Home » Gadgets » Rust: "C is a hostile language"

Rust: "C is a hostile language"

Sunday, July 30th, 2017 | Gadgets

In modern desktop operating systems, parsers are ubiquitous. They usually process untested and possibly untrustworthy data from the Internet and are therefore a comprehensible target for attackers. Writing parsers in programming language C is notorious for making mistakes, says co-founder of Gnome project Federico Mena Quintero at the Guadec conference. To avoid these errors, he recommends using the Rust language instead.

This recommendation from Mena is based on the experience he gained last year as a Librsvg maintainer, which is used to render (render) SVG files. If the library is used for a variety of desktop applications, Librsvg is, for example, a dependency of the GTK toolkit. In addition, the library is used in Wikipedia for display, if very old browsers are used, which SVG can not present themselves.
Mena has taken the care of Librsvg after a few bug fixes in 2015 and then in autumn 2016 started to recreate small code components in Rust, first to teach the language. The construction of Rust and the great interoperability to C made it possible to easily exchange piecewise code. Finally, Mena was at the point where the developer wanted to port the entire code to Rust.
Rust helps to avoid mistakes
A big help for Mena was how Rust was being mistreated: mistakes could not only be very easy to implement, but the writing of mistakes would also be much shorter than simply ignoring mistakes. "That's just magical," Mena said. It is also easier to create unit tests and debug messages with Rust than with C.

In the porting work Mena noticed a number of actually usual errors in the C code such as overflows, which unfortunately are not always obvious. The code for some of these errors comes from the Mena's best C programmers, the Gnome Project ever had. This does not mean that the project has no good programmers. The reason for these mistakes is not people, but rather the language C itself, which is simply "hostile".
This applies in particular to the writing of parsers, which are found in many basic libraries such as Librsvg. One of the biggest problems in C is the processing of strings which are not a native data type of the language. This is different in Rust, which again describes Mena with a code example in which the simple implementation of an error handling becomes clear again. The Google employee and security researcher Matthew Garrett, who is also present, describes the example on Twitter with the word "compelling".
In addition to Rust's already mentioned features, there are new features that are explicitly designed to increase the security of the written code. This includes, for example, the ownership principle, the borrowing checker, or other components of the language that are forced at compile time to avoid errors in running code.
Mena says he himself had fought the Borrow checker for about a month until his Rust knowledge was good enough to write code that compiled easily. Mena still offers the advice: "Do not fight against the compiler, he is your friend" – after all, the Rust compiler protects against many errors that can occur in C.

Incoming search terms:

Related

Bitcoin Price In Japan

Bitcoin Price In Japan View the latest Bitcoin price with our interactive and

Factory Berlin to build the largest star

Factory Berlin, Germany's first and so far larger start-up campus in Berlin-Mitte, is

Jens Spahn does not want to speak Englis

CDU President Jens Spahn is "not amused". He does not want to communicate

Traffic offenders are now facing much to

  … cafetheology.org is an offer of the Ströer Content Group