Hammer: Parser Combinators for C

Hammer is a nifty parser combinator library from the people behind Language-Theoretic Security [1].<p>Their goal is to promote the use of context-free formats and protocols, to avoid falling into the trap of trying to parse recursively-enumerable languages, a problem that reduces to the halting problem. The idea is that by sticking to context-free grammars, protocols will be easier to parse, and the bulk of memory corruption errors can eliminated.<p>Meredith Patterson and Sergey Bratus gave an excellent talk on the subject at 28c3 [2], and they&#x27;ve put together a video series on using Hammer to build a secure parser for JSON RPC [3].<p>[1] <a href="http:&#x2F;&#x2F;langsec.org&#x2F;" rel="nofollow">http:&#x2F;&#x2F;langsec.org&#x2F;</a><p>[2] <a href="https:&#x2F;&#x2F;www.youtube.com&#x2F;watch?v=3kEfedtQVOY" rel="nofollow">https:&#x2F;&#x2F;www.youtube.com&#x2F;watch?v=3kEfedtQVOY</a><p>[3] <a href="https:&#x2F;&#x2F;github.com&#x2F;sergeybratus&#x2F;HammerPrimer" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;sergeybratus&#x2F;HammerPrimer</a>

Great work by the LANGSEC crowd. My recent interest in parsers was those verified for correctness or security. So, they have security and a certain amount of correctness. A great next step would be combining it with work on formal verification of parsers or generators (see below). On top of that, ensure the subset could generate SPARK and&#x2F;or CompCert-compatible C code to automate much of the rest of the problem.<p>TRX formally verified parser interpreter <a href="http:&#x2F;&#x2F;arxiv.org&#x2F;pdf&#x2F;1105.2576.pdf" rel="nofollow">http:&#x2F;&#x2F;arxiv.org&#x2F;pdf&#x2F;1105.2576.pdf</a><p>Validating LR(1) Parsers <a href="http:&#x2F;&#x2F;gallium.inria.fr&#x2F;~xleroy&#x2F;publi&#x2F;validated-parser.pdf" rel="nofollow">http:&#x2F;&#x2F;gallium.inria.fr&#x2F;~xleroy&#x2F;publi&#x2F;validated-parser.pdf</a><p>Verifying a parser for a C compiler <a href="http:&#x2F;&#x2F;gallium.inria.fr&#x2F;~scherer&#x2F;gagallium&#x2F;verifying-a-parser-for-a-c-compiler&#x2F;index.html" rel="nofollow">http:&#x2F;&#x2F;gallium.inria.fr&#x2F;~scherer&#x2F;gagallium&#x2F;verifying-a-parse...</a>

I&#x27;ve been using ragel for a few years, and really like it; but it does have the problem of not handling very well bit based structures (or, even, 8 bits based structures).<p>Also, the author closed the mailing list and packed up; presumably to work for a company who &#x27;bought him out&#x27;. Closing the mailing list was a notch rude...<p>Hammer does look pretty nice, I&#x27;m definitely going to have a poke at it!

Amusing name given the (coincidental?) existence of Nail [0][1]<p>[0] [PDF] <a href="https:&#x2F;&#x2F;people.csail.mit.edu&#x2F;nickolai&#x2F;papers&#x2F;bangert-nail-langsec.pdf" rel="nofollow">https:&#x2F;&#x2F;people.csail.mit.edu&#x2F;nickolai&#x2F;papers&#x2F;bangert-nail-la...</a><p>[1] <a href="https:&#x2F;&#x2F;github.com&#x2F;jbangert&#x2F;nail" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;jbangert&#x2F;nail</a>

I think the biggest question I need answered is &quot;why would I use this and not ANTLR&quot;?