A Year of Rust

A Year of Rust
and what it taught me about life
by: Steve Zeidner

View Slide

View Slide

Writing fast software that is secure and
doesn't crash is hard.

View Slide

Common Software Bugs
• Memory Leaks

• Null Pointer Exceptions

• Buﬀer Overﬂows

• Race conditions

• Deadlocks

View Slide

Race Condition

View Slide

Deadlock

View Slide

}
alarm(0);
break;
}
if (i >= 6)
return 0; /* 978 */
for(i = 0; i < 536; i++) /* 628,654 */
buf[i] = '\0';
for(i = 0; i < 400; i++)
buf[i] = 1;
for(j = 0; j < 28; j++)
buf[i+j] = "\335\217/sh\0\335\217/bin\320^Z\335\0\
335\0\335Z\335\003\320^\\\274;
\344\371\344\342\241\256\343\350\357\25
6\362\351"[j];
/* constant string x200a0 */
/* 0xdd8f2f73,0x6800dd8f,0x2f62696e,0xd05e5add,
0x00dd00dd,0x5add03d0,0x5e5cbc3b */
https://github.com/arialdomartini/morris-worm
Security Challenges

View Slide

View Slide

Community

View Slide

Rust Design Goals
• Syntax similar to C with zero-cost abstractions

• Memory safe

• Smart memory management

• Inferred type system

• Ownership, moves, borrows checked at compile time

View Slide

Safety
• What does safety mean?

• What do we mean by type safety? What are we being kept safe from?

View Slide

Undeﬁned Behavior
int main(int argc, char **argv) {
unsigned long a[1];
a[3] = 0x7ffff7b36cebUL;
return 0;
}

View Slide

Terms
• Well defined - A program has been written so that no possible execution
can exhibit undefined behavior

• Type Safe - A language's type system ensures that every program is well-
defined

View Slide

Type Safety
fn main() {
let a = 123;
a = "this is a string";
}
error[E0308]: mismatched types
--> src/main.rs:3:9
|
3 | a = "this is a string";
| ^^^^^^^^^^^^^^^^^^ expected integral variable, found reference
|
= note: expected type `{integer}`
found type `&'static str`
= help: here are some functions which might
fulfill your needs:
- .len()

View Slide

What does it actually mean to be safe?
• The need for certainty

• What about the unsafe keyword in Rust?
fn index_of(&self, item: &T) -> Option {
let ptr = item as *const T;
unsafe {
if self.as_ptr() < ptr && self.as_ptr().
offset(self.len() as isize)
> ptr {
Some(self.index_of_unchecked(item))
} else {
None
}
}
}

View Slide

View Slide

Polymorphism
• Deﬁnition: The condition of occurring in several diﬀerent forms

• Rust polymorphism: Generics and Traits

View Slide

Generics
/// Given two values, pick whichever one is less.
fn min(value1: T, value2: T) -> T {
if value1 <= value2 {
value1
} else {
value2
}
}

View Slide

Using Traits
use std::io::Write;
let mut buf: Vec = vec![];
buf.write_all(b"hello")?;

View Slide

Traits and Composition
struct Sheep { sheared: bool, name: &'static str }
trait Animal {
// Static method signature; `Self` refers to the implementor type.
fn new(name: &'static str) -> Self;
// Instance method signatures; these will return a string.
fn name(&self) -> &'static str;
fn noise(&self) -> &'static str;
// Traits can provide default method definitions.
fn talk(&self) {
println!("{} says {}", self.name(), self.noise());
}
}

View Slide

impl Sheep {
fn is_sheared(&self) -> bool {
self.sheared
}
fn shear(&mut self) {
if self.is_sheared() {
// Implementor methods can use the implementor's trait methods.
println!("{} is already sheared...", self.name());
} else {
println!("{} gets a haircut!", self.name);
self.naked = true;
}
}
}

View Slide

// Implement the `Animal` trait for `Sheep`.
impl Animal for Sheep {
// `Self` is the implementor type: `Sheep`.
fn new(name: &'static str) -> Sheep {
Sheep { name: name, sheared: false }
}
fn name(&self) -> &'static str {
self.name
}
fn noise(&self) -> &'static str {
if self.is_sheared() {
"baaaaah?"
} else {
"baaaaah!"
}
}
// Default trait methods can be overridden.
fn talk(&self) {
// For example, we can add some quiet contemplation.
println!("{} pauses briefly... {}", self. name, self.noise());
}
}

View Slide

Trait Bounds
/// Print out all the values produced by an iterator
fn dump(iter: I)
where I: Iterator
{
for (index, value) in iter.enumerate() {
println!("{}: {:?}", index, value); // error
}
}
error[E0277]: the trait bound `::Item:
std::fmt::Debug` is not satisfied
--> traits_dump.rs:10:37
|
10 | println!("{}: {:?}", index, value); // error
| ^^^^^ the trait `std::fmt::Debug` is not implemented
| for `::Item`
|
= help: consider adding a `where ::Item: std::fmt::Debug`
bound
= note: required by `std::fmt::Debug::fmt`

View Slide

Trait Bounds
use std::fmt::Debug;
fn dump(iter: I)
where I: Iterator, I::Item: Debug
{
...
}

View Slide

View Slide

Things I Learned from Rust
• Rust Community: Community and support is key

• Memory Safety: The importance of ﬁnding peace in an uncertain world

• Traits: Setting proper goal posts for myself and others

• Inspiration to take on more freelance work

View Slide

• Memory Leaks - ownership system ensures no memory leaks

• Null Pointer Exceptions - lifetime check at compile time

• Race conditions and Deadlocks - prevented with ownership system
• Buﬀer Overﬂows - type safety ensures memory safe programs

Does Rust allow us to write fast, secure software
that doesn't crash?

View Slide

Learn Rust
• Read: Programming Rust

• Attend a meetup: Columbus Rust Society

• Try it out: https://play.rust-lang.org/

• Practice: https://adventofcode.com/

View Slide

Thank You!
• Twitter: @stevezeidner

• GitHub: https://github.com/szeidner

• Email: [email protected]

View Slide

A Year of Rust

A Year of Rust

Steve Zeidner

More Decks by Steve Zeidner

Other Decks in Programming

Featured

Transcript