| ▲ | mbrock 4 days ago |
| I don't understand the need to hammer in the point that Fil-C is only valuable for this tiny, teeny, irrelevant microscopic niche, while not even talking about what the niche is? To be clear, the niche is rebuilding your entire GNU/Linux userland with full memory safety and completely acceptable performance, tomorrow, without rewriting anything, right? Is this such a silly little idiosyncratic hobby? |
|
| ▲ | simonask 4 days ago | parent | next [-] |
| So I don’t want to come off as dismissive of the effort - it’s certainly impressive! The reason I’m not super excited is based on the widely publicized findings from Google and Microsoft (IIRC) about memory safety issues in their code: The vast majority is in new code. As such, the returns on running the entire userspace with Fil-C may be quite diminished from the get-go. Those who need to guard against UB bugs in seriously battle-hardened C software in production are definitely a small niche. But that doesn’t mean it isn’t also very useful as a tool during development. |
| |
| ▲ | mbrock 4 days ago | parent | next [-] | | Hmm, so if they're writing new memory unsafe code in C/C++, presumably to remain within their already established and entrenched C/C++ ecosystems, why isn't Fil-C interesting as a way to thwart memory safety issues in that new code? | | |
| ▲ | simonask 4 days ago | parent [-] | | Because every problem detected by Fil-C is already a serious problem in the existing code. As a mitigation strategy, that becomes less interesting as the quality of that code increases, but you still pay the full cost regardless of whether there are actually any bugs. That can certainly be valuable to you, but as a developer, the more interesting proposition is about how not to ship bugs in the first place. | | |
| ▲ | vacuity 4 days ago | parent [-] | | As others have said, programs that have already been written are plainly not in the business of "not...[shipping] bugs in the first place". New code is new code; old code is old code. |
|
| |
| ▲ | jitl 4 days ago | parent | prev | next [-] | | It seems like there are constant updates for 20 year old packages on my Ubuntu systems. Ubuntu 20.04 Focal Fossa (first released April 2020) glibc had an update on 2025-05-28. Current stable updated glibc 2025-09-22. To say nothing about the rest of the packages in that operating system. | | | |
| ▲ | brucehoult 4 days ago | parent | prev [-] | | > The reason I’m not super excited is based on the widely publicized findings from Google and Microsoft (IIRC) about memory safety issues in their code: The vast majority is in new code This makes perfect sense to me. Which is why I don't at all understand the current fetish with rewriting things that have been working well for decades in Rust. Such as coreutils. Or apt. It feels like an almost deliberate crippling of progress by diverting top talent into useless avenues, much like string theory in physics, or SLS/Artemis. | | |
| ▲ | tempaccount420 4 days ago | parent [-] | | > It feels like an almost deliberate crippling of progress by diverting top talent into useless avenues, much like string theory in physics, or SLS/Artemis. You don't have to be a "top talent" to rewrite old unix utilities. The hard part is writing it safely, which in Rust can be done without "top talent." | | |
| ▲ | brucehoult 4 days ago | parent [-] | | And then you end up with code 17 times slower than the C code it is replacing. When it didn't need replacing in the first place. |
|
|
|
|
| ▲ | vorador 4 days ago | parent | prev | next [-] |
| There's a contingent of rust fans that show up on every story about C – their premise is that C code is unsafe and most safety-critical C code should be rewritten in rust. Fil-C is new and is a viable competitor to rust, that's why you're hearing all asides about tiny niches, unacceptable performance degradation, etc. |
| |
| ▲ | vacuity 4 days ago | parent | next [-] | | Hacker News is not a place where any one group brigrades a thread. There are people who prefer C who don't want a GC, people who prefer Rust who don't want C, people who prefer Rust who agree with Fil-C for legacy C, people who don't prefer C or Rust and may use languages with GC.... We all have interests and face people who denigrate them in bad faith. If you have specific objections to inaccurate statements in this thread, then state them. I'll do the same for any technology if I'm qualified to make statements on it. | | |
| ▲ | kasabali 3 days ago | parent [-] | | > Hacker News is not a place where any one group brigrades a thread Sweet summer child | | |
