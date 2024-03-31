



Reflecting the evangelism of Rust and the tedium of C/C++ over the past two years, Google has announced that Rust is better in production and its developers are twice as productive using the language compared to C++. is reported to be obtained.

Speaking at the Rust Nation UK Conference in London this week, Lars Bergstrom, Google's Director of Engineering, Android Platform Tools and Libraries, said he is one of the web's leading engineers who has migrated projects written in Go or C++ to the Rust programming language. I described the experience of the giant.

Bergstrom provided early reports that Dropbox in 2016 and Figma in 2018 were rewriting code with memory-safe Rust, and questions about productivity and the language subsided, but questions about its reliability and security remained. He said concerns remain.

“Even six months ago, this was a really difficult conversation,” he said. “When I go and talk to people, they say, 'Wait, wait, you have a 'dangerous' keyword.' That means we should all be writing C++ until the heat death of the universe occurs. ”

However, Bergstrom argued that there is a shift in awareness across the software development ecosystem about the challenges of using non-memory safe languages. Such messages are now coming from government authorities in the United States and other countries who understand the role software plays in critical infrastructure.

The reason is that the majority of security vulnerabilities in large codebases can be traced to memory security bugs. And since properly implemented Rust code can largely, if not completely, avoid such problems, memory safety is now much like a national security issue.

Back in September 2022, Microsoft Azure CTO Mark Russinovich argued that software projects that might have started in C/C++ should use Rust instead. This recommendation has now expanded beyond greenfield projects to calls for reworking older code written in non-memory-safe languages.

Earlier this year, Microsoft was recruiting developers to help port their C# code to Rust. Also, his Prossimo project at the Internet Security Research Group (ISRG) is rewriting core open source elements of critical libraries (NTP, DNS, TLS, etc.) in Rust to ensure memory safety.

There was pushback from C++ creator Bjarne Stroustrup and others. Response to NSA memo November 2022 [PDF] Mr. Stolstrup, who advocates the security of memory, argued [PDF] With the right tools, C++ can match Rust's memory safety guarantees “at a fraction of the cost of changing to various new 'safe' languages.”

And in February, when the Office of the National Cyber ​​Director released a report, [PDF] Regarding security software, some public commenters said that memory safety is part of a broader software security challenge and should not be considered the answer to everything.

For example, Carnegie Mellon University's Software Engineering Institute emphasized that all programming languages ​​have trade-offs and that the choice of programming language should be based on suitability for the purpose.

“Most memory-safe languages ​​do not prioritize timing performance, making them unsuitable for use cases with strict performance and timing requirements,” the software group claims.

“Also, as with any programming language, developers must learn the correct workings of the language, including syntax, semantics, constructs, idioms, and tools. Otherwise, memory-related vulnerabilities will be reduced. There may be unforeseen trade-offs in increased vulnerabilities or other types of defects.”

Software security is about more than just memory safety, but the cost benefits that Stroustrup claims can be realized by continuing to use existing C++ infrastructure are currently being leveraged by Rust adopters such as Google. We are faced with a counterexample.

No loss of productivity – quite the opposite

Chocolate Factory has shown notable benefits by converting Go code that is considered memory-safe but not very performant to Rust.

“When we rewrote the system from Go to Rust, we found that it took about the same size team and about the same amount of time to build,” Bergstrom said. “So moving from Go to Rust doesn't hurt your productivity, and what's interesting is that you get some benefits from it.

“So we see a decrease in memory usage for services migrated from Go, and a decrease in defect rates and improved accuracy over time for services rewritten in Rust.”

More important, Bergstrom said, is the comparison to rewriting C++ code to Rust.

“In both cases, we found that the effort required not only to build services in Rust, but also to maintain and update services written in Rust, was more than doubled,” he said. .

“This is a big deal for us because C++ code is very expensive. They're a large team. It's a lot of work and there's a lot of risk.”

Bergstrom said Google is also undergoing a similar transition to move developers from Java to Kotlin, and that retraining of developers will be required both from Java to Kotlin and from C++ to Rust. Said the time is similar. This means that approximately one-third of developers feel as productive in their new language as they were in their old language within two months. And about four months later, half of developers said the same thing, based on an anonymous internal survey.

According to Bergstrom, just over half of developers say Rust is easier to review.

“When you look at why, you come to the most incredible question in the study, the one that surprised all of us, and that's the confidence people have in being right,” he said. . Comparing the Rust code they're looking at with code in other languages, how confident are you that his Rust code on your team is correct?”

Bergstrom said the answer was 85 percent.

“That's a huge number,” he said. “We couldn't get 85% of this room to agree that we like M&M's. 85% of people think their Rust code is more correct than the other code in their system. I believe it's likely. I've had more than one experience. I've done research on languages ​​in my life, but I've never seen numbers like that.”

