Memory-unsafe code

Sometimes for efficiency you may want to write low-level code that can potentially corrupt memory or be vulnerable to security exploits. V supports writing such code, but not by default.

V requires that any potentially memory-unsafe operations are marked intentionally. Marking them also indicates to anyone reading the code that there could be memory-safety violations if there was a mistake.

Examples of potentially memory-unsafe operations are:

  • Pointer arithmetic
  • Pointer indexing
  • Conversion to pointer from an incompatible type
  • Calling certain C functions, e.g. free, strlen and strncmp.

To mark potentially memory-unsafe operations, enclose them in an unsafe block:

  1. // allocate 2 uninitialized bytes & return a reference to them
  2. mut p := unsafe { malloc(2) }
  3. p[0] = `h` // Error: pointer indexing is only allowed in `unsafe` blocks
  4. unsafe {
  5.     p[0] = `h` // OK
  6.     p[1] = `i`
  7. }
  8. p++ // Error: pointer arithmetic is only allowed in `unsafe` blocks
  9. unsafe {
  10.     p++ // OK
  11. }
  12. assert *p == `i`

Best practice is to avoid putting memory-safe expressions inside an unsafe block, so that the reason for using unsafe is as clear as possible. Generally any code you think is memory-safe should not be inside an unsafe block, so the compiler can verify it.

If you suspect your program does violate memory-safety, you have a head start on finding the cause: look at the unsafe blocks (and how they interact with surrounding code).

  • Note: This is work in progress.