Google plans to support the use of third-party Rust libraries in its open source Chromium browser project, a significant endorsement of the programming language and its security features.
On a blog post published on Thursday, Dana Jansens of the Chrome security team said that Google’s software engineers have begun work on a Rust production toolchain to your build system. The hope is to include the Rust code in the Chrome binary before the end of the year.
“Our goal in bringing Rust to Chromium is to provide a simpler solution (no CPI) and safer (least complex C++ in general, no memory safety bugs in a sandbox) to satisfy rule of twoin order to speed up development (less code to write, less design documents, less security review) and improve security (increasing number of lines of code without memory security bugs, decreasing code bug density) of Chrome,” explained Jansens.
Rust, when not written to be insecurecan avoid memory security flaws, which represent 70 percent of the serious security bugs identified in Chromium. The language does not guarantee the invulnerability of the code, but it can mean a lot less potential failures.
For what it’s worth, Google is also working on improving memory safety in C++a language that creator Bjarne Stroustrup insists can be memory-safe when it conforms to the ISO C++ standard and adheres to specific guidelines imposed by static analysis.
Jansens thanked Mozilla, who supported Rust’s development to maturity and attracted enough outside support to deserve it. your own foundation. Mozilla has long had financial backing from Google, which pays to be the default search engine in Mozilla’s Firefox browser. But the utility has sought other sources of funding as Chrome has eroded Firefox usage.
Rust and C++, the base of Chromium, can interact through tools such as cxx, autocxx bindgen, cbindgen, diplomatand crubit, explained Jansens. These tools provide a secure way to call C++ code from Rust code and vice versa. But there are limits to the interoperability between the two languages due to differences in their respective designs.
“For example, Rust ensures temporal memory safety with static analysis that depends on two inputs: lives (inferred or explicitly written) and unique mutability“, Jansens explained. “The latter is incompatible with the way most of Chromium’s C++ is written.”
Jansens noted that because Rust and C++ follow different rules, interop can easily go wrong. That’s why Google is taking a cautious approach.
Initially, Google will support one-way interop from C++ to Rust to control the shape of the dependency graph. “Rust cannot depend on C++, so it cannot know about C++ types and functions except through dependency injection,” explained Jansens. “That way, Rust can’t fall into arbitrary C++ code, only functions passed through the C++ API.”
And for now, Chromium’s exposure to Rust will only be through third-party libraries.
However, Google’s growing commitment to Rust is expected to significantly enrich the Rust suite ecosystem, with the company developing and maintaining tools such as crubit to improve bidirectional interoperability between C++ and Rust.
Google has already brought Rust in the Android ecosystem. Microsoft Azure CTO Mark Russinovich has called for the use of Rust over C++ in new projects. The Linux kernel has added Rust support. And even Apple, reluctant to commit to technologies it doesn’t control, has been using Rust. ®
Comments
Post a Comment