frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

Open in hackernews

An almost catastrophic OpenZFS bug and the humans that made it

https://despairlabs.com/blog/posts/2025-07-10-an-openzfs-bug-and-the-humans-that-made-it/
29•r4um•4h ago

Comments

jpfr•1h ago
The problems with C are real.

At the same time, the tooling has gotten much better in the last years.

Clang-analyzer is fast enough to run as part of the CI. Newer gcc also give quite a few more warnings for unused results.

My recommendation to the project is to

- Remove all compiler warnings and enable warning-as-error

- Increase the coverage of unit tests to >80%

That is a lot of work. But that's what is required for high-criticality systems engineering.

a_t48•1h ago
FWIW you can do the same thing in cpp, too - but Rust’s syntax certainly makes it easier.
flohofwoe•1h ago
I'm not sure why C is blamed in this case when you can do exactly the same strong typing fix in C, and with C99 struct literals it's also not much worse to work with:

    typedef struct { size_t size; } PhysicalSize;
    typedef struct { size_t size; } AllocatedSize;

    PhysicalSize psize = { 123 }; // or { .size = 123 }
    AllocatedSize asize = { 234 };

    psize = asize; // error
...and in reverse, Rust wouldn't protect you from that exact same bug if the programmer decided to use usize like in the original C code.

IME overly strong typing is a double-edged sword though, on one hand it makes the code more robust, but on the other hand also more 'change resistant'.

I still would like to see a strong typedef variant in C so that the struct wrapping wouldn't be needed, e.g.:

https://www.open-std.org/jtc1/sc22/wg14/www/docs/n3320.htm

beeb•44m ago
Rust would warn you of an unused variable: "warning: value assigned to `psize` is never read"
bloak•32m ago
And so would GCC: warning: variable psize set but not used [-Wunused-but-set-variable]
beeb•22m ago
The fact that the bug slipped through the cracks highlights the importance of sane defaults.
flohofwoe•2m ago
The warning is in the -Wall warning set, which tbh should be the minimum each C/C++ project enables (along with -Wextra, and -Werror).
fredoralive•1h ago
I missed it, but I was distracted by cols variable being initialised with the original width, but then being immediately overwritten with the logical width.
Cthulhu_•1h ago
Wouldn't this have been caught by an exhaustive unit test or even a fuzz test? I don't know what kind of testing practices are applied to projects like zfs, nor what kinds or amounts of tests functions like this are subject to, but I would imagine that especially for low-level functions like this, unit tests with all of the known edge cases would be written.

(yes this is very much an armchair opinion, I mostly do front-end JS for a living)

bspammer•1h ago
Yeah that surprised me too - I would have assumed that ZFS had a bunch of "store and retrieve" tests in many different configurations that would have caught this.
topspin•1h ago
I found it. All that tells you is that it's a simple problem. Had I not been told it was broken I likely would not have.

It's the kind of bug that makes you stop breathing for a brief moment. So I ran this function through Gemini 2.5 Pro, ChatGPT o3 and Grok 3. No context other than the source code fragment was provided. All three also clearly identified the problem.

There is no longer a reason for trivial flaws such as this surviving to release code. We're past that now, and that's an astonishing thing.

These are the questions I ponder: Should we consider the possibility that the ongoing, incomplete and decades long pursuit of "better" languages is now misguided? Or, that perhaps "better" might now mean whatever properties make code easier for LLMs to analyze and validate against specifications, as opposed to merely preventing the flaws humans are prone to make?

nabla9•1h ago
bless your heart.
topspin•1h ago
I don't believe I could have been more self-deprecating there. I know for certain I don't care to.
kalaksi•1h ago
> whatever properties make code easier for LLMs to analyze

So double down on languages that are more represented in training data? I think it's still worthwhile to actually improve programming languages. Relying only on LLMs is fragile. So ideally do both: improve language and AI.

topspin•25m ago
> So double down on languages that are more represented in training data?

The pragmatic answer to that is: this appears to be highly effective.

