Google plans to support the use of third-party Rust libraries in its open source browser project Chromium. This is a great endorsement of the programming language and its security properties.
In a blog post published Thursday, Dana Jansens of the Chrome Security Team said that software engineers at Google have started rolling out the Rust toolchain to their build system. Our hope is to have Rust code in Chrome binaries by the end of the year.
“Our goal in bringing Rust to Chromium is to speed up development: a simpler (no IPC) and safer (overall less complex C++, memory-in-sandbox (less code written, less design docs, less security reviews) and improved Chrome security (more lines of code without memory safety bugs, less bugs in code density reduction),” explains Jansens.
Rust can work around the memory safety flaws that account for 70% of the critical security bugs identified in Chromium if they’re not written to be unsafe. The language does not guarantee code invincibility, but it can result in significantly fewer potential flaws.
For what it’s worth, we’re also working to make C++ memory safer. The language, claimed by its creator, he Bjarne Stroustrup, can be memory safe if it conforms to the ISO C++ standard and adheres to certain guidelines enforced by static analysis.
Jansens is grateful to Mozilla for supporting Rust’s development until it matures and gathering enough external support to deserve its own foundation. Mozilla has long been financially supported by Google, who pays for Mozilla as the default search engine for his Firefox browser. But the utility was looking for other sources of funding after Chrome eroded Firefox usage.
Chromium’s foundations of Rust and C++ can interact through tools like cxx, autocxx bindgen, cbindgen, diplomat, and crubit, Jansens explains. These tools provide a safe way to call C++ code from Rust code and vice versa. However, differences in their respective designs limit interoperability between the two languages.
“For example, Rust guarantees temporary memory safety through static analysis that relies on two inputs: lifetime (estimated or explicitly stated) and exclusive mutability,” explained Jansens. increase. “The latter is incompatible with the way Chromium writes most of his C++.”
Jansens realized that Rust and C++ operate by different rules, so interoperability can easily fail. As such, Google is taking a cautious approach.
Initially, Google will support one-way interoperability from C++ to Rust to control the shape of the dependency graph. “Since Rust cannot depend on C++, it cannot know about C++ types and functions except through dependency injection,” explains Jansens. “This way, Rust can’t reach any of his C++ code, only functions passed from C++ through the API.”
And for now, exposure of Chromium to Rust is only through third-party libraries.
Nevertheless, Google’s deepening commitment to Rust has greatly expanded the Rust packaging ecosystem by developing and maintaining tools like crubit to improve bi-directional interoperability between C++ and Rust. can be expected to enrich
Google has already introduced Rust to the Android ecosystem. Microsoft Azure CTO Mark Russinovich called on him to use Rust instead of C++ for new projects. Added Rust support to the Linux kernel. And even Apple, who is reluctant to commit to technology they don’t control, uses Rust. ®