undefined | Better HN

0 pointspron7mo ago0 comments

> Zig doesn't even pretend to do memory safety

This is simply untrue. Zig offers the same spatial memory safety as Rust does, and that is the kind of memory safety that prevents more dangerous vulnerabilities [1] than the kind Rust offers and Zig doesn't (temporal memory safety).

> if you don't free something manually it won't get freed

Rust also isn't free of memory leaks, and doesn't even pretend to guarantee that all allocations are freed. Lack of memory leaks doesn't fall under what Rust defines as memory safety (which Rust defines as guarantees it does provide, excluding those it doesn't).

[1]: https://cwe.mitre.org/top25/archive/2024/2024_cwe_top25.html - Rust and Zig's memory safety prevent #2 and #6 on the list. Rust, additionally, prevents #8. C prevents none of those.

0 comments

3 comments · 1 top-level

torginus7mo ago· 2 in thread

You're responding to the emotional appeal part of my post, not the argument itself - I'm sorry for including it, as it had sidetracked the useful conversation.

Zig doesn't have the memory safety mechanisms of C++ level shared_ptr/unique_ptr.

It's essentially C's malloc/free with the added safety of defer (or possibly arenas), but making sure that the program doesn't leak memory (or have use-after-free bugs) falls on the programmer.

And memory leaks are a much lesser problem, as they usually lead to crashes in OoM situation, than gaining access to random blocks of memory.

Besides, the way you trigger memory leaks in Rust/C++ is with circular references, which are much harder to create than just missing a free() somewhere.

If you have memory that's not tied to a function scope's lifetime in Zig (or the scope of an allocator), then you're essentially have to go by C rules

pronOP7mo ago

> Zig doesn't have the memory safety mechanisms of C++ level shared_ptr/unique_ptr.

Zig's memory-safety is spatial, which is the more dangerous kind. Your examples are all temporal, and I don't know if I would call them "safety" as the language doesn't enforce or even encourage their use. For example, I work on one of the world's most foundational C++ projects (the HotSpot virtual machine), where neither shared_ptr nor unique_ptr are used at all; the language doesn't complain. There are reference-counted pointer libraries for Zig, too (although I don't think they're popular).

> It's essentially C's malloc/free with the added safety of defer

No, it isn't. First, unlike C or C++, it offers Rust-like spatial memory safety (again, the more important kind). Second, allocation in Zig is much more explicit than in C or C++.

> Besides, the way you trigger memory leaks in Rust/C++ is with circular references, which are much harder to create than just missing a free() somewhere.

They're also much harder to detect, especially when you have a very explicit memory allocation scheme.

> If you have memory that's not tied to a function scope's lifetime in Zig (or the scope of an allocator), then you're essentially have to go by C rules

Again, Zig doesn't seek to offer temporal memory safety, but it does offer the same level of spatial memory safety as Rust does, and while the "rules" of temporal management are similar to C, the way allocation works in Zig makes for a very different experience. An allocating function in Zig looks very different from its C counterpart.

Zig rejects the temporal memory management schemes of C, C++, and Rust - each for different reasons - and prefers a different kind. Of those, only Rust offers temporal memory safety (in the sense that it's controlled by the language) - albeit for a price - and the rest don't.

torginus7mo ago

I don't understand the distinction between spatial and temporal memory safety - from what I gather, spatial memory safety is just preventing out of bounds access of arrays, dereferencing uninitialized or otherwise invalid pointers. But use after free absolutely results in the same kinds of errors (accessing unused memory, or memory used by someone else).

I also don't understand how one can sidestep the issue of ownership of memory - let's say you have a situation where a given piece of memory has changing or ambiguous ownership - like an event sent between two components, that has allocated some dynamic memory.

I'm not saying this just because, I've encountered this exact issue before - many C libraries have event systems where the ownership is not obvious coming from the code - like the sender owns the event, and if you store a reference to it, then you have a dangling pointer if the sender decides to clean it up.

That's why it's important to make it either obvious who owns what, or have some automatic system like GC or unique_ptr or the borrow checker.

This is a very real issue and the only way you can fix it is to follow strong informal conventions the language has no way of enforcing or even communicating to the user.

You mention Zig has a temporal memory management solution of a different kind - may I ask you what it is, because I haven't really seen it.

1 more reply

j / k navigate · click thread line to collapse