Bun’s AI-generated Rust rewrite exposes undefined behavior catchable by miri: a PathString type returns a dangling &[u8] reference from ostensibly safe code.
Key Takeaways
The UB stems from core::slice::from_raw_parts using a pointer with no provenance after the backing Box is dropped, triggering miri’s dangling reference check.
The issue is not merely unsafe blocks failing – it is a public safe API that permits UB without any unsafe call site, which is a stronger Rust soundness violation.
The reporter’s minimal reproduction is ~10 lines, suggesting the pattern is likely repeated across the ~1M line AI-translated codebase.
The issue title explicitly attributes the problem to AI “vibe coding” and calls for hiring a real Rust developer.
Hacker News Comment Review
Commenters split on severity: some treat this as expected early-port roughness (fixable incrementally), others flag that shipping a million lines of unreviewed unsafe Rust without miri CI is structurally risky.
A recurring technical point: the team could have used deterministic tooling (zig translate-c piped to c2rust) instead of LLM translation, though c2rust output is itself widely considered unreadable and unsound.
The announcement-vs-correction asymmetry is a concern: Bun’s “rewritten in memory-safe Rust” framing spread widely; the soundness rebuttal reaches a far smaller audience.
Notable Comments
@smasher164: argues a deterministic Zig-to-Rust translation tool would have been cheaper and produced verifiable output versus LLM guesswork.
@gpm: clarifies the real issue is “exposing an API that allows UB from safe code” – not just the presence of unsafe blocks, which is a subtler and harder-to-audit class of bug.
@cedws: notes going from experiment to merging ~1M lines in a week “blindsided” the community and calls it “extremely amateurish.”
