-
What is Rust?
- New systems programming language, aiming to replace C & C++
- Fast, safe, and concurrent
-
Bad Things the Rust compiler won't let you do
- Only one owner, one mutable borrow, one immutable borrow
- prevents data races
- prevents use after free
- prevents double free
- Uninitialized variables
- No nullable pointers
- Not handle a case in a
match - No undefined behavior
- Array bounds checks at runtime defined to panic
- Only one owner, one mutable borrow, one immutable borrow
-
Bad Things you still can do in Rust
unsafe- doesn't prevent memory leaks (consider you can have a circular Rc)
- Deadlock
- Have a non-data race condition
- Fail to call destructors
- Overflow integers
- Abort the program
- Delete the production database
-
Case studies
- Heartbleed
- Buffer Overread - http://xkcd.com/1354/
- https://play.rust-lang.org/?gist=11689d006bc9dd0487de437106ea6a39&version=stable&backtrace=0
- Switching to a safer language is one thing, but not the only thing, that would prevent bugs like heartbleed! http://www.dwheeler.com/essays/heartbleed.html
- Heartbleed
http://deliberate-software.com/safety-rank-part-2/ https://tonyarcieri.com/would-rust-have-prevented-heartbleed-another-look http://www.tedunangst.com/flak/post/heartbleed-in-rust https://doc.rust-lang.org/nomicon/meet-safe-and-unsafe.html https://www.imperialviolet.org/2014/02/22/applebug.html