What I have in mind is something else, however. Consider the safety nets we try to build with, for example, elaborate type systems. These new analysis tools can operate on enormous contexts and infer and enforce "type" with a capacity far greater what a human mind can hope to approach. So perhaps there is little value to complex types. Instead, a simple type system supported by specification will be the superior approach. seL4 is an example of the concept: C, but exhaustively specified and verified.

dwroberts•48m ago
> I found it. All that tells you is that it's a simple problem

Not totally clear what you mean here - are you saying you’re the author of the article or PR, or that you independently discovered the same issue (after the fact)?

topspin•20m ago
Ok, so somehow that is causing confusion. I will clarify.

The author asked that the reader attempt to find the flaw by inspecting the provided code. The flaw was obvious enough that I was able to find it. The implication is that if it were less obvious, I might not have. I was not attempting to take any credit at all: exactly the opposite.

piker•33m ago
No way is it practical to run complex code like this through a sycophantic parrot. Try it again with some old, well known code and see how many “Certainly! Your error is …” you get.
rini17•23m ago
Don't forget author did 99% of the work for you by finding that function.
topspin•19m ago
Having wrote "Had I not been told it was broken I likely would not have," should make it clear that this wasn't lost on me.
apple1417•1h ago
Having run into similar problems several times, I've also never really been satisfied with the solutions. You have to have different types to cause compile errors, but then you have throw those types away whenever you perform any actual operations on them.

    struct TypeA { int inner; };
    struct TypeB { int inner; };

    struct TypeA a1, a2;
    // whoops
    TypeB result = {.inner = a1.inner + a2.inner};
Don't get me wrong, where I've used this sort of pattern it's definitely caught issues, and it definitely massively lowers the surface area for this type of bug. But I still feel like it's quite fragile.

The use case I felt worked best was seperating out UTC datetime vs localised datetime structs - mainly since it's something you already had to use function calls to add/subtract from, you couldn't play with raw values.

Narew•1h ago
It remind me a devlog from andrew kelley on the same topics : https://ziglang.org/devlog/2024/#2024-11-04
atiq-ca•1h ago
Thanks contribution to openzfs.
Nokinside•1h ago
Software verification tools based on abstract Interpretation are really good today.

If you want free software I recommend IKOS - a is a sound static analyzer for C/C++ developed at NASA. Checks: https://github.com/NASA-SW-VnV/ikos/blob/master/analyzer/REA... Numerical abstract domains: https://github.com/NASA-SW-VnV/ikos/blob/master/analyzer/REA...

Commercial tool like Astree https://www.absint.com/astree/index.htm if you have money.

prmoustache•42m ago
Isn't it a case for eliminating all warnings and treat them as bugs?

It seems you are dooming your project the minute you start ignoring your first warning.

bloak•23m ago
Most projects I've worked on treat warnings as bugs. It's annoying, sometimes, when you have to fiddle with the code and add lines to prevent bogus warnings from breaking the build, particularly when you're making a temporary change for debugging purposes, and I remember a couple of occasions when we had to insert a comment something like "This was needed to prevent a warning caused by a bug in GCC X.Y.Z (link to compiler bug on issue tracker)". But, on balance, it's worth it.
nottorp•41m ago
So why is the solution Rust, and not any of the other 2000 "modern" languages?
desdenova•25m ago
So give me a list of the 2000 languages OpenZFS could've been written in.
Uriopass•37m ago
In this case any simple unit test would have catched it. Surprised it wasn't mentioned in the post.

Apple vs the Law

https://formularsumo.co.uk/blog/2025/apple-vs-the-law/
201•tempodox•3h ago•143 comments

OpenFront: Realtime Risk-like multiplayer game in the browser

https://openfront.io/
68•thombles•4h ago•19 comments

Show HN: Pangolin – Open source alternative to Cloudflare Tunnels

https://github.com/fosrl/pangolin
271•miloschwartz•12h ago•55 comments

Postgres LISTEN/NOTIFY does not scale

https://www.recall.ai/blog/postgres-listen-notify-does-not-scale
451•davidgu•3d ago•189 comments

