This document defines the Zig safety toolchain, build presets, and coding rules for the PAR2 cleanroom implementation.
- Safety: Zig default safety checks enabled
- Debug info: on
- Safety: Zig safety checks enabled + explicit bounds/overflow checks
- Extra invariants: enabled
- Safety: Zig ReleaseSafe for general builds
- Optional: ReleaseFast for benchmarks only (requires explicit opt-in)
- Default: bounds/overflow checks enabled in all build modes.
- Optional: PAR2_UNSAFE_FAST disables explicit checks (never for production).
- zig fmt (required on CI)
- zig build test (required on CI)
- AFL++ targets for:
- Packet header parsing
- Packet body parsing (each packet type)
- IFSC verification
- Recovery slice decoding
- par2cmdline is used as an external, dev/test-only tool.
- It is GPL; do not link or ship it in any distribution.
- No raw pointer arithmetic for parsing; use slices with explicit bounds checks.
- No unchecked integer math in parsing; use checked add/mul helpers.
- No implicit aliasing of byte buffers; use explicit slice copies/views.
- Error handling uses explicit error sets; no panics in library code.
- All I/O is isolated to adapters; core logic is pure where possible.
- Use a small set of helpers:
- readU32Le(slice, offset) -> error!u32
- readU64Le(slice, offset) -> error!u64
- readBytes(slice, offset, len) -> error![]const u8
- All helpers check bounds before read and advance offsets explicitly.
- Boehm GC is not used in Zig mode.