logoalt Hacker News

landr0idtoday at 3:24 PM2 repliesview on HN

>ReleaseSafe catches use-after-free errors through runtime checks which panic if the program tries to use freed memory.

I don't know Zig so maybe they know something I don't, but I have seen no evidence that it catches any type of use-after-free including double-free?

While writing a blog post (below) I went through the documentation to figure out the possible runtime memory safety checks Zig can insert. The term "use-after-free" or "UaF" never occurs on that documentation page. Searching for "safety-checked" doesn't yield any related hits either.

Unless maybe they're using the DebugAllocator in release builds? Even that does not reliably surface UaF.

https://landaire.net/memory-safety-by-default-is-non-negotia...


Replies

minrawstoday at 5:21 PM

I as someone with writing Zig a bunch, can safely say if it does it hasn't even worked for me.

I am talking from experience from a pre-ai human mitts writing code perspective maybe Zig + LLMs do some magic.

The more I read the article the more I feel like this is just bad not sure if I should be giving it as much latitude as I have been in my prior comments.

There are other claims as well that are weirdly phrased at least.

Reads like an article written to justify some arguments they had rather than a genuine take at this point.

But I will give the benefit of doubt I enjoy weird articles, languages and share a dislike for aggressive AI-ness of all things.

veber-alextoday at 4:12 PM

I believe you are correct.

I think ReleaseSafe just adds bound checking and panics on unreachable code.

I don't think Zig offers any temporal memory safety.

show 1 reply