Google recently rewrote the firmware for protected virtual machines in its Android Virtualization Framework using the Rust programming language and wants you to do the same, assuming you deal with firmware.

In a write-up on Thursday, Android engineers Ivan Lozano and Dominik Maier dig into the technical details of replacing legacy C and C++ code with Rust.

“You’ll see how easy it is to boost security with drop-in Rust replacements, and we’ll even demonstrate how the Rust toolchain can handle specialized bare-metal targets,” said Lozano and Maier.

Easy is not a term commonly heard with regard to a programming language known for its steep learning curve.

Nor is it easy to get C and C++ developers to see the world with Rust-tinted lenses. Just last week, one of the maintainers of the Rust for Linux project - created to work Rust code into the C-based Linux kernel - stepped down, citing resistance from Linux kernel developers.

“Here’s the thing, you’re not going to force all of us to learn Rust,” said a Linux kernel contributor during a lively discussion earlier this year at a conference.

  • eronth@lemmy.world
    link
    fedilink
    arrow-up
    7
    ·
    3 months ago

    Rust is one of those things that every time I look into it, I don’t really follow what makes it so good. What’s a good starter project to learn the language and get a sense of what makes it worthwhile over the established stuff?

    • FizzyOrange@programming.dev
      link
      fedilink
      arrow-up
      4
      arrow-down
      1
      ·
      3 months ago
      1. If your alternative is C++ then it removes the enormous burden of manually tracking lifetimes and doing manual memory management. C++ does have RAII which helps with that enormously but even then there are a gazillion footguns that Rust just doesn’t have - especially with the newer stuff like rvalue references, std::move, coroutines etc. It also saves you from C++'s dreaded undefined behaviour which is everywhere.

      2. It has a very strong (and nicely designed) type system which gives an “if it compiles it works” kind of feel, similar to FP languages like Haskell (so they say anyway; I’ve not used it enough to know). The borrow checker strongly pushes you to write code in a style that somehow leads to less buggy code. More compiler errors, but much less debugging and fixing bugs.

      3. The libraries and APIs are generally very well designed and nice to use. If you’ve ever used Dart or Go think how nice the standard library is compared to JavaScript or PHP. It took C++ like 2 decades to get string::starts_with but Rust started with it (and much more!).

      4. Fast by default.

      5. Modern tooling. No project setup hassle.

      6. It’s a value based language, not reference based. References are explicit unlike JavaScript, Java, C#, etc. This is much nicer and makes things like e.g. copying values a lot easier. JavaScript’s answer for ages was “serialise to JSON and back” which is crazy.

      Downsides:

      1. Slow compilation sometimes. I’d say it’s on par with C++ these days.

      2. Async Rust is kind of a mess. They shipped an MVP and it’s still kind of hard to use and has unexpected footguns, which is a shame because sync Rust avoids footguns so well. Avoid async Rust if you can. Unfortunately sometimes you can’t.

      3. Interop with C++ is somewhat painful because Rust doesn’t have move constructors.

      Great language overall. Probably the best at the moment.

      • ZILtoid1991@lemmy.world
        link
        fedilink
        arrow-up
        3
        ·
        3 months ago

        I would add to the downside that it’s not the best programming language for game development, etc. There was some blog post about how troublesome is it to develop games using Rust due to some of the features that are good in other areas, like the whole concept of “immutable by default”.

        I can also recommend D, if you want to deal with different issues, like the D Language Foundation fearing of change due to not wanting to deal with division from a new and incompatible version yet again, the GC being both a blessing and curse, if you want to go without a (tracing) GC you’ll need to go with a custom runtime that potentially missing many of its features, the attribute hell, etc.

        • PushButton@lemmy.world
          link
          fedilink
          arrow-up
          2
          arrow-down
          3
          ·
          3 months ago

          The guy doesn’t know what he is talking about.

          When someone is stating something like “best programming language”, you immediately know he’s fuck all and he’s trying to sell you something…

    • phoneymouse@lemmy.world
      link
      fedilink
      arrow-up
      3
      arrow-down
      2
      ·
      edit-2
      3 months ago

      Memory safety for one. C is very memory unsafe and that has been the source of a great, great number of software vulnerabilities over the years. Basically, in many C programs it has been possible to force them to execute arbitrary code, and if a program is running with root privileges, an attacker can gain full control over a system by injecting the right input.

      I have very limited knowledge of rust, but from what I remember writing memory unsafe programs is nigh impossible as the code won’t really even compile. Someone else with more knowledge can probably give more detail.