Check Memory Safety

Validate Mojo code for memory safety violations and ownership issues.

When to Use

• Code review focused on memory safety
• Testing for use-after-free issues
• Verifying ownership transfer correctness
• Catching double-free or segmentation fault sources
• Validating SIMD memory access patterns

Quick Reference

# Find potential use-after-free patterns
grep -n "var .* = .*\^" *.mojo | head -20

# Check for uninitialized access
grep -n "List\[.*\]()" *.mojo | grep -A 2 "\..*\["

# Verify ownership transfer
grep -n "owned\|var.*=" *.mojo | sort

# Check pointer operations
grep -n "DTypePointer\|alloc\|free\|__del__" *.mojo

# Find scope issues
grep -n "{" *.mojo | wc -l  # Check nesting depth

Memory Safety Patterns

Safe Ownership Transfer:

• ✅

  fn take(var data: List[Int])

  - Caller loses access
• ✅

  return self.data^

  - Transfer from struct field
• ✅

  var copy = data^

  - Move to new variable
• ❌

  fn take(data: List[Int])

  - Ambiguous, use var
• ❌

  return self.data

  - Missing transfer operator

Safe Initialization:

• ✅

  var shape = List[Int]()

  then

  shape.append(dim)

• ✅

  var data = DTypePointer[DType.float32].alloc(size)

• ✅ Check

  size > 0

  before allocation
• ❌

  var list = List[Int]()

  then

  list[0] = value

  (uninitialized)
• ❌

  alloc(0)

  or

  alloc(negative)

  (invalid size)

Safe Pointer Usage:

• ✅ Allocate before use:

  alloc(size)

• ✅ Store size separately for bounds checking
• ✅ Verify pointer validity before dereference
• ❌ Use after free (manually deleted pointer)
• ❌ Out-of-bounds access
• ❌ Null pointer dereference

Safe Scope Management:

• ✅ Owned values dropped at scope end
• ✅ RAII pattern with proper cleanup
• ✅ Lifetime boundaries clear
• ❌ Variable used after scope exit
• ❌ Reference to stack variable returned
• ❌ Missing ownership transfer between scopes

Safety Validation Workflow

1. Identify pointers: Find all pointer operations
2. Check allocation: Verify all pointers allocated before use
3. Trace ownership: Follow ownership transfers
4. Verify lifetimes: Check value scopes
5. Find violations: Identify safety issues
6. Suggest fixes: Provide safety corrections
7. Verify fixes: Compile to confirm safety

Output Format

Report memory safety issues with:

1. Issue Type - Use-after-free, double-free, uninitialized, bounds, etc.
2. Location - File and line number
3. Code Snippet - The problematic code
4. Root Cause - Why it's unsafe
5. Risk Level - Segfault, undefined behavior, or warning
6. Fix - How to correct it safely

Common Safety Issues & Fixes

Uninitialized List Access:

• Problem:

  var list = List[Int](); list[0] = 5

• Risk: Out-of-bounds write, segmentation fault
• Fix: Use

  list.append(5)

  instead

Use After Move:

• Problem:

  var a = list^; print(list)

  (list moved, now invalid)
• Risk: Use-after-free
• Fix: Don't use list after transfer, or create copy

Missing Bounds Check:

• Problem: Access

  tensor._data[index]

  without size check
• Risk: Out-of-bounds access, segfault
• Fix: Add

  assert index < size

  or check in loop

Pointer Without Size:

• Problem:

  var ptr = alloc(size)

  but size not tracked
• Risk: Invalid access, use-after-free
• Fix: Store size, verify before access

Double-Free:

• Problem: Manual

  free()

  called twice on same pointer
• Risk: Heap corruption, segfault
• Fix: Use RAII, don't call free manually

Error Handling

mojo build

Safety Checklist

Before committing Mojo code:

• All pointers have size tracked
• All List/Dict allocations use append/insert
• All ownership transfers use

  ^

• No variables used after move
• All pointer access has bounds check
• Scope lifetimes match usage
• Compiler produces no errors or warnings

References

• See CLAUDE.md for ownership patterns
• See validate-mojo-patterns for pattern checking
• See mojo-lint-syntax for syntax issues