Skip to content

Wyn v1.12: The Hardening Release

v1.11 was about developer experience. v1.12 is about trust.

While stress-testing the runtime under AddressSanitizer, we found — and fixed — three genuine memory-safety bugs that shipped in v1.11.0. None of them were leaks; they were the more dangerous kind, where live data gets corrupted or freed twice. If you're on v1.11, upgrading is recommended.

Every fix in this release was verified under AddressSanitizer.

The memory-safety fixes

String concat use-after-free

Wyn uses automatic reference counting, and a subtle ownership bug meant that reusing a concatenation result as a later operand could corrupt the live string and free it twice:

wyn
var j = a + b        // fine
var m = j + c        // reusing j — could corrupt/double-free j before v1.12

wyn_string_concat_safe now always returns a distinct allocation, so an operand stays valid no matter how it's reused.

Printing a fresh interpolated string could release it twice:

wyn
println("x=${x}")    // temporary released twice before v1.12

Database / JSON heap overflow

Db.query, Db.query_params, and Json.keys wrote results into fixed 64KB / 4KB buffers. Any larger result overflowed the heap. They now grow their buffers as needed — verified on a ~168KB result.

Interpolation no longer truncates at 512 bytes

Interpolated strings longer than 511 bytes were silently cut off. Now they round-trip intact at any length.

ARC hardening

Heap detection for reference counting now uses a dual sentinel, making it far harder for a stray pointer to be misread as a reference-counted allocation. Two internal compiler buffers were also made bounds-safe against overly long identifiers.

Concurrency: cooperative Time::sleep

Inside the coroutine scheduler — fire-and-forget spawn — sleeping now yields to other tasks instead of blocking the worker thread:

wyn
fn worker(id: int) {
    Time::sleep(200)
    println("done ${id}")
}

fn main() {
    for i in 0..50 { spawn worker(i) }
    Time::sleep(300)
}

In one benchmark, 50 concurrent 200ms sleeps finished in ~0.21s instead of ~1.03s.

Awaited spawn and parallel { } still run on the thread pool and block during a sleep. Routing those onto the cooperative scheduler is the next big concurrency item on the roadmap.

Build & tooling

  • Warning-clean build under -Wall -Wextra.
  • Runtime rebuilds correctlymake now rebuilds libwyn_rt.a whenever a runtime source or header changes, so compiled programs never silently link a stale runtime.

Upgrading

bash
wyn --version        # 1.12.0

No source changes are required. v1.12.0 is a drop-in upgrade.


Read the full what's new in v1.12, or browse the version history.

MIT License — v1.12