Google recently rewrote the firmware for protected virtual machines in its Android Virtualization Framework using the Rust programming language and wants you to do the same, assuming you deal with firmware.
In a write-up on Thursday, Android engineers Ivan Lozano and Dominik Maier dig into the technical details of replacing legacy C and C++ code with Rust.
“You’ll see how easy it is to boost security with drop-in Rust replacements, and we’ll even demonstrate how the Rust toolchain can handle specialized bare-metal targets,” said Lozano and Maier.
Easy is not a term commonly heard with regard to a programming language known for its steep learning curve.
Nor is it easy to get C and C++ developers to see the world with Rust-tinted lenses. Just last week, one of the maintainers of the Rust for Linux project - created to work Rust code into the C-based Linux kernel - stepped down, citing resistance from Linux kernel developers.
“Here’s the thing, you’re not going to force all of us to learn Rust,” said a Linux kernel contributor during a lively discussion earlier this year at a conference.
2024: Google says replacing C/C++ with Rust is easy
2025: Google buys Rust
2026: Google shuts down Rust
One of the deep-pocketed founding members of the Rust Foundation says it’s easy. I’m surprised.
Your mom is easy… said the deep-pocketed founding member of the Rust Foundation.
Clearly Rust is a conspiracy.
Clearly Rust is a conspiracy.
Anyone in software development who was not born yesterday is already well aware of the whole FOMO cycle:
- hey there’s a shiny new tool,
- it’s so fantastic only morons don’t use it,
- oh god what a huge mistake I did,
- hey, there’s a shiny new tool,
Yeah, because the new tools are never actually better, right? If condescending luddites like you had your way we’d still be living in the literal stone age. At every step of the way, people like you have smugly said that the older, more established ways of doing things were good enough and new ways were just a fad that would die out.
Your favorite language was dismissed as fad when it was new. High level languages were a fad. Computing was a fad. Electricity was a fad. See a pattern?
Nice job projecting with the “only morons” bit, BTW, when it is in fact you who started off by denigrating people whose preferences are different from yours.
Yeah, because the new tools are never actually better, right?
Well, yes. How many fads have come and went? How many next best things already died off? How many times have we seen the next best thing being replaced by the next best thing?
And yet, most of the world still runs on the same five languages: C, Java, C++, C#, JavaScript.
How do you explain that, with so many new tools being so much better than everything?
Might it be because fanboys tend to inflate their own definition of “actually better”, while turning a blind eye to all the tradeoffs they need to pretend aren’t there?
And yet, most of the world still runs on the same five languages: C, Java, C++, C#, JavaScript.
Did you just assume that those languages exists since the dawn of computing? Or they run the world as long as they came to existence and were never “the new thing”? You are just contradicting yourself at this point to defend yourself from anything you don’t want to accept.
I’m old enough to remember when 4 of those 5 languages were the hot new thing. You’d have had me ignore them all and keep using C for everything. If I had done that I wouldn’t have even landed my first job.
You’d have had me ignore them all and keep using C for everything.
Please tell me which language other than C is widely adopted to develop firmware.
You’re talking about so many up-and-comers during all these decades. Name one language other than C that ever came close to become a standard in firmware and embedded development.
Right.
Wut? They’re a member, because they find Rust useful. This is just them saying another time that they find Rust useful.
While they (and everyone using Rust) will benefit off of more people using Rust, it’s not like they have a vested interest to the point of spreading misinformation.
Here’s the thing, you’re not going to force all of us to learn Rust
That seems like a poor attitude imo.
A valid point tho. Generally it is difficult to ask everybody to learn a new language.
I mean, I work as a software engineering and if I’m not doing continuing ed, be it about architecture, storage, or new languages, I’m going to be of less value in the marketplace. I’ve learnt languages I didn’t particularly want to in the past for work (though I generally came to tolerate or even like some of them. Not lua, though; lua can go to hell).
If Rust truly is the better, safer option, then these people are holding everything back.
“learn Rust” in this case is learn it to a level where all of the little behaviour around cross language integrations are understood and security flaws won’t be introduced. Expert level.
