← Back to context

Comment by Ygg2

7 hours ago

I don't get how you dont't get. It links about memory safety (with a link towards an extremely biased article in Rust's favor) and a link to design to correctness (that leads to Zig project).

There is a lot to dislike about this paragraph:

      It doesn’t matter that the language you use is memory-safe, if you didn’t design for correctness or have no process that will eventually lead you to fixing all bugs.

Hang on. If I want to prevent all bugs, shouldn't memory safe make your correctness much easier to achieve? And what is this about fixing all bugs? You mean proofs? The stuff that Zig doesn't aim to do?

And no, asserts don't fix all bugs, they just guarantee some of your invariants are held at best, used in test at worst.

4 comments

Ygg2

Reply
n42  6 hours ago

Not if choosing statically checked memory safety sacrifices for correctness where it is a local optimum

  • Ygg2  4 hours ago

    If you sacrifice memory safety for correctness, that just means it's not correct. If safety is crucial, it must be safe under all inputs, and if there are data races.

    It's a bit like saying, "Yeah, our system is safe, but if there are two threads racing or use after free somewhere, then all bets are off."

    • n42  2 hours ago

      you do not sacrifice memory safety. you sacrifice a compiler ensuring that code is memory safe by it enforcing one quite opinionated approach to it: RAII and lifetime analysis.

      you seem to think there is one path to memory safety. there is not. unsurprisingly, some programmers may need different tools when working with a different set of requirements.

      1 reply →