Geoffroy Couprie

Share

Software Security Consultant, author of nom
 unhandledexpression.com
 @gcouprie

Geoffroy handles security and quality assurance at Clever Cloud, develops in Rust and researches on parser security at VideoLAN. He thinks a lot about cryptography, protocol design and data management.

YOW! West 2016 Perth

Safe and Fast Parsers with Nom and Rust

TALK – VIEW SLIDES

Parsing is hard. It is the cause of hundreds of vulnerabilities, implementation mistakes and plain crashes in production. It got easier with techniques like parser combinators, but developers did not adopt them right away, especially in binary formats for low level contexts, like C development. Most solutions were deemed either slow or memory hungry, for right and wrong reasons.

The Rust language, developed by Mozilla, came with promises of safe, low level data manipulation, with efficient memory usage. The Nom parser combinators library was designed to check that assertion and verify that safe, zero copy, streaming parsers were a practical approach. Its development put light on an essential factor of adoption for parsing solutions: the usability and tooling are crucial.

This talk will cover the tricks provided by Rust to manage memory efficiently, its safety net for developers, and its ability to integrate with C code. Then we will approach the interaction between language theory and classical file format (best or worst) practices. I will also present the tools I wrote to make the programmer’s life easy during design, development, debugging and production.