Sylvestre Ledru started working on a reimplementation of GNU Coreutils in Rust during the COVID-19 pandemic and presented it last week during the 2023 edition of FOSDEM. The effort called uutils is now packaged by many Linux distributions and is also used by a famous social network through the Yocto project.
Comparisons of Rust and C++ languages have a common thread: highlighting Rust's superiority over C++ in terms of memory safety. The RisingWave editor explains why he rewrote his native Cloud DBMS from scratch in Rust after leaving the C++ project.
“Rust ensures memory and thread safety at compile time by introducing ownership rules. It goes beyond RAII, a memory management mechanism commonly used in C++. It has two advantages. The first is obvious: once the Rust compiler validates our program, we won't have any segment errors or race conditions at runtime, which would require tens of hours of debugging, especially in a highly concurrent codebase and in mostly asynchronous. The second is more subtle: Rust's compiler simply restricts the types of failures, which reduces tightly nested code snippets that can cause such faulty behavior. Error replication is significantly improved by using deterministic execution. »
GNU Coreutils is a package from the GNU project which contains many basic tools needed for Unix-like operating systems: cp (copy a file or directory), mkdir (create a directory), etc. A developer offers a reimplementation in the Rust language.
One of the goals: to make the package usable on other operating systems: Windows, macOS, Android, FreeBSD, etc. The move comes to revive the debate on the question of whether to continue starting new projects in C and C++ or simply opt for the Rust language.
“The Rust language offers security guarantees by default when it comes to memory management. This is not the case of C and C++, whose use in Mozilla is the cause of memory security problems”, emphasizes Sylvestre Ledru.
However, Bjarne Stroustrup disagrees that comparisons between Rust and C++ limit the notion of securing software to that of securing memory:
“There is no single definition of the notion of 'security' and we can achieve a variety of types of security through a combination of programming styles, support libraries, and by leveraging static analysis. Bjarne Stroustrup thus suggests that what can be obtained from C++ in terms of software security depends, among other things, on the developer and, in particular, on the knowledge of the tools that the language offers, his mastery of the compiler, etc.
Google engineers, aware of what C++ offers them as possibilities, have embarked on the creation of a loan verifier in this language. It is a feature of the Rust compiler that ensures memory safety through memory pointer allocation management.
Google team, whose publication appeared in the third quarter of the previous year, came to the conclusion of that the C++-like system does not lend itself to such an exercise. And to that memory safety in C++ can be achieved with controls during program execution. In other words, it is with slow C++ code that it is possible to achieve a level of security equivalent to that of Rust.
The release of the RisingWave editor comes as Rust stands out from other languages that have been presented for years as alternatives to C and C++. In fact, the Linux kernel is becoming more and more open to Mozilla's systems programming language.
Be the first to comment