Which is written in C/C++. Showing that Zig is not moving the needle on UB when a project becomes sufficiently complex.
Take a look at Deno and check the percentage coming from FFI with unsafe languages.
Which is written in C/C++. Showing that Zig is not moving the needle on UB when a project becomes sufficiently complex.
Take a look at Deno and check the percentage coming from FFI with unsafe languages.
People keep thinking that even though Microsoft, Apple, Google, etc. with all the incentive and tooling in the world couldn't evade one of the few replicable results in programming languages (people can't reliably write memory safe code in memory unsafe languages), somehow with Zig it will be different. It's honestly a pretty fascinating phenomenon to me because most of these people are smart, and some of them are even ostensibly in the security community.
It's not that they think zig will avoid the issues, but rather that the cost required to do so is too great, so they would rather have a nicer language with more traditional ways to catch those bugs. If things like memory tagging continue to take off, hardware will catch these issues anyways. I don't personally agree but they are allowed to have their opinions.
More than memory safety, I do think thread safety is a bigger challenge I'd love more modern languages to tackle.
We have language groupies now, like how teenagers have their favourite k-pop bands, I wouldn't take it all so seriously. Security has a tendency of making itself undeniable, it's lessons will be learned one way or another by everybody without exception.
AESPA