It’s not “I did a pet project over the weekend”.
You are correct and I am aware of that. However, it also seems that they both refuse to learn it and refuse to work with people at that expert level based on the recent drama, which seems very much like holding things back to me.
C/C++ is the bedrock of our modern civilization in some ways more fundamental than actual bedrock, the first step in getting any OS running is making it run C and after that you are basically done, it’s not surprising that developers resist, if nothing else it’s a common language, and standards are hard to change on the best of days. This isn’t just learning a language, it’s a complete paradigm shift.
The bedrock of modern civilizations is expensive to develop, buggy and unergonomic though.
If you make C run, you probably (I’m not sure, would have to verify) can make rust run. And if there isn’t yet, there will probably soon be a C compiler written in rust, so you can choose to bootstrap from wherever you prefer.
C’s ABI will probably last longer than C, since there is not a stable rust ABI though.
Fortunately, they aren’t being asked to do that. All the rust team was requesting was metadata about the call signatures so that they could have a grasp on expected behavior.
Oh jeeze, you have no idea. You can watch it yourself: https://youtu.be/WiPp9YEBV0Q?si=b3OB4Y9LU-ffJA4c&t=1548
That timestamp is about where the audience member (a maintainer of ext4 and related utilities) starts speaking. The “here’s the thing” quote is around 28:40.
Wow what an absolute dick
I mean aren’t they forcing everyone else to learn C/C++ otherwise? If we follow that logic, at least
I guess you can argue it’s already written in C. So that was always a requirement.
That way we’ll just find maintainers went near extinct over time, just like COBOL developers that are as rare as they are expensive. Only Linux kernel isn’t a bank, and maybe will not have as much money to pay to rare developers capable of maintaining C codebase
That way we’ll just find maintainers went near extinct over time, just like COBOL developers that are as rare as they are expensive.
Care to take a shot at figuring out why COBOL is still used today?
I mean, feel free to waste your time arguing for rewrites in your flavor of the month. That’s how many failed projects start, too, so you can have your shot at proving them wrong.
But in the meantime you can try to think about the problem, because “rewrite it in Rust” is only reasonable for the types who are completely oblivious to the realities of professional software development.
That seems like a poor attitude imo.
Why do you believe that forcing something onto everyone around you is justifiable? I mean, if what you’re pushing is half as good as what you’re claiming it to be, wouldn’t you be seeing people lining up to jump on the bandwagon?
It’s strange how people push tools not based on technical merits and technological traits, but on fads and peer pressure.
It is literally being pushed for its technical merits and traits.
Memory safe code with comparable performance in the kernel seems like an absolute no brainer.
Also if you watch the video all he’s asking for is consistent interfaces for the file systems. He’s not even trying to get them to use rust. And the guy starts screeching about how he’ll code however he wants.
Is it wrong to expect a consistent and well documented interface?
Pretty sure C is actually being pushed against its technical merits here.
It’s wrong to force it. Most choices in history don’t end up with the best one being used. Beta was better than VHS for example. Rust people are very bad at convincing others to try it, and objectively many people just don’t want to or don’t like it for various reasons.
Personally I highly dislike the syntax. People like familiar things, and to me it’s just too different from C++.
If anything I think Swift will be an easier sell when the speed and cross-platform issues are solved.
I don’t think that everyone has to switch to rust or anything but “I dislike the syntax” and “I only want familiar things” are really bad arguments for not using a language. Try something outside of your comfort zone for a bit, it will help you grow as a programmer.
I think the point is they aren’t forcing it at all. It’s being used with the blessing of Linux Jesus and the others are just throwing their toys out of the pram because they don’t want to learn it.
Someone else linked the video on this post. They are rude as hell and the rust dev isn’t even asking them to use it.
Again I think that’s a bad attitude towards technology. Use the best tool for the job and you’d get used to the syntax pretty quickly.
It’s like someone who started on python not wanting to learn a c style language.
