HN

Need help?
<- Back
Bun Rust rewrite: "codebase fails basic miri checks, allows for UB in safe rust"

Bun Rust rewrite: "codebase fails basic miri checks, allows for UB in safe rust"

ndiddy

Comments (232)

  • smasher164
    What I don't understand is if they were going to translate Zig to unsafe Rust, why not just build a translation tool for it? You could do a one-to-one mapping of language constructs, hardcoding patterns in your codebase, and as one friend put it "Tbh they could've just hooked up zig translate-c to c2rust". They would get deterministic translation, would probably have not been a heavy investment to build, and the output would have the same assurances as the input.In this case, I would trust the output even less than the input. The input was memory-unsafe but hand-written. The output is memory-unsafe but also vibe-coded and has had no eyeballs on it. What is the point of abusing agentic AI for this use-case?
  • gpm
    This issue is misleading.The issue isn't the existence of undefined behavior that miri would catch. The issue is exposing an API that allows undefined behavior from safe code - which miri only catches if you go write the test that proves it.This isn't an all together unreasonable thing to happen during an initial port of code from an unsafe language. You can, and the bun team seems to be, go around later and make sure that the functions where you wrap unsafe code does so correctly. Temporarily in a porting stage incorrectly marking some unsafe functions as safe isn't a real issue. It's a bit strange to merge it into the main repo in this state, but not a wholly unreasonable thing to do if the team has decided that they're definitely doing this. The only real issue would be if they made an actual release with the code in this state.It's also a bit unfortunate that they didn't immediately set up their tests to run in miri if only because LLMs respond so well to good tests - I know they didn't do this not because of this github issue (which doesn't demonstrate that) but because there's another test [1] that absolutely does invoke undefined behavior that miri would catch. Though the code it's testing doesn't actually appear to be used anywhere so it's not much of a real issue. That said it's obviously early in the porting process... maybe they'll get around to it (or just get rid of all this unsafe code that they don't actually need).[1] https://github.com/oven-sh/bun/blob/4d443e54022ceeadc79adf54... - the pointers derived from the first mutable references are invalidated by creating a new mutable reference to the same object. In C terms think of "mutable reference" as "restrict reference which a trivial mutation is made through". It's easy to do this properly, derive all the pointers from the same mutable reference, it just wasn't done properly.PS. Spamming github just makes people less likely to work in the open. Please don't. We can all judge this work just fine on third party sites.PPS. And we might want to withhold judgement until it's in a published state. Judging intermediate working states doesn't seem terribly fair or interesting to me.
  • pohl
    This doesn't seem surprising, given the straight translation that they prompted.Couldn't a case be made that it's better to get Bun to the to the language with the stronger type system first and, once there, use that stronger type system as leverage for these kinds of improvements as a follow-on effort? It seems preferable to requiring perfection on the very first step.
  • mohsen1
    I was a little shocked that they could get it fully working in a week to be honest. My side project is a very similar ambition (https://tsz.dev) but I am in no way claiming success. i keep adding more and more tests to ensure things works. Even after all of TypeScript's own tests pass I am finding bugs which I was totally expecting.The bar for matching tsc's behavior is really _really_ high. see:https://github.com/type-challenges/type-challengesI'm not against using LLMs to write a lot of code. But verification should be 100x more robust now that we can output code at this rate.
  • Decabytes
    When I was in grad school, my mentor once said, that he didn’t actually see programming as anything more than a tool to solve the problems he needed to solve. As someone who was excited about learning to program, I couldn’t understand it. As I’ve gotten older, I’ve come to understand him more. The language a program is written should be far down the list of reasons to use a programming language. Same with who happens to be the BFDL for the language, or what streamer is using it.What matters more is if it does what you want it to do, and is well maintained.
  • dangerlibrary
    There's a book that changed a lot of the way I think about attention and media [0]. The book isn't very good, but it flags something relevant here. There is a huge asymmetry between the reach of a big, flashy announcement (here: bun was re-written in memory-safe rust in a couple weeks), and the relatively small reach of a correction (often just a footnote on an old article, here a GH issue).This asymmetry is well understood by marketing and PR professionals, and actively exploited.[0] https://en.wikipedia.org/wiki/Trust_Me,_I%27m_Lying
  • pesnk
    That kind of error was expected. I don't see it as an issue against the rewrite. They kept the stable versions on Zig in case ppl needs stability. Eventually, the errors will get fixed.
