Some folks get religious about C versus C++. I love both languages. Favorite thing about C: transparency - every expression has a clear meaning. Favorite thing about C++: abstraction - you can say so much with so few bytes. What's important is they're both better than Rust.
This was a fun project to watch. And what a gloriously huge patch. Our bet that certain interpreter speed optimizations are inconsequential to JIT perf and so only cost memory paid off.
Memory-safe C++! Thanks to Fil-C now being able to compile libcxxabi and libcxx and being able to handle the (pizlonated version of the) Itanium C++ ABI, including member function ptrs, vtables with virtual base classes, etc.
Fil-C wouldn't be possible without the awesomeness of the clang/llvm codebase. I love how anytime I have a complex question about how C or C++ semantics are handled, the answer is in the code, clear as day, written in a wonderful hacker-friendly style.
This doesn’t get said enough: the ES spec is really great. The best language spec I’ve had the pleasure of implementing to. So unambiguous, even when that wasn’t the easiest thing to do.
Spectre means that you now need next-level talent to write a secure language VM. It’s game changing. It’s the most exciting thing I have seen in my life.
My view: I prefer to publish blogs these days because I get *more* peer review than if I submitted for publication. I get reviews faster, from more people, and those reviews lead to more constructive conversations. That's how peer review should be.
WebKit IsoHeap = C++ template program that generates a first-fit amortized O(1) malloc with atomicless fast paths specialized for a type (size + alignment), which guarantees that once a virtual address gets used for a type, it never gets used for any other type.
This is what UAF looks like with FUGC. This is guaranteed. It'll always trap. No tagging. No probabilities. No shenanigans. No way around it. Your program just gets fugced.
@NovallSwift
My philosophy: If you make a mistake in production just remind yourself how cool it is that your code is in production and then skip the part where you fault/blame.
Fun fact: JavaScriptCore’s concurrent/parallel JIT and concurrent/parallel GC use “cowboy races” liberally. They would not work in TSAN, Rust, clang thread safety analysis or anything that ties types/fields to mutexes or uses the classic definition of races.
My concurrent GC is so awesome right now that I get concurrent crashes in the main thread and the GC thread, and hilariously, neither threads' crash is caused by the third bug, where the GC deletes the entire heap (we don't get far enough to crash from that UAF).
VICTORY!!!
Fil-C on FreeBSD/X86_64 is now at parity with Darwin/AArch64. Here's a memory-safe ssh client on my Mac connecting to a memory-safe sshd server on my FreeBSD ec2 instance.
We are now live with Verse runtime error telemetry! See bottom of for more info. Or, just go to , click the Verse tab, and if your project has errors in live, they will show up there. Happy debugging!
My favorite thing about POSIX C programming is how many headers you have to include to do things.
Makes me feel so accomplished and professional for knowing all their stupid names.
Am I crazy?
If you have an Apple Silicon Mac and you want to try memory-safe Fil-C and Fil-C++, here's a binary release. Just untar and run ./setup.sh. LMK if you run into problems, but no guarantees since nobody is paying me to work on this.
I just wrote the world's shittiest liveness analysis an I'm so proud of myself.
(Yes, doing an accurate GC means writing a liveness analysis over llvm IR. No, llvm IR doesn't want you to do that. But I don't care what llvm thinks.)
This jpeg was encoded using memory-safe IJG libjpeg-6b. It only took a one line change to get it to build and run with Fil-C (ALIGN_TYPE in jmemmgr.c).
I've got Fil-C on FreeBSD/x86_64 working well enough to print hello, but so far with out a stdlib (I haven't gotten a libc working yet, just libpizlo/libfilc_mincrt).
@thingskatedid
It’s the state of the art of probabilistic GCs. Because there is some probability that it will work for some program, and that program will experience unbelievably short GC pauses with this technology.
Achievement unlocked: I taught Molly enough about programming that she's now able to understand what kind of programming I do (and she was curious enough to ask).
@agent_cooper
I think it's actually a super popular opinion held by a folks who are too busy building real systems instead of bitching on twitter/hackernews. I ❤️ C.
My compiler compiles. I am terrified of seeing the horror of what will happen when my compiled compiler tries to compile something. My bet: segfault in the InstCombine that runs downstream from me. 😆
@seanbax
You know how sometimes folks claim they are doing things for reason X but really they are doing it for reason Y?
Folks claim to push for Rust because it's memory-safe, but really it's because new languages are funner.
What you and I are doing faces an inherently uphill battle.
Undefined behavior is bad for security because it creates a disconnect between programmer expectation and reality, and the reality is always in flux. It’s crazy that we still have UB in widely used languages.
Current status: I thought my concurrent GC was working, but it was just a favorable race condition.
Sometimes race conditions really are the best conditions!