Joshua Liebow-Feeser Presents at RustConf 2024 in Montreal
/ 4 min read
Quick take - On September 12, 2024, Joshua Liebow-Feeser, a Software Engineer at Google, presented at RustConf 2024 in Montreal, highlighting Rust’s “X-safety” feature and its potential to enhance software reliability, particularly through the successful development and testing of the new networking stack, Netstack3.
Fast Facts
- Joshua Liebow-Feeser, a Software Engineer at Google, presented at RustConf 2024 in Montreal, focusing on Rust’s innovative “X-safety” feature that allows developers to define custom safety properties for code compilation.
- His talk highlighted groundbreaking research on addressing network protocol errors and cryptographic vulnerabilities, emphasizing the potential of Rust to revolutionize software development in safety-critical environments.
- Liebow-Feeser led the development of Netstack3, a next-generation networking stack for Fuchsia, which consists of 63 crates and 192,000 lines of Rust code, and successfully identified only three bugs during extensive testing on 60 devices.
- He introduced a framework for architecting robust systems using Rust, encompassing Definition, Enforcement, and Consumption, and provided practical examples of ensuring thread safety and preventing deadlocks.
- The presentation underscored the importance of Rust’s memory and thread safety principles, encouraging developers to explore new domains and leverage Rust’s features for creating reliable software solutions.
Joshua Liebow-Feeser Presents at RustConf 2024
On September 12, 2024, Joshua Liebow-Feeser, a Software Engineer at Fuchsia Security, Google, delivered a presentation at RustConf 2024. The event was held in Montreal, Canada, and was also available online. RustConf 2024 was organized by the Rust Foundation and emphasized the Rust programming language and its vibrant community.
Focus on X-Safety
Liebow-Feeser’s talk focused on Rust’s innovative support for “X-safety.” This feature empowers developers to define arbitrary safety properties necessary for code compilation. During his presentation, Liebow-Feeser presented groundbreaking research, illustrating how the X-safety feature can address significant challenges, such as network protocol errors and cryptographic vulnerabilities. He argued that embracing this aspect of Rust could revolutionize software development, particularly in environments where safety is critical.
Introduction of Netstack3
A key highlight of the event was the introduction of Netstack3, a next-generation networking stack for Fuchsia, developed entirely in Rust. This new stack is designed to replace the previous version, Netstack2, which was implemented in Go. Development on Netstack3 commenced six years ago, with Liebow-Feeser leading the project for the initial four years. Netstack3 comprises 63 crates and approximately 192,000 lines of Rust code, making it notably larger than the top ten crates on crates.io combined. It manages nearly all networking traffic within the operating system and implements various networking protocols.
The testing phase for Netstack3 was extensive, conducted on approximately 60 devices over 11 months, resulting in the identification of only three bugs. This success underscores the effectiveness of Rust’s programming model in fostering reliable software systems. A cornerstone of Netstack3’s architecture is the principle that “buggy programs don’t compile,” leveraging Rust’s type system and ownership model to ensure memory and thread safety.
Recommendations for Robust API Design
Liebow-Feeser introduced a comprehensive framework aimed at architecting robust systems using Rust, encompassing three critical steps: Definition, Enforcement, and Consumption. He provided practical examples illustrating how to define invariants using a binary tree, implement thread safety through the Send trait, and prevent deadlocks via a lock ordering graph.
He also shared general recommendations for designing robust APIs, advising developers to avoid partial functions that may panic or return Option or Result types unless absolutely necessary. He emphasized the importance of accurately reflecting the complexity of the domain within APIs to ensure correctness and suggested that each problem should be approached with tailored solutions, employing various language features rather than adhering strictly to a singular methodology.
The implications of Rust’s methodologies extend to high-assurance domains, including automotive, aerospace, and medical fields, where safer and more scalable software solutions are paramount. Liebow-Feeser called upon developers to harness Rust’s features to establish new safety guarantees and explore additional domains and types of bugs that could benefit from Rust’s safety principles.
In summary, Liebow-Feeser’s presentation underscored Rust’s foundational principles of memory and thread safety, demonstrating how these principles can be expanded to prevent other types of bugs. The success of Netstack3 in field testing exemplifies the potential for Rust to transform software engineering practices, encouraging developers to delve into new possibilities for creating robust and reliable software systems.
Original Source: Read the Full Article Here