LLM Inference Handbook

https://bentoml.com/llm/
101•djhu9•8h ago•3 comments

Batch Mode in the Gemini API: Process More for Less

https://developers.googleblog.com/en/scale-your-ai-workloads-batch-mode-gemini-api/
109•xnx•3d ago•34 comments

The ChompSaw: A Benchtop Power Tool That's Safe for Kids to Use

https://www.core77.com/posts/137602/The-ChompSaw-A-Benchtop-Power-Tool-Thats-Safe-for-Kids-to-Use
184•surprisetalk•3d ago•105 comments

Show HN: Interactive pinout for the Raspberry Pi Pico 2

https://pico2.pinout.xyz
58•gadgetoid•3d ago•9 comments

Btrfs Allocator Hints

https://lwn.net/ml/all/cover.1747070147.git.anand.jain@oracle.com/
19•forza_user•1d ago•3 comments

What is Realtalk’s relationship to AI? (2024)

https://dynamicland.org/2024/FAQ/#What_is_Realtalks_relationship_to_AI
258•prathyvsh•19h ago•84 comments

Series of posts on HTTP status codes (2018)

https://evertpot.com/http/
47•antonalekseev•2d ago•7 comments

An almost catastrophic OpenZFS bug and the humans that made it

https://despairlabs.com/blog/posts/2025-07-10-an-openzfs-bug-and-the-humans-that-made-it/
29•r4um•4h ago•28 comments

The Wet History of Media in the Bathroom

https://thereader.mitpress.mit.edu/the-wet-history-of-media-in-the-bathroom/
10•zdw•3d ago•1 comments

Flix – A powerful effect-oriented programming language

https://flix.dev/
283•freilanzer•20h ago•137 comments

FOKS: Federated Open Key Service

https://foks.pub/
235•ubj•21h ago•53 comments

Underwater turbine spinning for 6 years off Scotland's coast is a breakthrough

https://apnews.com/article/tidal-energy-turbine-marine-meygen-scotland-ffff3a7082205b33b612a1417e1ec6d6
194•djoldman•20h ago•168 comments

Show HN: Cactus – Ollama for Smartphones

https://github.com/cactus-compute/cactus
159•HenryNdubuaku•15h ago•64 comments

Graphical Linear Algebra

https://graphicallinearalgebra.net/
253•hyperbrainer•18h ago•19 comments

Operational Apple-1 Computer for sale [video]

https://www.youtube.com/watch?v=XdBKuBhdZwg
56•guiambros•2d ago•18 comments

Show HN: I built a playground to showcase what Flux Kontext is good at

https://fluxkontextlab.com
61•Zephyrion•1d ago•14 comments

Red Hat Technical Writing Style Guide

https://stylepedia.net/style/
213•jumpocelot•19h ago•92 comments

Show HN: Open source alternative to Perplexity Comet

https://www.browseros.com/
231•felarof•17h ago•86 comments

Grok: Searching X for "From:Elonmusk (Israel or Palestine or Hamas or Gaza)"

https://simonwillison.net/2025/Jul/11/grok-musk/
387•simonw•10h ago•251 comments

Analyzing database trends through 1.8M Hacker News headlines

https://camelai.com/blog/hn-database-hype/
156•vercantez•3d ago•79 comments

Orwell Diaries 1938-1942

https://orwelldiaries.wordpress.com/page/2/
111•bookofjoe•16h ago•64 comments

Diffsitter – A Tree-sitter based AST difftool to get meaningful semantic diffs

https://github.com/afnanenayet/diffsitter
129•mihau•21h ago•31 comments

Measuring the impact of AI on experienced open-source developer productivity

https://metr.org/blog/2025-07-10-early-2025-ai-experienced-os-dev-study/
630•dheerajvs•18h ago•416 comments

AI coding tools can reduce productivity

https://secondthoughts.ai/p/ai-coding-slowdown
192•gk1•11h ago•190 comments

Launch HN: Leaping (YC W25) – Self-Improving Voice AI

62•akyshnik•16h ago•36 comments

Million Times Million

https://susam.net/million-times-million.html
79•susam•1d ago•75 comments