  • gorjusborg
    Here's the thing:I was first interested in Bun because it was written in Zig. I was interested in Zig because I respected Andrew Kelley's decision-making, and his taste matched my own.I got really excited about Bun for many reasons after that, but they essentially came down to a similar root: the decisions were ones that I respected and would probably have made myself if I had thought of them.I was a little concerned when Bun was acquired by Anthropic, but forced myself to remain cautiously optimistic.This behavior, though, is exactly the sort of decision-making that I don't respect. I've got nothing against Rust, but if this is how Anthropic is managing Bun, I can no longer bet on it being a reliable part of my toolkit. It isn't just the code, it's the thought behind it that I have to trust.I was so excited by Bun for many of the use-cases I have, but this just turns me off completely. This looks like an Anthropic internal-only tool, based on the behavior.
  • impulser_
    What do you guys assume that a codebase from an unsafe language containing bindings to another unsafe language would appear perfectly implemented right away?
  • teiferer
    Can somebody explain what the issue is? In particular, if Rust is safe, and this is safe code, then how can there possibly be use-after-free? I thought it's the entire point of the "safe code" thing that it's ..safe by construction.
  • pixelpoet
    The comments on that thread are Facebook level cringe. What a dump GitHub has become!
  • iamricks
    This Bun rewrite feels like a potential Mythos marketing stunt.
  • artisin
    After reviewing this rewrite this morning, my only logical conclusion is that it's an elaborate marketing operation orchestrated by a super-secret Deno operative.
  • quantummagic
    I'm curious, but unable to ascertain, does the same problem exist in the original Zig code? Is this an issue introduced by the translation to Rust? Because if it is a problem that can be replicated in both code bases, it seems a point in Rust's favor, that the issue is easily identifiable with tools that exist in its ecosystem.
  • cptroot
    Man that issue got way too many comments from non-contributors. I agree that this shouldn't have been merged in in it's current state, but that doesn't mean posting about it on GitHub is a worthwhile way to fix the problem.
  • NooneAtAll3
    So Bun saga has been"Zig, let me Ai you""no"*Ai's Zig fork, suffers from memory bugs*"Well I'm moving!"*Ai's code into Rust, suffers from memory bugs*
  • jadar
    > Please consider not vibe coding rust as AIs are not good at writing Rust and also hire a real rust devIsn't the whole point of AI companies using Rust that it's explicit, safe, and AIs are fairly good at writing it?
  • whimsicalism
    It is really sad and unfortunate that coding has started falling under the omnicause. Low-denominator discourse is invading every space I find interesting and it is difficult to avoid.
  • snailmailman
    This case is wild and seems to perfectly encapsulate all the problems people complain about with vibecoded projects.The "rewrite it in rust" commit is +1M lines of code. Humans haven't looked at that in depth. In about a week, they saw the tests passed and pushed it to main. Now people have started to look through it and are pointing out glaring issues. And the solution is just going to be "feed it to another AI and ask it to fix it".The entire codebase is slop now. Nobody knows what it does. It manages to pass some tests, but its largely a black box just on the basis of humans haven't read it yet. The code isn't guaranteed to be anything close to 1:1 with the old codebase. Its probably vaguely shaped like the old codebase, but new bugs could be there, old bugs could be there, nobody knows anything yet.Its going to be interesting to see how recoverable this is. They are almost certainly going to just hand every file to an AI, say "look for soundness issues and fix them" and then what? If AI is making huge, sweeping changes to the code so frequently that humans can't keep up, is that really maintainable? The only solution appears to be "even more AI" while anybody that looks closely gets scared away by the too-large-to-comprehend-and-entirely-slop codebase.This kind of thing has been happening with many smaller projects already, but now its a larger project and happening in a much more public way, with the intent to replace human-written, mostly-understood code with slop. I suspect the same thing, with the same problems, is happening inside all the largest companies, just not quite as obviously.
  • cube00
    I'm impressed the Rust runtime even tries to give nice errors about undefined behavior when you've signed your life away with 'unsafe'.
  • 827a
    After this was merged, my company made the decision to migrate everything away from bun and back to node. I don't say this lightly... Jarred is a guy that I held such immense respect for, and its sad to see the course he's charted for a project I spent a lot of time proselytizing internally. Its frankly a betrayal of trust.
  • achristmascarl
    I wonder if the publicity around this AI-driven rewrite will function as a (unintentional, or perhaps intentional) far-reaching nerd snipe that results in Rust developers flocking to the project to identify and fix issues.
  • advenn
    When my lead developer refactored my small but crucial python service into golang with Gemini and Claude, I was hesitant to merge the code into master. Yet, my service had, like 20k daily active users.I think they shat over the community who trusted them by trying to advertise their owner company
  • sionisrecur
    Does all that UB exists in the Zig version as well? Was it introduced during the port?
  • parliament32
    > oven-sh locked as off topic and limited conversation to collaboratorsStrong deja-vu about that time Cursor tried to slop together a browser and tried to bury dissent when people pointed out how hilariously terrible the whole thing was.
