According to TheRegister.com, famed mathematician and cryptographer Daniel J. Bernstein has been experimenting with Fil-C, a new type-safe C/C++ compiler based on Clang, which Apple developed as documented in a 2007 PDF and which Nvidia adopted by December 2011. Bernstein, who’s been offering $1,000 bounties since 2009 for finding security holes in his C code and still maintains that offer 16 years later, published his favorable findings in modestly titled notes. Fil-C aims to address the extreme lack of safety in C that’s responsible for the bulk of software vulnerabilities affecting billions of lines of existing code, though it runs slower than normal C and isn’t completely ABI-compatible with what its author calls “Yolo-C.” The compiler isn’t alone in this space – The Register covered competing tool TrapC weeks earlier and hardware approaches like CHERI and OMA’s Object Memory Architecture emerging from Ed Nutting’s 2025 comparison of two paths to memory safety.
Sponsored content — provided for informational and promotional purposes.
DJB approval matters
When Daniel J. Bernstein says something about C safety, you listen. This is the guy who’s been so confident in his C code that he’s offered cash bounties for finding vulnerabilities since 2009 – and nobody’s collected on some of them. That’s insane in the security world. So if he’s impressed enough with Fil-C to write about it, that’s not just some random GitHub star saying “neat project.” This carries weight.
The performance tradeoff
Here’s the thing though – Fil-C makes your code run slower. How much slower? We don’t get exact numbers from DJB’s notes, but the article mentions it’s “rather more slowly than usual for C code.” For a language chosen specifically for performance, that’s a big deal. Basically, you’re trading speed for safety. And you can’t just drop Fil-C compiled objects into your existing system – the ABI incompatibility means you have to think carefully about which components get the safety treatment and which stay fast but dangerous.
Not a silver bullet
Look, nobody’s claiming Fil-C will solve all of C’s safety problems tomorrow. The author Filip Pizlo himself responded on Hacker News to comparisons with CHERI, saying “there is a lot at stake here.” And he’s right – we’re talking about billions of lines of C code that aren’t going anywhere soon. But Fil-C does represent an interesting middle ground between rewriting everything in Rust and just accepting that C will always be unsafe. It lets you make discrete components safer without throwing out decades of working code.
Bigger picture
What’s really fascinating here is the timing. We’ve got multiple approaches emerging simultaneously – Fil-C in software, CHERI and OMA in hardware – all trying to solve the same fundamental problem. It feels like the industry is finally getting serious about C safety after decades of bandaids. But I wonder – will any of these approaches gain enough traction to matter? Or are we looking at another interesting research project that never quite makes it to production? DJB’s interest suggests this might be different, but the proof will be in whether major projects actually start using it.
