Bun’s Rust rewrite codebase fails miri checks, exposing undefined behavior reachable from safe Rust via dangling references in PathString::slice.
Key Takeaways
The concrete UB: core::slice::from_raw_parts called with a pointer from a dropped Box, producing a dangling reference caught by miri.
The issue is not just UB inside unsafe blocks but that safe public API can trigger it, violating Rust’s core safety guarantee.
Bun’s Zig codebase remains on the stable branch; the Rust port is a parallel effort, not a shipped replacement.
The rewrite involved translating a large Zig codebase to Rust, likely via AI-assisted tooling, in approximately one week.
Hacker News Comment Review
Commenters split on severity: some note that initial unsafe-language ports routinely carry UB that gets cleaned up iteratively; others stress that safe-API-exposing UB is categorically worse and not a minor papercut.
A recurring technical point: automated translation tools like zig translate-c piped to c2rust were floated as alternatives, but commenters with direct c2rust experience warn the output is unsafe-Rust that emulates C pointer semantics and is not meaningfully safer.
Process criticism dominated: merging roughly a million lines of likely unreviewed code to main in a week was called out as bypassing standard branch discipline, leaving no clean stable base for security patches.
Notable Comments
@smasher164: Why not build a deterministic Zig-to-Rust translation tool rather than relying on AI-generated code with unpredictable UB?
@cedws: “I’m stunned that it went from ‘this is an experiment’ to merging a ~million lines of (likely) unreviewed code in a week.”
