Understanding Fil-C: A Simplified Model for Memory Safety in C/C++

Fil-C is an innovative approach to making C/C++ memory-safe by transforming unsafe code into safe code through automated rewrites. In the simplified model, every pointer variable in a function is paired with an AllocationRecord* variable, which tracks memory allocation details. This transformation ensures that operations on pointers also manipulate the corresponding AllocationRecord*, enabling bounds checks and preventing memory errors.

When pointers are passed to or returned from functions, the code is rewritten to include AllocationRecord* alongside the original pointer, and standard library functions are replaced with Fil-C versions. The filc_malloc function performs three allocations, including invisible_bytes, which stores AllocationRecord* for pointers in the heap. This setup allows for safe dereferencing and manipulation of pointers.

Fil-C introduces a garbage collector (GC) to handle memory that isn't explicitly freed, preventing memory leaks. The GC traces AllocationRecord objects and frees unreachable ones, ensuring that memory is managed efficiently. This system allows for safe use of local variable addresses even after their scope ends by promoting them to heap allocation if necessary.

The Fil-C version of memmove uses heuristics to handle arbitrary memory safely, ensuring that pointers within memory are correctly aligned and fully contained. The simplified model also touches on challenges like concurrency, function pointers, and memory optimization, which are addressed in the production-quality version.

Fil-C is particularly useful for projects with large C/C++ codebases that need memory safety without a complete rewrite in a safer language. It can also be used to find memory bugs similarly to ASan or for safe compile-time evaluation in languages like Zig. Fil-C's approach to pointer provenance provides a concrete system for understanding and managing pointer behavior.