These functions can easily be misused to corrupt memory, so they very much have something to do with safety. Fil-C goes to great lengths to prevent your use of those functions leading to memory corruption or any violation of the capability model.
replyFil-C also makes sigaction memory safe. That protection does allow for signal handlers to longjmp or setcontext or swapcontext
The article mentions that you typically have to longjmp within the same function as setjump (or a descendant function) otherwise your stack gets cleared and you longjmp to a garbage stack. I believe this counts as memory safety? Though I don't quite understand your comment about sigaction, so maybe there's some context I'm missing.
replyEdit: The extra context- https://usenix.org/legacy/publications/library/proceedings/u...
You don’t have to be in the same function as the setkom; you just have to be in a frame that’s deeper in the stack, or the same frame
replyThe point about memory safety is really this: if I allowed you to longjmp but did not guard it adequately then you could escape the Fil-C capability model, and then all of Fil-C’s bets would be off. I can’t have that ;-)