| ▲ | vacuity 2 days ago | parent [-] | | I'm not saying that people don't comment in bad faith here. But if someone's first thought upon seeing significant negativity is that a coordinated, massive campaign is occurring, that someone is probably wrong. Commenting in that vein also harms discussion. If Hacker News is to foster good discussion, then simply not being a troll or ideologue is not sufficient. There really are many people here, with largely diverse opinions. Don't lump people together unless they lump themselves together. |
|
| |
| ▲ | petesergeant 4 days ago | parent | prev | next [-] | | > Fil-C is new and is a viable competitor to rust I’ve no horse in the race here, but the Fil-C page talks about a 4x overhead from using it, which feels like it would make it less competitive | | |
| ▲ | mbrock 4 days ago | parent [-] | | Currently measured worst case for some types or code. | | |
| ▲ | brucehoult 4 days ago | parent [-] | | I tried it on my primes micro-benchmark (http://hoult.org/primes.txt) and got a 2:1 slowdown on 13th gen i9. It does a LOT of array access and updating, probably near to worst-case for code that isn't just a loop copying bytes. The average slowdown is probably more in the same region as using Java or C# or for that matter C++ std::array or std:vector. | | |
| ▲ | mbrock 3 days ago | parent [-] | | If you missed it, djb himself posted this cute graph of "nearly 9000 microbenchmarks of Fil-C vs. clang on cryptographic software (each run pinned to 1 core on the same Zen 4)": https://cr.yp.to/2025/20251028-filcc-vs-clang.html I've heard Filip has some ideas about optimizing array performance to avoid capability checks on every access... doing that thread safely seems like an interesting challenge but I guess there are ways! | | |
| ▲ | brucehoult 3 days ago | parent [-] | | Sure of course I followed that link. I've really got no idea what the horizontal axis is! But there is a huge cluster of results between 1x and 1.5x execution time. And, the kind of code he is interested in is not necessarily the same as the kind of code I'm interested in. In fact I know it's not! As one more data point, compiling my little benchmark with gcc, without any optimisation flag. 1964ms gcc primes.c -o primes -O
3723ms fil-c primes.c -o primes -O
3753ms gcc primes.c -o primes
16334ms fil-c primes.c -o primes
Fil-C with -O is almost identical to gcc without. |
|
|
|
| |
| ▲ | testdelacc1 4 days ago | parent | prev | next [-] | | There’s no Rust fans here, only GC skeptics. GC skeptics existed long before anyone dreamed of Rust and will survive Rust as well. It’s a pretty reasonable objection too (though I personally don’t agree). C has always been chosen when performance is paramount. For people who prioritise performance it must feel a bit weird to leave performance on the table in this way. And Jesus Christ, give it a rest with this “Rust fans must be thinking” stuff. It sounds deranged. | | |
| ▲ | vorador 4 days ago | parent [-] | | No, back in the day C was used for everything. Vim was not written in C because it needed to wring every last bit of performance out of text editing. Rewriting everything in rust "for memory-safety" is a false tradeoff given the millions of lines of C code out there and the fact that rewrites always introduce new bugs. | | |
| ▲ | testdelacc1 4 days ago | parent [-] | | Please, I’m begging you, stop talking about Rust. You’re shoehorning Rust into a discussion where it hasn’t been mentioned, just to hate on some imaginary people you think are pushing Rust here. No one is talking about that. You sound deranged and obsessed. The vast majority of the conversation here is about GC and the performance implications of that. Please stick to the rest of the thread. | | |
| ▲ | brucehoult 4 days ago | parent | next [-] | | I almost always find that building Boehm GC as a malloc replacement (malloc() -> GC_malloc(), free() -> NOP), and then using LD_PRELOAD to get it used makes any random C/C++ program not only still work but also run faster. Not only that, but you can then use GC_FREE_SPACE_DIVISOR to tune RAM usage vs speed to your liking on a program by program (or even instance by instance) basis, something completely impossible with malloc(). | |
| ▲ | vorador 4 days ago | parent | prev [-] | | Lol there are right now 33 mentions of rust in this thread but go on.. |
|
|
| |
| ▲ | 4 days ago | parent | prev [-] | | [deleted] |
|
|
| ▲ | conradev 4 days ago | parent | prev [-] |
| I am a member of this niche – thank you for the flake!! https://discourse.nixos.org/t/radically-improving-nix-nixos-... |
