Is Zig's new writer unsafe?

I've never worked with Zig in my life, and I don't have an opinion on it either. I've heard it's neat. Despite that, this post was intuitively clear to me.

Zig's *std.Io.Reader and Writer seem to be abstractions over many types, like Java's interface class, Go's interfaces, C++'s concepts or Rust's traits. However, it seems that abstraction itself is leaky - in that the length of the buffer is an implicit dependency which cannot be known from the type alone.

Admittedly, we don't know if there's a good explanation for the behavior - but then again, HN comments are as good a place to learn as any. Maybe someone will come up and explain.

This is very readable if you know the language, plus a modicum of file I/O.

Then in the top-most snippet, what size should `buffer` be?

This subthread is peak FOSS world experience - 59 comments discussing who said what, why it was or wasn't nice etc.

What a terrible way to take constructive feedback.

Writing not one but two blog posts takes time and effort, moreso when it includes investigation and examples... the posts are not just low effort "this is crap" rants (and they even blame themselves, even though it's clear from the posts that there are documentation/discoverability issues).

What if the poster doesn't feel knowledgeable enough to contribute code? (as shown by his first post title, "I'm too dumb for...")

If that's not collaborating I don't know what it is...

> Kinda wish the author would attempt to collaborate rather than write stuff like this and I’m too dumb for Zig’s new IO interface but, whatever, it’s their blog so they can do what they want.

Damn, Andrew Kelley really come across as a dickhead when taking any bit of criticism about his language, often painting them as bad actors trying to sabotage the language.

This isn't the first time he repeats this behavior.

EDIT: https://news.ycombinator.com/context?id=45119964 https://news.ycombinator.com/context?id=43579569

Like a modern C with lessons learned. Instead of macros it uses Zig itself to execute code at runtime (comptime). Custom allocators are the norm. No hidden control flow, everything is very explicit and easy to follow.

But it’s not only the language itself, it is also the tooling around it. Single unit of compilation has some nice properties, allowing to support colorless async. Fast compile times. Being able to use existing C code easily and having optimization across language boundaries. Cross compilation out of the box. Generally caring for performance in all aspects.

So for me it is a better C, low-level but still approachable and not having so much cruft.

Maybe read https://ziglang.org/ ? They list the goals:

  Zig is a general-purpose programming language and toolchain for maintaining robust, optimal and reusable software.

and how they are trying to achieve that: simple language, and 'comptime' for metaprogramming (a more or less new approach).

  > Is it kind of like the Kotlin of C, going for a better syntax/modern features but otherwise being very similar?

No, not really.

The value proposition of Zig is it's the most ergonomic way to do systems programming I've ever seen. First class allocators, arbitrary width integer types, top notch bindings to OS syscalls in the std lib without relying on libc, and you can translate C bindings to Zig at compile time, so no FFI layers for existing libraries.

They sometimes write about how they're a general purpose language, but I strongly disagree. It's unapologetically a systems programming language; that's it's entire focus.

Zig’s undefined behavior story is not nearly as much of a minefield for one. That should be enough really. If you think the CPP is good enough for metaprogramming, I don’t know what to tell you either.

It's a language that attempts to solve more of the biggest issues with low level programming than any other current low-level programming language. Of course, there is nowhere near a universal consensus on what the biggest issues are, but here's what they are to me in order of importance (and I'm not alone):

1. Language complexity/lack of expressivity. You want code, as much as possible, to clearly express the algorithm at the level of detail needed at the language's domain, no more and no less. The level of detail in low-level languages is different from high-level languages because, for example, you want to see exactly where and when memory is allocated/freed. Both C and C++ fail at this for opposite reasons. C is often not expressive enough to express an algorithm clearly (at least not without the use of macros), and C++ is often too implicit, hiding important details that are then easy to miss [1]. These problems may affect program correctness.

2. Lack of spatial memory safety, which is the cause of the #2 and #6 most dangerous software weaknesses (https://cwe.mitre.org/top25/archive/2024/2024_cwe_top25.html). Unlike spatial memory safety, Zig doesn't guarantee the lack of temporal memory safety. This would have been very nice to have, but it isn't as important and not worth compromising on the other top points.

3. Slow build times, which may also affect correctness by slowing down the test cycle.

I don't find Zig similar to C or C++ at all (certainly not as similar as Rust is to C++). If anything, Zig's risk is in being a more revolutionary step than an evolutionary one.

---

[1]: In the late eighties/early nineties (when I first learned C++), when we thought it might be a good idea for a language to be both low-level and high-level, C++'s notion of "zero-cost abstractions" seemed very interesting and even promising (I don't recall them being given that name then, but the problem - or advantage - was right there at the beginning; e.g. whether a call uses static or dynamic dispatch is an algorithmic detail that may be of interest in low-level programming, as well as whether a destructor is called, possibly through dynamic dispatch). Now that notion feels an outdated vestige of a bygone era. I'm aware there are still C++ programmers who still believe in writing high level applications in low-level languages and still believe in zero cost abstractions, but I think the industry has clearly been going the other way, and there's no indication it may be changing direction or may have any reason to do so.

For me its simply better C, and the stdlib is pretty well designed overall

Check out Carbon, its the Kotlin of C++ ;)

I am not a C++ guy, but when Carbon is finally stable and hits the mainstream, I will definitely start trying out Carbon.

https://github.com/carbon-language/carbon-lang

The way I see it, it's for people who want a more modern C, but not C++.

There's not much languages in that space, essentially C3 and Zig, but the former is much less advanced IMHO (also in terms of tooling).

It is basically Modula-2 (in features) revamped with C syntax, and with compile time execution support.

It is the route of what would have happened if Modula-2 or Object Pascal had won the industry mindshare instead of C.

I think it comes too late, we know better nowadays, so it doesn't really offer anything new.

It's a powerful alternative to Rust and C++ for writing ultra low latency code when safety isn't important, like games or HFT. Its standard library and ecosystem have excellent support for passing around allocators and no hidden dynamic allocation (every function that allocates takes an allocator as a parameter), which makes it much harder to hit the latency pitfalls common to Rust and C++. It also encourages the latency-optimal approach of using local bump-a-pointer arena allocators where possible rather than the slow global allocator. And finally, the superior metaprogramming support makes it more convenient to use high performance techniques like struct-of-arrays.

> Is it kind of like the Kotlin of C, going for a better syntax/modern features but otherwise being very similar?

For me that sounds like a rather good value proposition. Too bad Zig never got the stackless corountine part they promised in the start.

Simpler, modern C with better tooling and less undefined behavior.

Zig's pointless choice to avoid global constructors - something all platforms have supported for several decades by now - makes I/O extremely unwieldy. That alone prevents it from being a viable mainstream language.

There is a lot of useful technical work and ideas in it though.

Being the anti Rust alternative for people who has spent years/decades accumulating weird knowledge about the inner workings of C and/or C++ and maintain that being able to shoot your feet off at a distance when doing the wrong incantation is a critical feature to have.

I’m ranting but based the Rust/Zig discussions here on HN and the number of segfault issues in the Bun repo there is a core of truth.

https://github.com/oven-sh/bun/issues?q=Segfault

The blog author has a history of posting clickbait'ish criticism about Zig.