Can somebody explain what the issue is? In particular, if Rust is safe, and this is safe code, then how can there possibly be use-after-free? I thought it's the entire point of the "safe code" thing that it's ..safe by construction.
The code they are complaining about is not safe code, it is unsafe code that exposes a supposedly but not actually safe interface. They demonstrate this by using the interface to get undefined behavior.
You can see this rather directly by how miri points to the exact line of unsafe code that results in undefined behavior (which isn't something miri can always do, but it can in this instance).
To make performant code sometimes requires implementing or using "unsafe" functions (it's not obligatory, and a lot of projects don't use them; but it was probably needed to map Bun's behavior 1 to 1). Those require upholding some invariants that cannot be checked by the compiler. The compiler basically goes "I trust you on this one, programmer. If you fuck this up, unsafe behavior can propagate to the rest of the code".
It doesn't. The rust compiler exposes a rich type system by which the programmer can make safe abstractions around unsafe code that can't be misused, but it doesn't (and fairly fundamentally can't, thanks to Rice's theorem) verify that people who write unsafe code and purport to have made safe abstractions actually did so.