  • tlarkworthy
    Maybe they want a quick switchover and the UB is replicating existing problems so it is net neutral for the codebase (but positive future coz developers can do future work on rust without synchronizing two codebase? ).
  • missingcolours
    Certainly disagree with "AIs are not good at writing Rust". We can discuss the pros and cons of AI coding in general but in my experience they do just as well with Rust as any other language. If anything I'm impressed with how seamlessly the models can work with Rust's ownership model.
  • prymitive
    Any prediction market bets on what will they rewrite it into next week? Era of just-in-vibe software is here.
  • sigbottle
    Sorry wasn't there a post literally like a week ago about this being a long term experimental branch and how we needed to not kick the hatchling while it's an egg?1 week turnaround I guess is what they meant.
  • stellalo
    I speculate the real goal is to have that fixed over time, and then use it as precious training data for Rust capabilities
  • skrrtww
    I think the only way to interpret a one million line LLM-generated diff with no proper reviews as an employee of Anthropic is that my company no longer has an interest in understanding, or even looking at, its own code.I'd be concerned that by jumping onboard with this sort of development process I'd lose touch with how to engineer software in a detail-oriented or remotely rigorous way.It also makes me question what sort of value the entire Bun project ever had if a drop-in replacement can just be thrown in here like it's nothing. Why do we need all these JS runtimes again?The AI bubble is so large that we've also forgotten how useless and dumb a lot of software engineering labor was even before LLMs came along. We were already in a bubble.All that is to say, I think it's useful to reframe some conversations about AI as, "if AI can accomplish this task, was it ever actually valuable?" I think for some specific things, the answer will be yes, but the tech industry has been huffing its own farts for so long I really don't think anyone has sight anymore of what's economically valuable in a ground truth sense. Much like LLMs themselves, this confusion pollutes the entire well of discourse about their economic utility.
  • Havoc
    Neat - didn't know about the miri tool.Will definitely use that going forwardDidn't find anything on my existing vibecoded rust projects but can't hurt
  • stavros
    UB = undefined behaviour, for anyone else who was puzzled.
  • 9681722
    So a "robobun" clanker responds to the issue and writes a fix (probably just papering over it). This is what Anthropic wants: Let the users do the work, train the fricking bot and claim the credit.If you find a bug, just go straight to blog posts and CVEs to denounce this idiocy. It ranks higher on Google.
  • mawadev
    Rust good zig bad!
  • wg0
    Not a good advertisement for both Anthropic. Or bun.
  • unethical_ban
    My grandfather was a tailor, and one day a client came in asking for the status of his suit getting clean. My dad as a kid grabbed the unfinished suit and showed the man, who was frustrated at the lack of progress.My grandpa told my dad never to show a client a work in progress - You told them when you'd get the work done, and they can see the finished result when it's ready.It's just a story so don't wrap yourself around the axle with counter-examples. I think it's fair to say that an open-source project going through a language translation is going to have transitional periods as they shake things out, and criticizing every snapshot as some proof that they're incompetent is useless.
  • CamouflagedKiwi
    This was 100% a predictable outcome after Bun was acquired. Of course they were going to do something like this.What would have been significantly better is just rewriting Claude in a language that's actually well suited to what it's doing in the first place (which could well be Rust, Codex is written in it as prior art). It's funny how the vibe coding promoters are keen on things like this, rewriting other codebases as fast as possible with little quality checking, but they are still defensive of their own code.
  • tomaytotomato
    This had to happen, for many reasons:- Its a throw thing at the wall and see what sticks situation- LLMs will improve*- Using LLMs in an agentic way will improve (git worktrees, sliced PRs, spec driven steps)So what happened here is a mess, but you gotta break a few eggs to make a souffle.It's a learning step and I am glad it happened, there will be so many things to debrief from this.I don't use Bun or Rust but fair play to them having a punt.<Shameless plug> I have been working with Claude code to spec out and bring back to life a Spring Boot starter library for Apache Solr searchhttps://github.com/tomaytotomato/spring-data-solr-lazarusThere were a few points I had to steer it but the result has been a good implementation.
  • reducesuffering
    When it comes down to it, all the vitriol and animosity towards this port is really because of the implication of what its success would mean. If LLM's are capable of completely porting core software modules many people rely on (not just a CRUD app) of 1m lines in a week's time, it is a case closed moment that LLM's are currently much more capable than most people's eng, and can do it much faster. And that's at current capabilities, nevermind where we're headed in 1-3 years.Jarred is an exceptional 1% engineer, and its likely he can succeed at this port, to the detriment of naysayers who don't believe there's any chance it's possible.
