[_vvhw]

Thanks, that's a great insight!

Does it follow that the fact that temporal violations could be used to violate runtime spatial checks, therefore means that spatial safety in itself is entirely without value?

What are your thoughts also on buffer underflows? I ask since I take it you also work on offensive security.

[AaronFriel]

Alas, I don't work in offensive security but it's been a hobby of mine as an engineer to keep up to date. Some day, perhaps.

To be precise, I don't think the mitigations Zig has, which the author labels as "spatial safety", are entirely without value. Optionals & sum types, range checks are helpful.

Buffer underflows as in writing to negative indices? I wish I could go in a time machine and default early languages to saturating arithmetic instead of wrapping. Even Rust does wrapping arithmetic in release mode, in debug mode overflows will panic.

[_vvhw]

Yes, agreed with you as to buffer underflows. Here, I really like that Zig has checked arithmetic enabled by default in safe builds. It's a small decision (to many) but so important. It surprises me that Rust does not do this for safe builds. A panic is stronger (and safer) than only wrapping or (implicit) saturating arithmetic.