The document discusses the advantages of Rust over C and C++, particularly focusing on memory and thread safety through its ownership model which helps prevent common vulnerabilities. It highlights the prevalence of memory unsafety issues in software, which can lead to significant security risks and breaches. While Rust provides strong performance and a supportive community, it also presents challenges such as steep learning curves and complex error messages.

1. Why Rust?
With Edd Barrett

2. A Little About Me
e ResearchAssociate @King’s College London
e Former postgrad of University of Kent.
e OpenBSD Developer (ports)
@ebarrett@mastodon.social @vext01

3. Rust

4. C and C++

5. C and C++
C
e 1972
e Dennis Ritchie, Bell Labs
C++
e 1985
e Bjarne Stroustrup
Both “systems” languages.

6. C and C++ arePopular Languages
https://www.tiobe.com/tiobe-
index/

7. C and C++ arePopular Languages
https://thenewstack.io/evolve -die-popular -programming-languages-confront-newcom ers-tiobe-
index/

8. The problem languages like C and C++

9. The problem languages like C and C++
Unsafe

10. The problem languages like C and C++
Unsafe
e Memorysafety
e Threadsafety

11. The problem languages like C and C++
Unsafe
e Memorysafety
e Threadsafety

12. Memory Safety
* s ) {v o i d d o _ s t u f f ( c h a r
. . .
i f ( e r r o r )
f r e e ( s ) ;
}
i n t m a i n ( v o i d ) {
c h a r * s = m a l l o c ( 1 6 ) ;
s t r n c p y ( s , " h e l l o " , 1 6 ) ;
p r i n t f ( " s= ’ s’ n " , s ) ;
d o _ s t u f f ( s ) ;
p r i n t f ( " s= ’ s’ n " , s ) ; / / < - - Use a f t e r f r e e !
r e t u r n ( EXIT_ SUCCESS ) ;
}

13. Kinds of Memory Error
e Useafter free
e Double free
e Buffer overflow
e Dangling pointer
e Freeinganinvalidaddress
Experiencedprogrammers makethesemistakes!

14. Memory Errors = Undefined Behaviour
What should happen afterwards is notdefined!
e Program may continue to work OK (you got
lucky)
e Program may crash
e Program my continue, but behave differently

15. Memory Safety
$ ./use-after -free
s=’hello ’
s=’ ’

16. Security vulnerabilities

17. *Not anaccuratedepiction of a hacker
https://pixabay.com/phot os/ hacker -attack-mask-internet-2883632/

18. Hackers!
“Hackers” exploit memory errors
Often they can“persuade” abrokenprogram to do
their bidding

19. What Hackers Want

20. What Hackers Want
e To steal your sensitive data.

21. What Hackers Want
e To steal your sensitive data.
e To run naughty programs on your computer.

22. How bad is the problem?

23. CVEs
Common Vulnerability and Exposures
Database

24. https://nvd.nist.gov/ vuln/detail/CVE -2019-8225

25. CVE Statistics: Cifuentes andBierman
http:
//drops.dagstuhl.de/opus/volltexte/2019/10546/

26. CVE Statistics: Cifuentes andBierman
For the five years from 2013 to 2017: 5,899
buffer errors
(That’s about 21%of the data)
Average total cost of a data breach:
US$3.86 million

27. Other Statistics: Alex Gaynor
https://alexgaynor.net/2019/aug/12/
introduction-to-memory-unsafety-for-vps-of-engineering/

28. Other Statistics: Alex Gaynor
A recent study found that 60-70% of vul-
nerabilities in iOS and macOS are caused
by memory unsafety.
Microsoft estimates that 70% of all vulnera-
bilities in their products over the last decade
have been caused by memoryunsafety.
Google estimated that 90% of Android vul-
nerabilities arememoryunsafety.

