Bun's Rust rewrite fails miri checks, allows undefined behavior

Bun's Rust rewrite fails Miri, a Rust interpreter that detects undefined behavior, exposing memory safety flaws in code marked as safe [GitHub Issue]. The issue stems from improper use of unsafe blocks and incorrect assumptions about memory layout, including unaligned pointer dereferences and invalid transmutes—errors Miri catches by design.

The rewrite, meant to replace JavaScriptCore with Rust for performance and safety, now contradicts Rust’s core value: memory safety without sacrificing speed. Instead, it allows crashes, data corruption, or exploitable bugs even in code that appears safe [GitHub Issue].

Miri failures are not theoretical. They indicate real, immediate risks in production use. For systems-level developers—who choose Rust over C++ precisely to avoid such bugs—this undercuts trust in Bun as a reliable runtime.

One example cited in the issue involves UnsafeCell misuse in a string representation, where shared mutable access bypasses Rust’s borrow checker, leading to data races. Another involves transmute calls that assume struct memory layouts are stable across platforms, which Rust does not guarantee.

These aren’t edge cases. They’re fundamental violations of Rust’s safety model. The presence of such bugs suggests inadequate review of unsafe code and insufficient use of validation tooling during development.

The Bun team has acknowledged the report but has not yet provided a timeline for resolution. Until these issues are fixed, developers should treat the Rust components as high-risk, especially in security-sensitive contexts.