There was a discussion yesterday in which the blog author stated (and elaborated on) "I strongly disagree that Zig is safer than — even — unsafe Rust. Anyone telling you otherwise is either purposefully lying, or ignorant". That has been my experience as well. The sorts of errors I ran into were the same as in my C and HolyC experience, and not the sorts of errors I get with Rust.

It’s not memory safe.

People say, “oh, it’s safer than C because tests can warn of missed deinits” but the fact is it isn’t memory safe by design and it’s not a priority for the language.

There are still reasons to use it and there are domains where memory safety isn’t a priority, but memory safety depends on the same mix of linters, code review, simple memory models, a deep understanding of how memory works, minimal dependencies and luck just like in C. Although none of those things will save you on their own or combined. If memory safety is a priority I’d consider other languages.

Zig is not memory safe, there is no way around it. It's really only as safe as C, with some helpers for making it easier to write safe code. You should really not use Zig unless you are prepared to deal with memory safety on your own. That makes it a good low-level language for system programming, but a VERY bad general purpose language. I'm writing this as a fan of Zig.

Zig is unsafe, but, instead, it encourages more strategic approaches for memory management. Period.

In case of Bun, it's kind of mixed bag, as it relies on JSCore from WebKit. A lot of its issues are from the the engine.

Neither Rust is memory safe due to stackoverflow on recursion or in the call chain being possible. Sanitation is very much possible, so it is no design problem, see https://matu3ba.github.io/articles/optimal_debugging/#practi....

More interesting would be threading and process/shared memory synchronization problems and limitations. At least on Linux in theory the latter should be fuzzable with scheduler API, but I am unaware of solutions. The former works via thread sanitizer, undo thread fuzzing and rr chaos mode, but I am unaware of solutions to test lock- and wait-free code besides trying really hard to create race conditions and comparing expected results to observe the race conditions, which does not cover temporal race conditions not observable at a later point.

Your statement like the general "safety" discussion is missing numbers on compilation time vs run time cost and coverage or any form of metrics to estimate risk vs benefit with cut-off values. Specifically input set/formulae coverage for functions and component planning would be interesting to discuss systems at scale (not basic code coverage), but I am unable to get decent information on that.

Think Modula-2, Object Pascal safety.

Much better than C will ever be, but still with gotchas like use after free, or hardware mapped variables.

A lot of people have put Zig on pause or have outright rejected it. Nothing wrong with that (personal choice). Tsoding (well known YouTube programmer) makes fun of it and won't use it unless paid to.

Context is needed, in regards to safety. Zig, attempts to be safer than C, but then so do many other C alternatives and replacements. C3, Odin, Jai, Nim, D, etc... In fact, V (Vlang) could be seen as making a better argument for safety, because it provides even more default safety features and uses an optional GC. None of its libraries depend on the GC and it can be completely turned off (via cmdline flag).

in principle static checking of memory safety in zig could be a thing, but there are some minor obstacles:

https://github.com/ityonemo/clr

It's hardly an unpopular view when it's exactly the plan of the project, is it? Why do you think it's taking so long to reach 1.0?

Go stands out for its remarkable stability in language design. The Go team has maintained a strict backward compatibility promise since its first release in 2012. While Swift underwent significant breaking changes between versions 1.0-5.0, Go's evolution has been cautious and gradual. Even major features like generics (Go 1.18) were introduced after years of careful consideration. This stability and backward compatibility have made Go a trusted choice for enterprise development.

If you're interested in a c-like that isn't going to change, the crwator of Odin has said the language is basically done and further work is mostly on the standard library.

off-topic, but relevant: (1) Asahi M1 will run zig soon - page size has already been pushed to runtime where it belongs. (2) if it doesn't yet, for personal use, you can hack it in with this one-liner "sd '(.visionos) (=> 16)' '$1, .linux $2' <zig-lib>/std/mem.zig" (i'm using sd instead of sed, adapt if needed).

> I left Golang behind because of the same academic churn in language design that I saw in Swift.

What? Go is one of the most stable languages I can think of. What churn are you referring to?

What's your feeling with it?

For me, it's the library problem. I read the guide and think, "Wow, this is really great!" Then I read the cookbook, and it mostly says that things (like database connectivity, regex, options parsing, even HTTP GET) are not quite ready for prime time, and I should just call out to C.

Obviously, it takes time for a language to get there; I don't really mean this as a criticism. But I'm just not interested in wrapping C libraries while I wait for a zig version. I'd rather just write C. Or work in a language that is there with these kinds of things.

In fairness to Zig, they're quite a bit younger. I have no doubt they'll catch up

> The latest release of Zig is 0.13.0 and is currently unstable.

The unstable part might be why. That said, I’m a little familiar with it as it’s what Bun uses.

problem is that the language started hitting its stride and getting attention while the core team is on a 2 year side quest of rewriting the compiler + incremental compilation

To me, it seemed more like Rust and Zig started gaining popularity around the same time, a few years ago. Then people realized that Zig was in a much earlier state of development than they'd assumed, and had barely any resources to get into it, so the mindshare went mostly towards Rust alone. This is Zig is hitting a second wave.

From my perspective rust is still getting a lot (most) of the attention while zig has a loyal but smaller following. Odin (one I love) has an even smaller following still.

Personally, I don't really care about languages. I'll use whatever language I have to in order to try a library/engine I'm interested in. Currently I'm looking at trying Godot, Bevy and O3DE. As they all seem to be used to some extent right now. Note that none of those are written in Zig (or Odin). Maybe that will change after 1.0?

Both things can be true. This most recent hype cycle seems to be riding the wave from the related hype of Ghostty's public release and Bun's latest release. And recently, another project with decent name recognition by some announced intentions to rewrite in Zig. Other than the latter event which is merely an announcement as of now, this language is showing up in projects that people are paying attention to. That only brings more attention and to a degree, a certain amount of credibility, especially when the lead developer for Ghostty has a well-earned and positive reputation among the engineering community.