Fil-C Adds Memory-Safe Context Switching Support
Original: Memory Safe Context Switching
Why This Matters
Adds memory safety to widely-used low-level C APIs, reducing security vulnerabilities in systems programming while maintaining compatibility with existing code patterns.
Fil-C release 0.680 introduces memory-safe implementations of setjmp/longjmp and ucontext APIs (getcontext, setcontext, makecontext, swapcontext), preventing stack corruption and dangling stack execution through capability-based memory safety enforcement.
Fil-C, a memory-safe C/C++ language variant, has added support for context switching APIs used widely in C programs for exception handling and coroutine implementation. The update covers two categories of APIs: setjmp/longjmp, commonly used for exception handling especially in signal handlers, and ucontext APIs (getcontext, setcontext, makecontext, swapcontext), used for implementing coroutines and fibers such as in Boost's fiber implementation. Traditional implementations of these APIs are vulnerable to misuse that can result in restoring dangling stacks or executing on freed stack memory. Fil-C addresses this by implementing these APIs in a memory-safe manner that prevents such violations. The implementation prevents dangerous scenarios including: returning from a function after saving context (restoring non-existent stack frames), thread exit after context capture (attempting to restore on freed stack), creating contexts pointing to freed stacks, and swapping to currently-executing contexts. In unsafe implementations, such misuse leads to unpredictable crashes and potential security exploits. Fil-C transforms these into deterministic panics at the point of misuse or safely allows execution through its stack management system. The ucontext APIs support requires building from source, while setjmp/longjmp support is available in the release build.