Google plans to support the use of third-party Rust libraries in the open-source browser project Chromium, which is an important validation of its programming language and security features.
Inside blog post Dana Jansens of the Chrome security team, posted on Thursday, said that Google’s software engineers have started working on it. and production Rust toolchain to the build system. The hope is to include the Rust code in the Chrome binary before the end of the year.
“Our goal in bringing Rust to Chromium is simpler (no IPC) and more secure (less complex C++ in general, no memory security bugs in sandbox either) satisfactory way rule of twoJanssens “explained” to speed up development (less code to write, less design documents, less security reviews) and improve Chrome’s security (increase the number of lines of code without memory security bugs, reduce the error density of the code).
rust, when not written to be insecureRepresenting memory can prevent security flaws 70 percent From serious vulnerabilities detected in Chromium. The language doesn’t guarantee the code’s vulnerability, but it could mean fewer potential flaws.
For what it’s worth, Google is working on it too Improving memory security in C++A language, its creator Bjarne Stroustrup insists, can be memory safe when it conforms to the ISO C++ standard and adheres to certain guidelines enforced by static analysis.
Jansens thanked Mozilla for supporting Rust’s development until it matured and receiving enough outside support to deserve it. its foundation. Mozilla has long been financially backed by Google, which pays as the default search engine in Mozilla’s Firefox browser. But as Chrome was eroding Firefox usage, the public interest company sought other sources of funding.
C++, the foundation of Rust and Chromium, can interact through tools such as: cxx, otocxx connecting, cbindgen, diplomatand slow progressexplained Jansens. These tools provide a safe way to call C++ code from Rust code and vice versa. However, there are limits to interoperability between the two languages due to differences in their respective designs.
“For example, Rust guarantees volatile memory security with static analysis based on two inputs: lives (inference or clearly written) and specific variability,” explained Jansens. “Second, it is incompatible with the way most of Chromium’s C++ language is written.”
Jansens observed that interoperability can easily go wrong, as Rust and C++ play by different rules. That’s why Google takes a cautious approach.
Initially, Google will support one-way C++ to Rust interoperability to control the shape of the dependency graph. “Rust cannot depend on C++, so it cannot know about C++ types and functions other than dependency injection,” Jansens explained. “This way, Rust cannot break into arbitrary C++ code, only functions passed from C++ via API.”
And for now, Chromium’s exposure to Rust will only be through third-party libraries.
However, Google’s deepening commitment to Rust can be expected to significantly enrich the Rust package ecosystem. slow progress To improve bidirectional interoperability between C++ and Rust.
Google has already brought Enter the Android ecosystem. Microsoft Azure CTO Mark Russinovich has called for the use of Rust instead of C++ in new projects. The Linux kernel added Rust support. And even Apple, which hates being tied to technologies it doesn’t control, uses Rust. ®