According to TheRegister.com, famed mathematician and cryptographer Daniel J. Bernstein has tested the new type-safe C/C++ compiler Fil-C and given it a favorable review in his notes published in 2025. Bernstein, sometimes known as just “DJB” and considered a “three-letter person” alongside RMS and ESR, wrote some of the safest C code ever created, including his DNS server djbdns which had a $1,000 security bounty in 2009 that remains unclaimed 16 years later. Fil-C is based on Clang, Apple’s front-end for the LLVM compiler that Nvidia adopted back in December 2011, and it aims to trap whole categories of C errors that cause most software vulnerabilities. The compiler isn’t a panacea though – code runs slower than normal C and it’s not completely ABI-compatible with what its author calls “Yolo-C,” meaning you can’t simply recompile entire operating systems or mix normal C and Fil-C code freely. Fil-C joins other memory safety efforts like Robin Rowe’s TrapC, the hardware-based CHERI project, and Object Memory Architecture emerging from Ed Nutting’s PhD research on an Interleaved Hardware Garbage Collector.
Sponsored content — provided for informational and promotional purposes.
Why DJB’s opinion carries weight
Here’s the thing about Daniel J. Bernstein – when he talks about C security, people listen. The guy offered a $1,000 bounty for finding security holes in his code back in 2009, and nobody’s collected it. Sixteen years later, that’s still true. He’s not some academic theorizing about security – he’s actually written C code that stands up to decades of real-world attack attempts.
So when someone like DJB says a new memory-safe C compiler is worth looking at, that’s significant. It’s not just another tool in the endless parade of “this will fix C” projects. This is coming from someone who’s proven he knows how to write secure C the hard way.
The bigger memory safety landscape
Basically, we’re seeing multiple approaches to solving C’s memory safety problem, and they’re coming from different angles. You’ve got hardware solutions like CHERI and OMA that require new silicon. Then you’ve got software approaches like Fil-C that work with existing hardware but come with performance costs.
And honestly? We need all of them. There are billions of lines of C and C++ code out there that aren’t going anywhere soon. Rewriting everything in Rust or Zig just isn’t practical for most organizations. Tools like Fil-C offer a middle path – you can make critical components safer without throwing away decades of investment.
The performance tradeoff question
Now, the elephant in the room is performance. Fil-C code runs slower than regular C, and that’s going to be a dealbreaker for some use cases. But here’s a question: how much performance are you willing to trade for security?
For many applications, the answer might be “more than you think.” We’re talking about preventing entire classes of vulnerabilities that account for the majority of security patches. If you can make your DNS server or mail transfer agent significantly safer at the cost of some performance, that might be a trade worth making. Especially for infrastructure code that doesn’t need to run at absolute maximum speed.
What this actually means for developers
Look, most of us aren’t going to rewrite our entire codebases in Fil-C tomorrow. The ABI incompatibility means you can’t just drop it in. But what you can do is start thinking about which components would benefit most from memory safety.
Network services? Security-critical libraries? Code that handles untrusted input? These might be perfect candidates for gradual adoption. The fact that Fil-C’s author Filip Pizlo acknowledges this isn’t an all-or-nothing solution actually makes it more credible. It’s about practical, incremental improvement rather than revolutionary change.
And that’s probably the most important takeaway from DJB’s experiment. We don’t need to wait for some perfect future where everything is rewritten in memory-safe languages. The tools to make C safer are arriving now, and they’re good enough that even the most security-conscious C developers are taking notice.
