Re: The Case for Rust (in the base system)
- In reply to: Alan Somers : "Re: The Case for Rust (in the base system)"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 31 Jul 2024 15:46:27 UTC
On 31 Jul 2024, at 16:40, Alan Somers <asomers@FreeBSD.org> wrote: > > * ctld: while working on some bugs in ctld, I had trouble > understanding the config file parsing. So I rewrote that part in > Rust, just to help my understanding. Later, I rewrote the XML > parsing, too. Then I rewrote the LUN creation and deletion, just to > see how hard it would be. All of those parts take about 5x fewer SLOC > in Rust than in C, and they're less buggy, too. Config file parsing > is more consistent, no memory leaks, etc. Alas, I'm not planning to > finish this project, since the base system doesn't allow Rust and ctld > is too tightly coupled to ctl to live in ports. C is absolutely terrible for parsing on any metric (even C++ lets you write parsers in a fraction of the code and fewer bugs). It’s one of the places where Rust provides some very easy wins: - Lifetimes are easy to reason about in parsers, they fit well into Rust’s ownership model because the input is a stream and the output is a tree. - Parsers, by definition, are part of your attack surface because they’re taking data from outside. Replacing parsers with Rust (or something like EverParse) has a very high security return relative to the investment of effort. David