Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

Chapter 1: The Systems Programming Problem

Prerequisites

None — start here

You will understand

  • The five bug classes Rust prevents
  • Why C/C++ failed at memory safety
  • What problem Rust was designed to solve

Reading time

40 min
+ 15 min exercises
You'll need this for Chapter 10 The five bug classes you learn here are exactly what ownership prevents. Ch 10 shows the mechanism; this chapter explains the motivation. Ch 10: Ownership →
Bug Poster

The Five Catastrophic Bug Classes

USE-AFTER-FREE char *p = malloc(16); free(p); puts(p); Consequence Stale pointer still exists, ownership does not. CVE Pattern Heap corruption, secret disclosure. DOUBLE-FREE char *p = malloc(64); free(p); free(p); Consequence Two cleanup claims on the same resource. CVE Pattern Allocator metadata corruption. DATA RACE counter++ // thread A counter++ // thread B Consequence Unsynchronized mutation breaks the memory model. CVE Pattern Kernel races, privilege escalation. NULL DEREFERENCE Node *n = find(); n->value; 0 Consequence Reference-shaped variable holds invalidity inside it. CVE Pattern Crash or undefined control flow. ITERATOR INVALIDATION for (it = v.begin(); it != v.end(); ++it) v.push_back(); Consequence View assumes storage stability after mutation. CVE Pattern Dangling iterator, silent corruption.
These five bug classes are not rare corner cases. They are recurring expressions of the same deeper problem: the program allows invalid memory or concurrency states to exist as ordinary states.
Landscape Diagram

The False Dichotomy: Fast and Unsafe vs Safe and Slow

Safer Faster Unsafe Slow False dichotomy line C C++ Go Python RUST Top-left: fast, little protection. Rust's claim: compile-time safety without a GC tax. Managed runtimes or simpler models reduce bug classes, but change control surfaces.
Rust matters because it challenges the old tradeoff itself. The point is not that other languages are wrong; the point is that a systems language can pursue safety without giving up performance-class control.
Incident Diagram

Heartbleed as a Memory Disclosure Map

Server process memory Heartbeat request payload = 18 bytes claimed = 64 KB Intended echo buffer Safe response zone Overread zone Process memory beyond the requested payload cookies, keys, user data Attacker receives requested bytes + adjacent secrets in reply The failure was not “a bad packet.” The failure was a violated bounds invariant in memory-unsafe code.
Heartbleed is the right kind of case study because it makes the risk physical. The process did not “throw an exception.” It copied bytes from the wrong region of memory and sent them back across the network.

This is the bug class that motivated Rust’s existence. Step through a use-after-free in C — and notice that no compiler error ever appears.

Interactive simulation (requires JavaScript): a C program mallocs a buffer, frees it, then reads through the stale pointer — the compiler never objects, and the read is undefined behavior at runtime. Rust's ownership rules reject the equivalent program at compile time.

## Step 1 - The Problem