Wookash Podcast How Fil-C Works
Mar 4, 2026
Filip Pizło, systems programmer and creator of Fil C who builds capability-based memory safety for C/C++; Casey Muratori, performance-oriented systems coder known for Handmade Hero and low-level insight. They discuss what memory safety really means. They explain weird execution and historical exploits. They outline Fil C’s pointer-capability approach, compatibility and porting challenges, runtime tradeoffs, and optimization paths.
AI Snips
Chapters
Transcript
Episode notes
Portation Fixes Are Mostly Mechanical Not Architectural
- When porting large C codebases to Fil C, expect most fixes to be build-script or symbol-mangling tweaks, not deep rewrites.
- Filip Pizło warns inline assembly, integer-as-pointer tricks (e.g., GLib GType) and custom allocators require code changes or typedef adjustments.
Custom GC And Arena Patterns Need Special Handling
- Custom allocators and embedded GCs are rare but need special handling in Fil C; many GCs were removed and replaced with malloc-based allocation.
- For Ruby finalizers Filip added stdfilc APIs and made Ruby objects finalizable Fil C objects to preserve semantics.
Fil C Pointer Model Doubles Pointer Dataflow
- Fil C represents every pointer at runtime as two values: an integer 'intval' and a 'lower' pointer to capability metadata that stores upper bounds and extra info.
- Loads/stores perform alignment and wraparound-safe lower/upper bounds checks, making pointer operations more complex and currently costly.