A lot of organizations, private and public, are starting to require that memory safe languages are used.
But what can be considered memory safe? Is memory safety a binary or a spectrum? Are languages without GC memory safe? People consider Rust memory safe, but there are a few cases where it is not. Is idiomatic Zig memory safe? Is idiomatic modern C++ memory safe? I'd like to read your thoughts.
First, any technical discussion here is irrelevant. Those organizations do not ask for it because they understand it, but because someone else told them, and that's where the definition of safety is located. In other words, if you are applying for a contract, what you think doesn't matter. Having said that:<p>> People consider Rust memory safe, but there are a few cases where it is not<p>The chance that you will encounter memory safety issues in Rust is very, very low (comparing to other popular languages). We are talking about bugs in stdlib (very unlikely) and usage of unsafe in your code and dependencies. If you happen to use unsafe directly in your app, I'd say it is a spectrum and you can be in a danger zone. Otherwise, it is a small enough issue to focus on other problems. For 99.9% of people, "using Rust" is enough of a guarantee to be safe.<p>> Are languages without GC memory safe?<p>In theory, not having a GC in itself tells nothing about safety. Commonly used languages without GC are mostly C/C++, so in practical terms, they are unsafe.<p>> Is idiomatic Zig memory safe?<p>Zig itself is not memory safe. Even if idiomatic Zig was, how do you verify that some code is idiomatic? In practical terms, I don't think there is enough examples of Zig code to make determination, so I count it as no.<p>> Is idiomatic modern C++ memory safe?<p>"Idiomatic modern C++" very likely will have non-idiomatic or non-modern dependencies. There are many examples of safety issues in modern C++ codebases, so definitely not.<p>In my opinion, any definition of safety that relies on developer skills or usage of extra tooling means it is unsafe.
Memory safety is an umbrella term for many properties of a programming language. Unfortunately, as have been pointed out by many, the exact meaning of this term is actually determined by Rust. In the past, Rust considered "no memory leak" as one of the memory safety properties, but some difficulties made it no longer part of Rust's guarantees.<p>IMHO, there are two undisputed properties that definitely should belong to memory safety, and they are good enough to spot "unsafe languages".<p>- Every memory access should be valid. You cannot read or write a pointer that is uninitialized, that points to a freed object, or that is beyond the boundary of the array, etc.<p>- Every memory access should be properly synchronized. This implies strictly controlled mutability.<p>These properties are _enforced_ by the compiler. In safe Rust, you cannot create a dangling pointer and dereference it. You also cannot create a data race by accident. But in C, C++, Zig, you can. In this sense, languages with managed memory are usually automatically memory safe.