How Safe Is Zig?

This page summarizes the projects mentioned and recommended in the original post on

Our great sponsors
  • Scout APM - Less time debugging, more time building
  • SonarLint - Clean code begins in your IDE with SonarLint
  • SaaSHub - Software Alternatives and Reviews
  • lru-rs

    An implementation of a LRU cache

    You didn't seem to click the commit the guy linked with the rust code

    It has nothing to do with opting out. Zig, Rust and no language saves you when you write incorrect unsafe code. My original point is disqualifying c tools is misleading and everything suffers from incorrect unsafe code

  • pure

    A static analysis file format checker. (by ronomon)

    Wow, that's saying something!

    The tool is called Pure [1]. It was originally written in JavaScript and open-sourced, then rewritten for Microsoft in C (running sandboxed) after it detected David Fifield's “A Better Zip Bomb” as a zero day.

    I'd love to rewrite it in Zig some day to benefit from the checked arithmetic, explicit control flow and spatial safety—there are no temporal issues for this domain since it's all run-to-completion single threaded.

    Got to admit I'm a little embarrassed it's still in C!


  • Scout APM

    Less time debugging, more time building. Scout APM allows you to find and fix performance issues with no hassle. Now with error monitoring and external services monitoring, Scout is a developer's best friend when it comes to application development.

  • rust

    Empowering everyone to build reliable and efficient software.

    The headline feature of rustc memory management is the use of arenas:

        //! The arena, a fast but limited type of allocator.

  • zig

    General-purpose programming language and toolchain for maintaining robust, optimal, and reusable software.

  • zorrow

    Borrowchecker in Zig

    Somebody implemented part of it in the past, but it was based on the ability to observe the order of execution of comptime blocks, which is going to be removed from the language (probably already is).

    It's not a complete solution, among other things, because it only works if you use it to access variables, as the language has no way of forcing you.

  • stable_deref_trait

    Unsafe marker trait for types that deref to a stable address

    Unsafe Rust is an esoteric language without iron-clad guarantees, and type-level programming and async Rust is an esoteric metalanguage ( For example, matklad made a recent blog post on "Caches In Rust" ( The cache is built around, which is built around, which is unsound for Box and violates stacked borrows:

    There is a recurring trend of sound C programs turning into unsound Rust programs, because shared mutability is often necessary but it's difficult to avoid creating &mut, and Stacked Borrows places strict conditions on constructing &mut T (they invalidate some but not all aliasing *const T).

  • tigerbeetle

    A distributed financial accounting database designed for mission critical safety and performance to power the future of financial services.

    It's a pleasure. Let me know if you have any more questions about TigerBeetle. Our design doc is also here:

  • SonarLint

    Clean code begins in your IDE with SonarLint. Up your coding game and discover issues early. SonarLint is a free plugin that helps you find & fix bugs and security issues from the moment you start writing code. Install from your favorite IDE marketplace today.

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts