Consider converting to Rust language

[XVilka]

Rust language offers many things compared to C:

• Rust is memory safe. By design, Rust code can't have dangling pointers, buffer overflows or other type of memory related errors.
• Rust is as fast as C/C++ while it is far safer.
• Rust is general purpose language which can be used in any purpose.
• Rust is great at concurrent programming.
• Rust has a inbuilt dependency and build management tool known as Cargo.

It will simplify documentation generation, build system, Windows support, will help to avoid some annoying bugs and still be able to provide the interface as a C library for any external user.

There is available automated tool called c2rust that offers automated conversion from C to Rust, along with the refactoring tool which allows scripting in Lua.

[AgentD]

Hi!

Thanks for the pointers on c2rust. Besides the hype, I've stumbled over Rust repeatedly throughout the last ~5 years in the context of program verification and followed it with some mild interest.

I wrote this project in C for basically this reason: I'm a C programmer. I've worked almost exclusively on C code in the last ~12 years, including the last 7 years of my day job. I have worked with numerous other languages too (including paid work on C++, Go, C#, Java, Objective-C and x86_64 & ARM assembly code) but C is by far the one I would consider myself most familiar with, especially when it comes to low level stuff. Any other language would be a learning curve for me and I would consider learning a language and its OS API while working on a project much more risky than working on a project using an API and language I'm familiar with.

At some points in the last year I thought it would be much easier if I had chosen to go with modern C++ instead, but with the choice of adding a libsquashfs library came a second reason: Interoperability. Pretty much any programming language has a way to interface with C libraries.

If I was truly concerned about safety and security to the point of picking a specific programming language, I would go with Ada. Mainly because it's standardized and has multiple implementations from different vendors available. I would consider it more mature due its age and the fact that there are no fanboys and no hype around it.

However, I'm not that much concerned. In contrast to what I've heard from Rust advocates over and over, modern C programs aren't written by throwing pointers around higgledy piggledy. A little over 90% of the libsquashfs code base I would consider trivial. Components do complex tasks by using lower level abstractions that in turn use lower level abstractions all the way down to wrappers around OS APIs. If designed right, each layer is self contained, concise and simple to comprehend.

I am concerned about the remaining ~10%, not because of object life time mismanagement, but because of having missed an integer overflow, a concurrency issue or worst of all: a subtle logic bug. I would definitely not downplay any safety or security concerns around libsquashfs. The last 9 years have taught me that code I upload onto GitHub has a tendency to crop up in the weirdest places, including safety critical applications.

Please don't get me wrong here, I definitely don't want to downplay the efforts or the goals of the Rust community which I think are very laudable. Nevertheless, I prefer the approach of sticking with C and slowly trying to break the remaining complex parts up into layered components that are simpler and fixing issues along the way instead of switching to a different programming language altogether and suddenly making the corner cases and pitfalls of all of the code hard to grasp for myself when a problem suddenly does come up (and it always will).