MSRC-Security-Research
c2rust
MSRC-Security-Research | c2rust | |
---|---|---|
9 | 46 | |
1,292 | 3,682 | |
0.4% | 1.4% | |
5.1 | 9.4 | |
7 months ago | 10 days ago | |
Python | Rust | |
Creative Commons Attribution 4.0 | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
MSRC-Security-Research
-
A reactionary take on memory safety
You’ll find more primary sources across different organizations that all arrive at the 60 - 70% number. But what really grinds my gears here is that you take a piece from the article you’re criticizing and pretend that it’s a quote from Matt Miller.
It’s actually quite easy to find a primary source here because the slides from the talk that the article is based on are available: https://github.com/microsoft/MSRC-Security-Research/blob/mas...
To quote from those slides: „~70% of the vulnerabilities addressed through a security update each year continue to be memory safety issues“.
-
Zig and Rust
> It's still bizarre though that Rust is capturing such ridiculous mindshare.
I don't think it's that bizarre. The two big headline features that bring Rust such popularity are: #1 "70% of bugs are memory-safety bugs" [1] and Rust can help solve those, and #2 C/C++ have a couple of package manager solutions - none of which have critical mass and Rust "comes with" cargo.
Those two make me really eager to continue experimenting with Rust.
> It seems to be a temporary low-level programming zeitgeist driven by YouTube and Reddit recommendation algorithms to an audience that has never done it and probably never will.
This is some weird gatekeep-y kinda thing. Most of us didn't start out with low-level programming. Wouldn't it have been odd and frustrating for someone to tell your younger self that you have "never written C and probably never will"?
[1] https://github.com/microsoft/MSRC-Security-Research
-
Will Carbon Replace C++?
https://github.com/microsoft/MSRC-Security-Research/blob/mas...
- How CastGuard Works [BHUSA 2022]
-
Arm releases experimental CHERI-enabled Morello board
Windows is likely a big task for the same reasons as SMAP (https://github.com/microsoft/MSRC-Security-Research/blob/mas...). XNU should be comparable to FreeBSD, which CheriBSD is a fork of, as both use Mach's VM for memory management and have a bunch of shared code in various places, but userspace is more of an unknown quite how much effort it'd be (you'll need to port Objective-C and, now, Swift, for example). For Chromium we have ported WebKit, so I'd imagine Blink isn't too dissimilar. V8 is likely interesting, though we have a version of WebKit's JSC JIT for Morello, which gives confidence in V8 being doable.
- Security Analysis of CHERI ISA
- Security Analysis of Cheri ISA [pdf]
-
BleedingTooth: Linux Bluetooth Zero-Click Remote Code Execution
A related post from Google Security Blog[0]:
> "A recent study[1] found that "~70% of the vulnerabilities addressed through a security update each year continue to be memory safety issues.” Another analysis on security issues in the ubiquitous `curl` command line tool showed that 53 out of 95 bugs would have been completely prevented by using a memory-safe language. [...]"
[0]: https://security.googleblog.com/2021/02/mitigating-memory-sa...
[1]: https://github.com/Microsoft/MSRC-Security-Research/blob/mas...
-
Rust for Windows
Here is some of the internal advocacy going on at Microsoft.
- Managed languages if you can afford a GC
- Rust
- C++ with Core Guidelines
https://github.com/microsoft/MSRC-Security-Research/tree/mas...
Note that there are still some teams like Azure Sphere and Azure RTOS, which are only providing C based SDKs, so no everyone is on the same wave length.
c2rust
-
Converting the Kernel to C++
A recent practical example of the former: the fish shell re-wrote incrementally from C++ to Rust, and is almost finished https://github.com/fish-shell/fish-shell/discussions/10123
An example of the latter: c2rust, which is a work in progress but is very impressive https://github.com/immunant/c2rust
It currently translates into unsafe Rust, but the strategy is to separate the "compile C to unsafe Rust" steps and the "compile unsafe Rust to safe Rust" steps. As I see it, as it makes the overall task simpler, allows for more user freedom, and makes the latter potentially useful even for non-transpiled code. https://immunant.com/blog/2023/03/lifting/
-
Best tools to convert code between languages?
But not all transpilers are between languages where at least one of them is designed to be transpiled. For example, c2rust can transpile, as the name suggests, C to (ugly, unsafe) Rust. A while ago there was a Java -> C compiler in GCC (GCJ), but it's pretty out of date now.
-
Translate C code to Rust working with libc
I do not know about your specific issue but you may be interested by https://github.com/immunant/c2rust
-
Rewrite in Rust or Use Rust-bindings
You should also consider using C2Rust (they're even working on C -> safe Rust translation)
-
Emitting Safer Rust with C2Rust
> The date at the bottom of the article is 2022-06-13. Has there been further progress?
The article links to their github repo:
https://github.com/immunant/c2rust
There's commits in the last hour, so at least some signal of life.
-
Writing an OS in Rust to run on RISC-V
This is arguably already the state of things.
Rust might get compiled down through MIR, down through LLVM IR, down to assembly or wasm... which then might be JIT or AOT (re)compiled into other bytecodes... which might perhaps be decompiled back up to C... and C might be retranslated back to horrific unsafe-spamming Rust by the likes of https://c2rust.com/. We've come full circle!
The main issue is that retranslating high level languages into other high level languages isn't something that there's actually a lot of demand for, especially commercially, especially given the N x M translation matrix going on. So a lot of the projects "stabilize" (get abandoned). And automatically translating between the idioms of those languages gets even nastier in terms of matrix bloat.
Well, you've got stuff like MSIL and JVM bytecodes which are higher level, and preserve more type information, and can be compiled to / decompiled from while still preserving more structure, but they still form competing incompatible ecosystems.
-
Will Carbon Replace C++?
That's the wrong direction. What's needed are intelligent converters which convert less-strict languages to more-strict ones.
Non-intelligent converters just make a mess. Here's c2rust.[1]
Classic C++ to modern C++, plus a compiler flag to lock out all the old unsafe stuff, would be an achievement.
[1] https://c2rust.com/
- What would you rewrite in Rust?
-
Red Black Tree in Rust
Well, technically, it's not hard to build such data structures. If you are willing to liberally use raw pointers, UnsafeCell, MaybeUninit and ManuallyDrop, then you can more-or-less write C-equivalent code in unsafe Rust. (there are even transpilers from C to Rust)
-
In Rust We Trust – A Transpiler from Unsafe C to Safer Rust
/uj This transpiles from C to unsafe Rust using an existing tool, then strips the unsafe keyword from the generated function signatures
What are some alternatives?
rust-zmq - Rust zeromq bindings.
min-sized-rust - 🦀 How to minimize Rust binary size 📦
wuffs - Wrangling Untrusted File Formats Safely
subsurface - This is the official upstream of the Subsurface divelog program
PowerShell - PowerShell for every system!
librope - UTF-8 rope library for C
windows-rs - Rust for Windows
checkedc - Checked C is an extension to C that lets programmers write C code that is guaranteed by the compiler to be type-safe. The goal is to let people easily make their existing C code type-safe and eliminate entire classes of errors. Checked C does not address use-after-free errors. This repo has a wiki for Checked C, sample code, the specification, and test code.
Cargo - The Rust package manager
zz - 🍺🐙 ZetZ a zymbolic verifier and tranzpiler to bare metal C [Moved to: https://github.com/zetzit/zz]
winapi-rs - Rust bindings to Windows API
rtorrent - rTorrent BitTorrent client