C-rusted is a new system for applying the safety features of Rust to the venerable C language. The developers are following in the footsteps of TypeScript. They say:
"C-rusted is a pragmatic and cost effective solution to up the game of C programming to unprecedented integrity guarantees without giving up anything that the C ecosystem offers today. That is, keep using C, exactly as before, using the same compilers and the same tools, the same personnel... but incrementally adding to the program the information required to demonstrate correctness, using a system of annotations that is not based on mathematical logic and can be taught to programmers in a week of training."
"Only when the addition of annotations shows the presence of a problem will a code modification be required in order to fix the latent bug that is now visible: in all other cases, the code behavior will remain exactly the same. This technique is not new: it is called gradual typing, and consists in the addition of information that does not alter the behavior of the code, yet it is instrumental in the verification of its correctness. Gradual typing has been applied with spectacular success in the past: Typescript has been created 10 years ago, and in the last 6 years its diffusion in the community of JavaScript developers has increased from 21% to 69%. And it will continue to increase: simply put, there is no reason to write more code in the significantly less secure and verifiable JavaScript language."
They celebrate the greatness of C, citing such things as:C compilers exist for almost any processor, C compiled code is very efficient and without hidden costs, C is defined by an ISO standard, C, possibly with extensions, allows easy access to hardware, C has a long history of usage, including in critical systems, and C is widely supported by all sorts of tools. The cite disadvantages, such as he fact that C code can efficiently be compiled to machine code for almost any architecture is due to the fact that, whenever this is possible and convenient, high level constructs are mapped directly to a few machine instructions, but given that instructions sets differ from one architecture to the other, this is why the behavior of C programs is not fully defined, and that is a problem. And of course, memory references in C are raw pointers that bring with themselves no information about the associated memory block or its intended use and there are no run-time checks made to ensure the safety of pointer arithmetic, memory accesses, and memory deallocation, leading to all the problems we are familiar with: dereferencing null and invalid pointers, dangling pointers (pointers to deallocated memory), misaligned pointers, use of uninitialized memory, memory leaks, double-freeing memory, buffer overruns, and so on.
Since those of you who are familiar with Rust know its claim to fame is the borrow-checking system to ensure memory integrity, I'm going to jump right to the description of how C-rusted handles memory:
"C-rusted distinguishes between different kind of handles:"
"Owner handles: An owner handle referring to a resource has a special association with it. In a safe C-rusted program, every resource subject to explicit disposal (as opposed to implicit disposal, as in the case of stack variables going out of scope), must be associated to one (and only one) owner handle. Through the program evolution, the owner handle for a resource might change, due to a mechanism called ownership move, but at any given time said resource will have exactly one owner. The association between the current owner and the owned resource only ends when a designated function is called to dispose of the resource. Note that an owner handle is a kind of exclusive handle."
"Exclusive handles: An exclusive handle referring to a resource also has a special association with it: while the resource cannot be disposed via an exclusive non-owner handle (only an owner handle allows that), the exclusive handle allows modification of the resource. As a consequence of this fact, no more than one usable exclusive handle may exist at any given time: moreover, the existence of an usable exclusive handle is incompatible with the existence of any other usable handle."
"Shared handles: A shared handle referring to a resource can be used to access a resource without modifying it. As read-only access via multiple handles is well defined, there may exist several shared handles to a single resource. However, during the existence of a shared handle, no exclusive handle to the same resource can be used."
#solidstatelife #computerscience #programminglanguages #rust