  • frumplestlatz
    Step 1: Vibe-code a buggy, poorly-performing, 500k+ LoC desktop-installed monstrosity in TypeScript to implement a trivial TUI. Proudly note that you’re meeting a 16ms frame budget … for a trivial chat UI.Step 2: Purchase an entire company for a product that, if you squint, might help paper over the entirely predictable problems that arise from using the wrong tools to implement the wrong architecture, because surely the solution isn’t reevaluating your original engineering choices.Step 3: Perform a buggy, vibe-code rewrite of the tool you just bought. A tool you only need because — for whatever internal political reasons — sunk cost means you can only keep digging.Step 4: ???
  • dzonga
    said it in another comment [0] - that the whole rewrite thing is just a marketing exercise by LLM merchants to try sell you plebs that their wares "work"[0]: https://news.ycombinator.com/item?id=48078224
  • stavros
    I thought Rust treated undefined behaviour as a compiler bug? Does anyone know what's actually happening here?
  • localhoster
    Dumbest point ever. There is no value for this issue. I don't agree with the way they did the rewrite, but they did the rewrite, and this post contributes nothing, beside making the author seem childish. If it had any real contribution I would have waved it off, but it really doesn't. This tribalism and "I'm better than you"-ism and the same reason everybody hated the stack overflow community, and the rust community as well.
  • jnwatson
    "Port of large memory unsafe codebase has a memory safety bug, news at 11."I don't see what the big deal is here.
  • anon
    undefined
  • simonreiff
    Holy cow:architector4@AGOGUS:/tmp$ git clone --depth=1 'https://github.com/oven-sh/bun' Cloning into 'bun'... … architector4@AGOGUS:/tmp$ cd bun/ architector4@AGOGUS:/tmp/bun$ find -type f -name '*.rs' -exec grep unsafe {} \; | grep -v '//' | wc -l 13255....Thirteen thousand two hundred and fifty five lines without comments with the word "unsafe" in them in Rust code files across this rewrite.This is so gross.I'm a founder of an early-stage startup. I built a precision-editing tool system (called HIC Mouse). It provides coordinate-based addressing, staged batching with atomic rollback, embedded agent guidance, and more. It works well, it's available on VS Code Marketplace, and I've worked for a year and am still grinding every day, working so hard, just to get people to think about trying it, and to get attention paid to it. I did rigorous, careful benchmark research to make sure I wasn't just fooling myself. I incorporated, built a sales pipeline, changed my life by taking a chance and launching a business, and I pound the pavement and toil in obscurity every day and night, trying so hard to get interest in my product. I check every diff painstakingly before committing. I may make tools for AI agents but I am unbelievably careful about reviewing and thoroughly testing their code, and usually rather ruthlessly editing quite a bit further beyond any initial version drafted, long before deciding it is good enough to ship. I take enormous pains to get things right and worry constantly about whether I'm doing enough to make HIC Mouse secure and performant for my users. All I want is to make my users happier and to give them a genuine way to get "surgical, precise edits" that "don't touch the other lines", like we all ask of our AI agents over and over all day if we're using AI.Or maybe not. Here we have Bun. Who cares about 90K GitHub Stars and massive community engagement -- just go crap all over them, all at once, with this AI tripe that you obviously neither tested in any meaningful manner, nor documented, nor read, I am assuming, before merging the whole bloated mess to production. What a disgraceful way to treat your users! I would be so grateful if I had a tiny fraction of the interest in my project that the Bun team has. I could never imagine shipping this garbage in a million years.I'm sorry to vent but this just isn't defensible. It's the very worst of AI. I'm not going to wish ill on Bun, but it just makes me sad that I spend so much effort, work so hard to do things right, and painstakingly review everything because it's not just me any more and I do have folks who depend on my code being reliable and secure. And meanwhile, Bun just gives a huge middle finger to 90k+ starred supporters not to mention the millions of users who didn't click on the star but rely on the library, by acting this disrespectfully and disgracefully towards their own users. How they didn't take one look at this and promptly revert and apologize is simply beyond me. Again, sorry to vent, but this made me irrationally mad.
  • RGJorge
    [flagged]
  • Jcampuzano2
    So many people are fundamentally misunderstanding everything about this rewrite.In fact using the word "rewrite" itself is pretty inaccurate.As has been mentioned the goal was a port so they "could" eventually rewrite most of it to be idiomatic rust. The main benefit of this now is the compiler and being able to use these tools to fix issues that were already being hidden when it was in zig.If you go into this codebase expecting to see idiomatic rust and get angry when it's not there, you are going in with the entirely incorrect attitude.It's understandable how people see it as AI slop or whatever given the division among developers at the moment. But please see it for what it is instead of just jumping to conclusions.
  • gloosx
    Things get pretty hilarious when you super safe language conrains the keyword "unsafe" :DI wonder what are the real legitimate use-cases for "unsafe" in the first place, it is there for a reason?