|
|
|
|
|
|
by bmacho
511 days ago
|
|
|
> I have not tried Bun yet but the long list of features makes me skeptical that it's all solid and bug-free. Especially that it is written in Zig, which is very memory unsafe. I mean if you refer a variable that is not alive anymore, it just accesses some random unrelated memory instead of segfaulting (in debug and safe mode too)[0]. How hard would it be to bolt a memory liveness system above it, that flags a variable name dead and blocks access to it, if it is dead? No, "just don't write UB"[1]. Anyway I'd certainly not put a Zig made anything facing the internet, especially not a webserver. [0] : https://news.ycombinator.com/item?id=41720995
[1] : https://github.com/ziglang/zig/issues/16467#issuecomment-164... |
|
|
That being said, all of these run times use a JS JIT that are written in a memory unsafe language, that emit and execute raw machine code. They frequently have vulnerabilities.