The latest release of Rust, the secure systems programming language which will hopefully do away with buffer overflows, features a stabilised core library which should encourage developers' confidence in adopting it – at least for some smaller projects at the time being..
Rust (README) was originally developed by Graydon Hoare, who began working on the language in 2006 while at Mozilla. The project was subsequently adopted by Mozilla Research which continues to sponsor and use it in developing Servo, its experimental new browser engine.
Hoare stepped aside in 2013 and was succeeded by Brian Anderson, who oversaw the first "stable" version of Rust, 1.0.0, in May 2015.
The largest feature of the 1.6 release is the stabilised
libcore, which should boost developers' confidence in choosing the language.
Rust utilses a two-tier standard library, in which
libcore is a "completely platform agnostic" library which "requires only a handful of external symbols to be defined, while
libstd builds atop it to support "memory allocation, I/O, and concurrency."
Rust's release announcement said:
libcorebeing stabilized is a major step towards being able to write the lowest levels of software using stable Rust. There’s still future work to be done, however. This will allow for a library ecosystem to develop around
libcore, but applications are not fully supported yet. Expect to hear more about this in future release notes.
About 30 library functions and methods have been declared stable in the 1.6 release, which featured 132 individual contributors. Rust is very much still in development but its relatively rapid three-branch release cycle is encouraging the enthusiastic engagement of the development community.
"The fact that Rust continues to mature is incredibly exciting," said Ivan Ristic, software engineer and founder of SSL Labs, to The Register.
"One of the biggest reasons we're struggling with computer security today is that our tools are too primitive and fragile," said Ristic. "Most components of our infrastructure are written in low level languages such as C. Having been tortured by C during my years of wiring security-critical software, I don't think I exaggerate when I compare programming in it with walking through a minefield."
Ristic concluded: "With Rust, many of the classes of problem simply go away, by design. At the same time, software written in it is compatible with existing software written in C. What this means is that we can start to slowly migrate to Rust and significantly improve our security as a result." ®