Remix.run Logo
What Is Memory Safe?
1 points by ports543u 9 hours ago | 5 comments

A lot of organizations, private and public, are starting to require that memory safe languages are used. But what can be considered memory safe? Is memory safety a binary or a spectrum? Are languages without GC memory safe? People consider Rust memory safe, but there are a few cases where it is not. Is idiomatic Zig memory safe? Is idiomatic modern C++ memory safe? I'd like to read your thoughts.

fiedzia 7 hours ago | parent | next [-]

First, any technical discussion here is irrelevant. Those organizations do not ask for it because they understand it, but because someone else told them, and that's where the definition of safety is located. In other words, if you are applying for a contract, what you think doesn't matter. Having said that:

> People consider Rust memory safe, but there are a few cases where it is not

The chance that you will encounter memory safety issues in Rust is very, very low (comparing to other popular languages). We are talking about bugs in stdlib (very unlikely) and usage of unsafe in your code and dependencies. If you happen to use unsafe directly in your app, I'd say it is a spectrum and you can be in a danger zone. Otherwise, it is a small enough issue to focus on other problems. For 99.9% of people, "using Rust" is enough of a guarantee to be safe.

> Are languages without GC memory safe?

In theory, not having a GC in itself tells nothing about safety. Commonly used languages without GC are mostly C/C++, so in practical terms, they are unsafe.

> Is idiomatic Zig memory safe?

Zig itself is not memory safe. Even if idiomatic Zig was, how do you verify that some code is idiomatic? In practical terms, I don't think there is enough examples of Zig code to make determination, so I count it as no.

> Is idiomatic modern C++ memory safe?

"Idiomatic modern C++" very likely will have non-idiomatic or non-modern dependencies. There are many examples of safety issues in modern C++ codebases, so definitely not.

In my opinion, any definition of safety that relies on developer skills or usage of extra tooling means it is unsafe.

PopGreene 8 hours ago | parent | prev | next [-]

Are these organizations only specifying "memory safe languages" or are they specifying specific languages?

ports543u 8 hours ago | parent [-]

Many require new projects to be written in memory safe languages. But what constitutes a memory safe language is blurry. For example, this is what the NSA says: https://readwrite.com/the-nsa-list-of-memory-safe-programmin...

Note the "suggests".

Someone 6 hours ago | parent [-]

> Note the "suggests".

That’s what readwrite.com says. I think what the NSA says (or said; that is dated April 2023) is here: https://media.defense.gov/2022/Nov/10/2003112742/-1/-1/0/CSI...

I couldn’t find the word “suggest” or anything similar to it in that paper. They describe what they mean by “memory safety” and give examples of memoryxsafe languages (twice, both times the same list)

mac3n 9 hours ago | parent | prev [-]

almost any language that allows access to `mmap, munmap(3p)` can be made unsafe.

and yet these are extremely useful.