logoalt Hacker News

samatman10/02/20241 replyview on HN

This understates what Zig has accomplished. The GeneralPurposeAllocator used in Debug or ReleaseSafe modes will detect use-after-free, double-free, and memory leaks. This isn't a second tool and a bunch of flags which you have to set up and use, it's literally the default choice for memory allocation.

Zig also has bounds checking, and is null safe: these are important ingredients in spacial and temporal memory safety, respectively. The bounds checks can be turned off, but length is part of an array type, and slices include the runtime length, so it's still doing much better than the classic degrade-to-pointer you get with C (C++ doesn't use arrays much but it shares the problem in a more complex way). Runtime safety can be turned on and off on a per-block basis, which in the right hands gives fine-grained control.

Which isn't to say you're wrong: in Zig, you manage memory, and that means that memory bugs are not only possible, but they will happen and must be found and corrected in testing. But saying it's "just like" C and C++ is pushing it imho.

Zig is aiming to make memory bugs as easy or hard to detect as ordinary logic bugs, the kind of thing which it's tractable to detect and correct for with rigorous testing. It also has much better support for arenas than any other language, since allocators are explicitly passed: this can conglomerate potential memory bugs into one point in a program's execution. There are more features like this than I can feasibly fit into a Hacker News post.

Saying that Zig is not a memory-safe language is just correct. But it's possible to write memory-safe code in Zig, to say otherwise would be like claiming that you can't traverse a tree in Python because the language won't help the traversal code be bug-free by construction.

The leading example is TigerBeetle, which chose an architecture which statically allocates all memory on load. This prohibits any temporal memory safety problems, leaving only spacial memory bugs as an option. TigerBeetle insists on no bugs at all, and is willing to do the enormous amount of testing which is necessary to get any amount of confidence that the goal is accomplished.

There's a place for a language with manual memory management, which instead focuses on easing the extreme pain and pointless difficulty of writing memory-correct code in C. Zig is doing a great job of becoming that language.


Replies

pjmlp10/02/2024

That was already achieved in 1978 with Modula-2, or 1983 with Ada, and I am not even bothering to list others, we should do better in 2024.

But I know, those curly brackets make all the difference.