No one is going to lose a limb because of a var. If you’re writing an autopilot for a plane, use Ada instead of Zig.
If every software were written as if it were a life and death situation, humanity would be decades behind where it is now.
This excelent talk shows that even for compilers we don’t want absolute correctness: How badly do we want correct compilers?
1 Like
I think you missed the main point of my comment in that even in life or death situations human nature is to take shortcuts when they can.
No maybe a var may not cause someone to loose a limb, but can you confidently say that you are intimately familiar with every piece of software built with zig and every piece of software that will be built with zig to have the foresite to know that’s the case. The fact is bugs can and do have real world negative impacts.
Zig may one day be a major player in software development so that means it could be in things that have a direct impact on the safety of individuals.
4 Likes
I understand you point, but like you said, we can’t be intimately familiar with every piece of software that will be written in Zig. Some of these programmers might need to iterate very fast over a certain piece of code, and shoving these constraints on their project will hold them back. Like most things in programming, safety and correctness is a tradeoff. If we can give programmers the option to choose for themselves how much correctness they want, that’s the best move. Some people will choose poorly, that’s on them. Don’t use their bad software.
Zig is currently in a state where I can’t program without zls. Granted, when zls works, these constraints help me a lot. They have actually caught bugs in my code before they even compiled. But when zls crashes, which happens frequently, I need to reload the IDE, and there were times where I had to dig into the source code to fix the crash. I can’t make progress on a difficult algorithm with the compiler stopping every compilation because of a stupid var. I would prefer to just turn then off and wait a day or two for zls to get fixed, which is usually very fast, and then turn then on again.
1 Like
Famous last words. As Bjarne Stroustrup recently said: “Being careful doesn’t scale.”
I quote: “Zig is a general-purpose programming language and toolchain for maintaining robust , optimal and reusable software.” I encourage you to watch this excellent talk in its entirety, but if pressed for time, just the first minute refutes your point very clearly The Road to Zig 1.0.
I would contest the opposite: If every software were written as if it were a life and death situation, humanity would be leaps and bounds further than it is now. The vast amount of time spent fixing software bugs and disasters caused by them is more than enough justification and far outweighs the time and effort spent writing robust software from the start.
2 Likes
The people affected are rarely the ones making the decision on using that software.
1 Like
just made me think about Boeing’s 737 Max MCAS … “we have two sensor inputs, should we introduce a safety feature that detects if one has failed and alarm the pilots? - Ah no, who cares, let’s get this software shipped already!” (Not funny actually)
1 Like
yep 189 deaths, and not a one of those passengers was invloved in the decision making process.
1 Like
I wouldn’t bet my life on it… Therac-25 - Wikipedia
2 Likes
Some situations are life and death situations, and really need absolute correctness. Most aren’t.
2 Likes
Sorry to disappoint you but there are tons of unsafe C code in commercial airplanes. There are thousands of microcontrollers and DSPs in crutical parts of jet engines and airplanes and most of them are programmed in unsafe C. Ada is used for traffic control systems but you are up to a big surprise if you think that Ada is the only language used in aviation.
And yes, people can die due to misused var.
Source: been consulting for a while for a large aeronautic company in Seattle.
1 Like
Here’s what I found:
“Interestingly, The software of THERAC-25 was developed by only one person over several years using the PDP-11 assembly language.
Following the incidents, during a lawsuit, this programmer could not be identified and his qualifications or experience is unknown today. It is even suspected he had quit AECL in 1986.”
As in just “in C”?
I mean, I am not aware of anything called “safe C”…
Pardon my sloppy language. My words should be parsed as “in C, that is inherently unsafe”. I was not suggesting that there exists some magic “safe C” somewhere. 
1 Like
I think that is the perfect example of just relying on people to do the due diligence themselves because without the restrictions in place you’ll find that most don’t.
1 Like
I didn’t mean to nitpick, just wasn’t sure I got your meaning.
If it sounded uncivil, I sincerely apologize.
This is reminding me of the software I had to support when I was doing IT. I just wanted to mention it briefly, since this is an important issue. I’m actually not even sure if I can mention the name of the program in his context, since it appears only one company is still using it regularly, which is who we were supporting under an NDA. So instead of going into all of that, I will say that it was based on the original IBM Host terminals. As in the physical screen which was attached to the side of the mainframes. So essentially it was a DOS-style program. The thing is, over the years they adopted more and more web technologies, while continuing to support this product, which also happened to be the most essential. So there were all kinds of compatibility issues. It was obvious they lost a lot of business as well as a result of simply not being able to get the information into the system. You could feel the pain of the employees, who were also working on commission, calling us to troubleshoot this program while they were in the middle of completing a critical transaction. It really gets you down after awhile.
2 Likes
I think a lot of aviation software is done in C/C++ nowadays. The industry has come to realize that you can’t rely on the language to keep you safe after such debacles as the Ariane 5. Software quality is the product of comprehensive testing, code review and analysis. The notion that this or that compiler feature can somehow give you that is simply wishful thinking.
4 Likes
I still have one doubt about the this feature.
Here is one of the commits by mlugg: test: update behavior to silence 'var is never mutated' errors · ziglang/zig@9c16b23 · GitHub
Although it is probably a rare case, IMHO this may cause confusion to new users.
I think Ada would be good for an autopilot system, because the language was designed within the context of these types of systems. But yeah as far as using Ada or C++, you will still need to be careful either way. C++ developers are more readily available nowadays as well
I understand this is a specific comparison, but I like it because I think it can spotlight the difference of two populations. So tthere are the experienced, and the beginners. I’m guessing the folks willing to take a shortcut have more experience and weigh their skill against the risk.
And so with the Zig compiler, I am grateful that it tries to strike a balance while still guiding the beginner. The experienced engineer, as seen in the foloowing post, can/will fork and customize the tool to their liking because they have the capability. For the beginner that is learning, like myself, I feel the extra help from the compiler keeps me safe.
Another example, I’m reminded and don’t want to apply in general but seems relevant, from the story about how a fresh engineer made a change to BigTechCo production and broke caused system-down. The lesson was that it was practice/process that needed to guard and protect, it is not the engineer at fault. So you want guard rails in place. Knowing there will be folks capable of circumventing it. You are not trying to completely stop the folks that are capable.
2 Likes
What about a @runtime builtin that is the opposite of the comptime keyword?
It will transform a comptime-know value to a runtime-know value.
It may be used in the previous example or when slicing an array to get a slice, without introducing a new variable.
Currently you have to do:
const std = @import("std");
const testing = std.testing;
test {
const array = [_]u8{ 1, 2, 3 };
var known_at_runtime_zero: usize = 0;
const slice = array[known_at_runtime_zero..array.len];
try testing.expect(@TypeOf(slice) == []const u8);
known_at_runtime_zero = 1;
}