · 2025-11-03T02:58:51 1762138731

By my reading, it would have prevented all of them.

easterncalculus · 2025-11-03T00:51:56 1762131116

[flagged]

pizlonator · 2025-11-03T02:59:52 1762138792

> Fil-C doesn't provably prevent anything.

It does. I have lots of documentation to show exactly how and why.

> It is a hobby project by a dilettante.

Wow

spookie · 2025-11-03T07:11:27 1762153887

> It is a hobby project by a dilettante.

You could say the same about thousands of open source projects on which trillion dollar companies depend on. Maybe these kind souls deserve more respect, buddy.

lotharcable · 2025-11-02T17:29:20 1762104560

[flagged]

jlokier · 2025-11-02T17:37:09 1762105029

One of the use-cases of Fil-C is to prevent security issues in old C code that's much older than Fil-C itself.

hulitu · 2025-11-05T11:13:17 1762341197

You mean i can compile an old program with Fil-C and my executable will be free of security issues ?

jlokier · 2025-11-09T16:24:20 1762705460

Obviously not, Fil-C doesn't prevent or claim to prevent all security issues in modern code either.

But the issues Fil-C prevents, it prevents in very old programs compiled with it , if they compile, just as much as current programs.

At compile time, certain patterns that are accepted in standard C are rejected by Fil-C, and the source code has to be changed if you still want to compile the program. At run time, Fil-C prevents memory-related security issues by reliably detecting invalid memory reads and writes that are usually part of an attack and producing deterministic behaviour, sometimes terminating the program, instead of letting the attacker take advantage of undefined behaviour that happens to compile to something the attacker can use. Both of those features work just as well with very old C programs as current ones.

embedding-shape · 2025-11-02T17:39:15 1762105155

> Probably not seeing how the code for at least the 3rd was written in 1994, some 30 years before Fil-C existed.

How is this possibly the most charitable reading of parents comment, and honestly, do you think that's what they meant? You can't read that in some other way, where maybe parent wasn't actually asking about time traveling but something else?

lotharcable · 2025-11-02T17:51:45 1762105905

Yes it was bit uncharitable, but I couldn't resist based on the way he phrased it. It was just a joke.

"Preventing" the vulnerability would indeed require going back to 1994. Since it is a vulnerability that has existed in every display server released since then.

samtheprogram · 2025-11-02T20:17:23 1762114643

I meant it in the sense of continuing to run old C code like X.org in a safer way without unnecessary rewrites to memory safe languages. These vulnerabilities, like this one that's been in the wild as you say for 30 years uncaught, will continue to be found. Something like Fil-C is really useful in that context.

I also said "would it have" -- I don't really care about timeline. Obviously Fil-C is a recent development, that doesn't make the question I asked any less interesting.

sevg · 2025-11-02T18:38:40 1762108720

From HN guidelines:

> Please respond to the strongest plausible interpretation of what someone says, not a weaker one that's easier to criticize. Assume good faith.

Perhaps next time, resist the urge :)