29. How bad is the problem?
Pretty bad!

30. What can wedo?

31. What can wedo?
e Detect and fix using dynamic/static analysis

32. What can wedo?
e Detect and fix using dynamic/static analysis
e OS-level mitigations

33. What can wedo?
e Detect and fix using dynamic/static analysis
e OS-level mitigations
e Usea“managed” language
e GarbageCollection :(

34. Mozilla

35. Firefox

36. Rust

37. Rust’s Motivation
Rust’s rich type system and owner- ship
model guarantee memory-safety and
thread-safety, and enable you to eliminate
many classes of bugs at compile-time.
(+ performance + productivity)

38. Example: Use after Free in Rust
fn do_stuff(s: String) {
...
if error {
drop(s); // Not necessary.
}
}
fn main () {
let s = String ::from("hello");
println!("s=’{}’", s);
do_stuff(s);
println!("s=’{}’", s);
}

39. Example: Use after Free in Rust
e r r o r [ E0382 ] : borrow o f moved v a l u e : ‘s‘
l e t s
- - > s r c / m a i n . r s : 1 2 : 2 4
|
8 |
|
|
|
= S t r i n g : : from ( " h e l l o " ) ;
- move o c c u r s b e c a u s e ‘s‘h a s t y p e ‘s t d : :
s t r i n g : : S t r i n g ‘, which does n o t
i m p l e m e n t t h e ‘Copy ‘ t r a i t
d o _ s t u f f ( s ) ;
- v a l u e moved h e r e
p r i n t l n ! ( " s= ’{}’",
he r e
. . .
11 |
|
12 |
|
|
s ) ;
^ v a l u e borrowe d
a f t e r move
e r r o r : a b o r t i n g due t o p r e v i o u s e r r o r

40. Ownership

41. Ownership
Lifetimes

42. Rust’s Ownership and Lifetimes
Compile-time memorysafety without agarbage
collector.

43. Rust’s Ownership and Lifetimes
Compile-time memorysafety without agarbage
collector.
Secureand performant systemsprogramming!

44. The take away message

45. The take away message
With Rust, memoryerrors canbe(mostly) athing
of the past.

46. The take away message
With Rust, memoryerrors canbe(mostly) athing
of the past.
https://pixabay.com/photos/thumbs -up-thumb-hand-positive-

47. What else is good about Rust?
e Pretty good performance.

48. What else is good about Rust?
e Pretty good performance.
e Goodstandard library.

49. What else is good about Rust?
e Pretty good performance.
e Goodstandard library.
e Goodand safemulti-threading support.

50. What else is good about Rust?
e Pretty good performance.
e Goodstandard library.
e Goodand safemulti-threading support.
e Pretty portable.

51. What else is good about Rust?
e Pretty good performance.
e Goodstandard library.
e Goodand safemulti-threading support.
e Pretty portable.
e Thriving community and ecosystem.

52. Any Downsides?

53. Any Downsides?
e Rust is quite hard to learn.
e
e
e
Ownership/lifetimes are unfamiliar.
Error messages hard to understand.
Large language.

54. Any Downsides?
e Rust is quite hard to learn.
e
e
e
Ownership/lifetimes are unfamiliar.
Error messages hard to understand.
Large language.
e Rust is still young and changing.

55. Any Downsides?
e Rust is quite hard to learn.
e
e
e
Ownership/lifetimes are unfamiliar.
Error messages hard to understand.
Large language.
e Rust is still young and changing.
e Compile-times canbeslow.

56. Any Downsides?
e Rust is quite hard to learn.
e
e
e
Ownership/lifetimes are unfamiliar.
Error messages hard to understand.
Large language.
e Rust is still young and changing.
e Compile-times canbeslow.
e Somethings arequite hard in “safe” Rust.
e unsafe keyword

57. Resources
Website:
https://www.rust-lang.org/
GitHub:
https://github.com/rust-lang/rust
Try it out online:
https://play.rust-lang.org/
Learn:
https://doc.rust-lang.org/rust-by-example/