Brief introduction • First Inventor: Graydon Hoare (about 8 years) • Mozilla foundation(2009~) • Trait-based OOP • Zero-cost abstraction • High concurrency support • Memory safety by ownership and lifetime concept
Problem: Memory Safety • Use-after-free (dangling pointer) • Double free • Null pointer dereference These kind of problems cause not only software crash, but also security vulnerabilities.
Use-after free Simple and trivial case
Dangling pointer Local variable is allocated in stack, a temporal storage of function. & If you return a reference of local variable, the address will be invalidated. If these two functions are far away from each other, this kind of bugs can be very hard to find.
Hard case: Iterator invalidation Can you see the problem?
Even a famous library may betray you If you do not know much about the internals...
Garbage collection • Java, Python, Ruby, C#, Scala, Go... • Programmer creates objects. However, the computer is responsible to remove them. • No explicit malloc and free. – Therefore no mistake. Is the world saved?
The real life is not that easy... • Computer cannot know the exact timing that each object should be freed. – tracing GC:GC engine should track all objects periodically. – reference counting: every object has a counter; the number of pointers referencing itself. • Both ways need more memory and CPU power.
Garbage Collection • No predictability – cannot used for real-time system • Limited concurrency – global interpreter lock • Larger code size – VM(or GC) must included
System program • Must be FAST. • Must has runtime overhead as little as possible. • Must be memory SAFE. • Should be possible to direct memory access. • GC cannot be used in such area!
Rust programming language • Zero-cost abstraction • Memory safety without garbage collection • Super fast code generation • C function compatibility (extern "C") • Simpler syntax than C++
Case study: Servo • Mozilla's next-gen web browser engine • Written in Rust • Parallel layout, rendering, ... almost everything • "During the 2 years of development, we have never experienced any memory- related bugs like use-after-free or double free." - an engineer from Mozilla
Lifetime borrowed pointer cannot outlives the owner!!
Borrowing rules • You cannot borrow mutable reference from immutable object • You can borrow immutable reference many times • You cannot borrow more than one mutable reference • There cannot exist a mutable reference and an immutable one simultaneously • The lifetime of a borrowed reference should be ended before the owner object do