| > If you get below 2x, you can compete with WASM and ASAN. I'm at 1.5x for a lot of workloads already. I will be solidly below 2x for sure, once I implement all of the optimizations that are in my near-term plan. Wasm and asan don't really give you memory safety. Wasm is a sandbox, but the code running within the sandbox can have memory safety bugs and those bugs can be exploited. Hackers are good at data-only attacks. Say you run a database in wasm - then a data-only attack will give the bad guy access to parts of the database they shouldn't have access to. Fil-C stops all that because Fil-C makes C memory safe rather than just sandboxing it. Asan also isn't really memory safe; it just catches enough memory safety bugs to be a useful tool for finding them. But it can be sidestepped. Fil-C can't be sidestepped. So, even if Fil-C was slower than wasm or asan, it would still be useful. > If you get it down to 1.1x-1.2x, you can compete with RLBox. RLBox is like wasm. It's a sandbox, not true memory safety. So, it's not a direct competitor. That said, I think I'll probably land at about 1.2x overhead eventually. > If you get down to 1.05 you can call it software-emulated CHERI and kill the whole hardware line before it even comes out. I can already kill CHERI because Fil-C running on my X86-64 box is faster than anything running on any CHERI HW. No, seriously. The biggest problem with CHERI is that you need high volume production to achieve good perf in silicon, so a SW solution like Fil-C that is theoretically slower than a HW solution is going to be faster than that HW solution in practice, provided it runs on high volume silicon (Fil-C does). I think I'm already there, honestly. If you wanted to run CHERI today, you'd be doing it in QEMU or some dorky and slow IoT thing. Either way, slower than what Fil-C gives you right now. > If you get it down to 1.01x, Rust will copy you, and then beat you by skipping checks on borrowed references ;) Rust is a different animal. Rust is highly restrictive due to its ownership model, in a way that Fil-C isn't. Plus, there's billions of lines of C code that ain't going to be rewritten in Rust, possibly ever. So, I don't have to be as fast as Rust. I don't think there is going to be much copying going on between Rust and Fil-C, because the way that the two languages achieve memory safety is so different. Rust is using static techniques to prevent bad programs from compiling, while Fil-C allows pretty much any C code to compile and uses static techniques to emit only the minimal set of checks. |