Google plans to support the use of third-party Rust libraries in its Chromium open-source browser project, a significant boost to the programming language and its security features.
In a blog posts published Thursday, Dana Jansens, of Chrome’s security team, said that Google’s software engineers have begun working on a production toolchain for Rust to its construction system. The hope is to include Rust code in the Chrome binary before the end of the year.
“Our goal in bringing Rust into Chromium is to provide a simpler (no IPC) and safer (less complex C++ overall, no memory safety bugs in a sandbox either) way to satisfy the rule of twoto speed up development (less code to write, less design documents, less security review) and improve security (increase the number of lines of code without memory security bugs, reduce the error density of code) for Chrome,” explained Jansens.
Rust, when not written to be uncertaincan avoid memory security flaws, which represent 70 percent of the serious security bugs identified in Chromium. The language does not guarantee code vulnerability, but it can mean many fewer potential flaws.
For what it’s worth, Google has also been working on it improve memory safety in C++a language that creator Bjarne Stroustrup insists can be memory-safe when it conforms to the ISO C++ standard and follows specific guidelines enforced by static analysis.
Jansens thanked Mozilla, which supported the development of Rust until it matured and attracted enough external support to merit its own foundation. Mozilla has long been financially supported by Google, which pays off as the default search engine in Mozilla’s Firefox browser. But the utility has sought other sources of funding as Chrome eroded the use of Firefox.
Rust and C++, the foundation of Chromium, can interact through tools like cxx, autocxx binding gene, cbindgen, Diplomatand crubit, Jansens explained. These tools provide a safe way to call C++ code from Rust code and vice versa. But there are limits to interoperability between the two languages due to differences in their respective designs.
“For example, Rust guarantees temporal memory safety with static analysis based on two inputs: lifetimes (the conclusion or expressly written) and exclusive variability,” Jansens explained. “The latter is incompatible with the way the majority of Chromium’s C++ is written.”
Jansens observed that because Rust and C++ play by different rules, interoperability can easily go awry. That’s why Google is taking a cautious approach.
Initially, Google will support one-way C++ to Rust interoperability to control the shape of the dependency graph. “Rost cannot depend on C++ so it cannot know about C++ types and functions, except through dependency injection,” Jansens explained. “This way, Rust can’t land in arbitrary C++ code, only in functions passed through the API from C++.”
And for now, Chromium’s exposure to Rust will only be through third-party libraries.
Nonetheless, Google’s deepening commitment to Rust can be expected to significantly enrich the Rust package ecosystem, with the company developing and maintaining tools that crubit to improve bidirectional interoperability between C++ and Rust.
Google has already taken Rust into the Android ecosystem. Microsoft Azure CTO Mark Russinovich has called for the use of Rust rather than C++ in new projects. The Linux kernel has added Rust support. And even Apple, loathe to get involved in technologies it doesn’t control, has used Rust. ®
#Google #polishes #Chromium #code #layer #rust