© 2018 Strange Loop
Web frameworks are laden with compromise. Do I choose the simplicity and ease of a dynamically typed language, or the safety, security, and performance of a compiled, statically typed language? Do I choose a framework that's made every decision for me or one that's made few? Rocket is a new web framework for the Rust language that aims to eliminate these compromises.
Rocket builds on Rust's strong type system and code generation facilities to provide a new level of simplicity, safety, security, expressiveness, and performance. With Rocket, developers only write what's unique — never boilerplate — and instruct Rocket to code generate the rest. Code generated by Rocket automatically parses, validates, and deserializes incoming request data and metadata. There is no runtime introspection and no runtime errors; it all happens at compile-time.
Rocket's code generation enables it to protect against input validation hazards that other frameworks consider not-their-problem. In Rocket, request handlers are protected by a set of types, known as request guards, that represent security and data validation policies. Rocket only dispatches requests to a handler when all of its guards pass. In other words, Rocket guarantees that handlers only execute under validated security and data policies.
This talk will describe Rocket and its approach to request handling, focusing on the use of code generation to deliver a superior developer experience and strong security guarantees.
Sergio is a third-year PhD student at Stanford. His research focuses on converging programming language theory with operating systems and security. His recent work introduced Rusty Types, a formal typing discipline based on the Rust programming language. Before Stanford, Sergio spent time interning at Google, Apple, and SpaceX where he worked on projects ranging from designing anomaly detection algorithms to tuning the performance of operating systems running on rockets and other spacecraft.