- Hmm, Fil-C seems potentially really important; there's a lot of software that only exists in the form of C code which it's important to preserve access to, even if the tradeoffs made by conventional C compilers (accepting large risks of security problems in exchange for a small improvement in single-core performance) have largely become obsolete.
The list of supported software is astounding: CPython, SQLite, OpenSSH, ICU, CMake, Perl5, and Bash, for example. There are a lot of things in that list that nobody is likely to ever rewrite in Rust.
I wonder if it's feasible to use Fil-C to do multitasking between mutually untrusted processes on a computer without an MMU? They're making all the right noises about capability security and nonblocking synchronization and whatnot.
Does anyone have experience using it in practice? I see that
https://news.ycombinator.com/item?id=45134852 reports a 4× slowdown or better.
The name is hilarious. Feelthay! Feelthay!
- This feels like one of those rather rare projects that is both sailing pretty close to research, and also yielding industrially useful results -- I love it! Normally I'd expect to see something like this coming out of one of the big tech companies, where there are enough advertising megabucks to pay a small team to work on a project like this (providing someone can make the business case...). So I'm curious: what was the initial motivation for this work? Assuming this is not a passion project, who is funding it? How many person years of work has this involved? What is the end game?
- It is great that Fil-C exists. This is the sort of technique that is very effective for real programs, but that developers are convinced does not work. Existence proofs cut through long circular arguments.
- Given the goal is to work with existing C programs (which already have free(...) calls "carefully" placed), and you're already keeping separate bounds info for every pointer, I wonder why you chose to go with a full GC rather than lock-and-key style temporal checking[1]? The latter would make memory usage more predictable and avoid the performance overhead and scheduling headaches of a GC.
Perhaps storing the key would take too much space, or checking it would take too much time, or storing it would cause race condition issues in a multithreaded setting?
[1] https://acg.cis.upenn.edu/papers/ismm10_cets.pdf
by charleslmunger
1 subcomments
- This is really cool! I noticed
>The fast path of a pollcheck is just a load-and-branch.
A neat technique I've seen used to avoid these branches is documented at https://android-developers.googleblog.com/2023/11/the-secret... under "Implicit suspend checks".
by kerkeslager
1 subcomments
- I'm not sure I understand all of what they're doing there, but I did read the referenced Doligez-Leroy-Gonthier paper a while back and I am glad someone is doing something with that in a non-academic (maybe?) context. That paper looked promising to me when I read it, but I basically had no faith that it would ever make it out of academia because the algorithm is so complex. It took me a really long time to think I understood it, and it's one of those things I actually am not confident I could implement even when I understood it (I certainly don't understand it now).
- Pretty wild to see a concurrent, non-moving GC strapped onto plain C. If I can take a mid-size C codebase and trade ~2–3× runtime for fewer memory footguns, I’d take it. How rough is incremental adoption—per target, or all-in toolchain?
- I love C, performance and security. Between this garbage collector and the capability enforcement, this is appealing. I've thought a few times about what a more secure C would look like, brushing over capability concepts here and there, but I don't belong near compiler code.
How hard would it be to support Windows?
by jandrewrogers
0 subcomment
- I think it is really cool that someone is going hard at this part of the design space from an engineering geek standpoint even though I can’t use it myself.
by illuminator83
7 subcomments
- IMHO Garbage collection is and always was an evolutionary dead end. No matter how nice you make it, it feels wrong to make a mess and have some else clean it up inefficiently at some point later.
And because of that it always involves some sort of hidden runtime cost which might bite you eventually and makes it unusable for many tasks.
I'd rather have my resource management verified at compile time and with no runtime overhead. That this is possible is proven by multiple languages now.
That being said, I can imagine some C programs for which using Fil-C is an acceptable trade-off because they just won't be rewritten in language that is safer anytime soon.
- Great name. Big RUNK energy[1].
1. https://twitter.com/6thgrade4ever/status/1433519577892327424
by AndyKelley
2 subcomments
- Super cool project. Sorry if you explained this already, I don't know what "Dijkstra accurate" means. How does it know if an object is truly available to be reclaimed, given that pointers can be converted to integers?
- > Fil-C uses a parallel concurrent on-the-fly grey-stack Dijkstra accurate non-moving garbage collector called FUGC
Half of my hair turned white while trying to understand this.
- Note that the "safepointing" logic is exactly the same thing that's needed in refcounting to atomic replace a field.
This article glosses over what I consider the hardest part - the enter/exit functionality around native functions may that block (but which must touch the allocator).
- > The only "pause" threads experience is the callback executed in response to the soft handshake, which does work bounded by that thread's stack height.
So this is probably not great for functional/deeply-recursive code I guess?
by Quitschquat
0 subcomment
- I love garbage collector design and impl. It’s one of those “go to” thing to do when learning a new language.
Never heard of this one, looking forward to diving in this weekend.
- This looks pretty amazing, I'm surprised I haven't heard of it before. Looking forward to trying it out. Seems like a good way to verify the safety of some programs, even if not feasible for production due to performance constraints. Though we have sanitizers for tests, this seems more complete.
- will fil-c support ARM soon,for that matter, risc-v? safety is super important for embedded devices running c or c++
by dan-robertson
0 subcomment
- I’m curious how expensive the write barrier is in practice? IIRC, it is often write barriers that most affect performance sensitive programs running on non-concurrent garbage collectors (and perhaps safepoints that can cause problems for performance sensitive threads when running with a concurrent gc).
- How can the GC be precise when C and C++ allow casting between pointers and integers?
- This is very cool, also I wonder does fugc works without InvisiCap, what would it be like without the capability pointer, does it just became not accurate but still usable?
- I skimmed the article.
I'm curious about CPU / RAM overhead tradeoffs.
IE, in may cases GC is more CPU efficient than reference counting, but the tradeoff is higher RAM consumption.
by program_whiz
1 subcomments
- Can anyone explain how the roots are known to the GC, I can't spot it. Does it have some kind of precompile step to mark roots for GC scan?
@pizlonator ?
- Why did you choose to use an advancing wavefront rather than retreating wavefront strategy?
- I'm amazed by how readable the source is, the names meaningful and not filled with jargon.
by classified
1 subcomments
- The description left me confused. Is this something that has to be integrated into the compiler?
by VagabundoP
0 subcomment
- Related, this is the Python garbage collector episode:
https://www.podscan.fm/podcasts/corepy/episodes/episode-21-a...
I found it very interesting.
- How hard would it be to add generational collection?
- wow, this is really fugcing cool
by reactordev
0 subcomment
- Oh this is so cool
by 1vuio0pswjnm7
0 subcomment
- Yet another useful project using musl not glibc
https://wiki.musl-libc.org/projects-using-musl
- Just skimmed through the docs - this is super interesting. Love the idea of a minimal GC with no runtime dependencies. Anyone here tested it with something more intense than toy benchmarks? Curious how it handles edge cases under memory pressure or concurrency. Also, would be great to hear how it compares to Boehm or Rust’s drop model in real-world workloads.
- [dead]
Hacker News