Skip to content
TopicTracker
From HackerNewsView original
TranslationTranslation

Memory Safe Context Switching (longjmp, setjmp) in Fil-C

Fil-C implements memory-safe setjmp and longjmp using capability-based safety, preventing stack smashing and dangling pointer issues from non-local jumps while staying compatible with existing C code.

Background

- Fil-C is a new research programming language and runtime system (from the University of Washington) designed to achieve full memory safety—eliminating bugs like buffer overflows, use-after-free, and dangling pointers that plague C and C++. - "Memory safety" means a program cannot accidentally or maliciously access invalid memory; it's a major focus in systems programming and cybersecurity (e.g., the US government has urged a shift to memory-safe languages). - Fil-C achieves memory safety partly through a capability system: every pointer carries metadata restricting what memory it can read/write. - This article tackles the challenge of implementing setjmp/longjmp—a C feature for non-local jumps (saving a stack context then jumping back to it)—in a memory-safe way, because naively saving/restoring registers can bypass Fil-C's safety checks. - The author describes a "context switch" approach that copies out all capability-protected registers into a safe buffer, allowing longjmp without breaking the memory-safety guarantees.