Skip to content

Week 24 - Capstone Integration, Profiling, Hardening, Defense

24.1 Conceptual Core

  • The final week is integration, not new material. Bring the chosen capstone (see CAPSTONE_PROJECTS.md) to merge-ready quality: profile, tune, document, and prepare to defend the design.

24.2 Mechanical Detail-Profiling Toolkit

  • perf + flamegraphs (flamegraph crate or cargo flamegraph): the daily driver for CPU time analysis on Linux.
  • samply: a perf record alternative producing Firefox-Profiler-compatible output. Lower friction.
  • heaptrack for allocator profiling. dhat-rs for in-process heap snapshots in tests.
  • cargo-llvm-lines: which generic instantiations are blowing up codegen?
  • cargo-bloat: which symbols dominate the binary?
  • tokio-console: which tasks/locks are starving?
  • pprof-rs + criterion: capture flamegraphs directly from benchmarks.

24.3 Mechanical Detail-Hardening Pass

By now, every previous module has fed the hardening/ workspace. Roll it up into one final release-checklist.md: - [ ] lto = "fat", codegen-units = 1, panic = "abort", strip = "symbols" in release. - [ ] PGO instrumented build → representative workload → optimized build (see Appendix A). - [ ] BOLT post-link optimization on the final binary if available. - [ ] Cross-compilation matrix green for all target triples. - [ ] cargo deny, cargo audit, cargo geiger, cargo semver-checks all green. - [ ] Miri clean on unsafe code paths. - [ ] Loom clean on concurrent paths. - [ ] Property tests, fuzz harness, snapshot tests in CI. - [ ] tracing + metrics + traces wired and tested. - [ ] Runbook, ADRs, threat model, and SECURITY.md present. - [ ] Reproducible build verified via cargo vet or a SOURCE_DATE_EPOCH-pinned Docker image.

24.4 Lab-"Defend the Design"

Schedule a 45-minute mock review with a senior peer (or record yourself if none is available). Present: - The architecture diagram. - One slide per non-obvious decision (e.g., "why sharded RwLock instead of dashmap", "why tokio over glommio"). - A live demo of the test suite. - A live demo of one production-hardening tool (PGO, BOLT, or fuzz corpus).

The deliverable is the defense, not the slides. If you cannot answer "what fails first under load?" or "what is your worst-case allocation pattern?", you have not yet finished the curriculum.

24.5 Idiomatic & Clippy Drill

  • Final pass: cargo clippy --workspace --all-targets --all-features -- -D warnings -W clippy::pedantic -W clippy::nursery -W clippy::cargo. Fix or #[allow] with a rationale comment for each remaining lint. Zero unjustified allows.

24.6 Production Hardening Slice

  • Tag the capstone repo v1.0.0. Generate a release artifact with cargo dist. Sign the release with cosign or a Sigstore-compatible flow. The final commit hash is the artifact you reference on your resume.

Month 6 Deliverable

The chosen capstone (see CAPSTONE_PROJECTS.md): - Compiler track: a merged or in-review PR against rust-lang/rust. - Fintech track: a benchmarked matching engine in a public repo. - Kernel track: a rust-for-linux driver with KUnit tests.

Plus the hardening/ workspace, now a publishable Cargo template under your name.

You are done. The next steps are no longer pedagogical; they are professional.

Comments