It starts with “no, you don’t have to learn it”,
to “your changes are breaking Rust stuff, let’s waste time together to fix it, else I call it ‘bad attitude’”
to “you better make your stuff that way if you don’t want to break Rust stuff (and waste your time me)”
to “do it my way, Rust is taking longer to fix and I would have to refactor all the code because of the lifetime cancer”
to the original senior kernel dev saying: “fuck it, I quit, the kernel is such a mess with the Rust BS” … People don’t want you at the party, make your own party with your own friends we don’t want you here
It’s not complicated.
I mean I’ve still yet to hear a reason not to use rust tbf.
But yes that’s what working in a team is like.
I have to do stuff at work so I don’t fuck over the frontend team. I don’t throw a little tantrum about it.
I mean I’ve still yet to hear a reason not to use rust tbf.
You can’t take NO as an answer, don’t you?
That’s bad attitude
Linux is not “work”; you surely don’t grasp the reality of the situation here.
And “tbf”, the incessant pushing of Rust from people like you is a perfectly fine reason to not use Rust…
Rust is one of those things that every time I look into it, I don’t really follow what makes it so good. What’s a good starter project to learn the language and get a sense of what makes it worthwhile over the established stuff?
Memory safety for one. C is very memory unsafe and that has been the source of a great, great number of software vulnerabilities over the years. Basically, in many C programs it has been possible to force them to execute arbitrary code, and if a program is running with root privileges, an attacker can gain full control over a system by injecting the right input.
I have very limited knowledge of rust, but from what I remember writing memory unsafe programs is nigh impossible as the code won’t really even compile. Someone else with more knowledge can probably give more detail.
-
If your alternative is C++ then it removes the enormous burden of manually tracking lifetimes and doing manual memory management. C++ does have RAII which helps with that enormously but even then there are a gazillion footguns that Rust just doesn’t have - especially with the newer stuff like rvalue references, std::move, coroutines etc. It also saves you from C++'s dreaded undefined behaviour which is everywhere.
-
It has a very strong (and nicely designed) type system which gives an “if it compiles it works” kind of feel, similar to FP languages like Haskell (so they say anyway; I’ve not used it enough to know). The borrow checker strongly pushes you to write code in a style that somehow leads to less buggy code. More compiler errors, but much less debugging and fixing bugs.
-
The libraries and APIs are generally very well designed and nice to use. If you’ve ever used Dart or Go think how nice the standard library is compared to JavaScript or PHP. It took C++ like 2 decades to get
string::starts_with
but Rust started with it (and much more!). -
Fast by default.
-
Modern tooling. No project setup hassle.
-
It’s a value based language, not reference based. References are explicit unlike JavaScript, Java, C#, etc. This is much nicer and makes things like e.g. copying values a lot easier. JavaScript’s answer for ages was “serialise to JSON and back” which is crazy.
Downsides:
-
Slow compilation sometimes. I’d say it’s on par with C++ these days.
-
Async Rust is kind of a mess. They shipped an MVP and it’s still kind of hard to use and has unexpected footguns, which is a shame because sync Rust avoids footguns so well. Avoid async Rust if you can. Unfortunately sometimes you can’t.
-
Interop with C++ is somewhat painful because Rust doesn’t have move constructors.
Great language overall. Probably the best at the moment.
I disagree with 5.
I am an electronics engineer, so admittedly only ever worked with C and Python scripting (and not a programmer by any means) but I literally stopped learning rust for embedded because every single tooling setup step was wrong or failed for both chips I was testing out (NRF chip and an esp32-C3). Maybe only embedded rust was still a mess tooling-wise, but I have no use case for learning userspace rust first. It would just be a waste of my limited free time 😅
I would add to the downside that it’s not the best programming language for game development, etc. There was some blog post about how troublesome is it to develop games using Rust due to some of the features that are good in other areas, like the whole concept of “immutable by default”.
I can also recommend D, if you want to deal with different issues, like the D Language Foundation fearing of change due to not wanting to deal with division from a new and incompatible version yet again, the GC being both a blessing and curse, if you want to go without a (tracing) GC you’ll need to go with a custom runtime that potentially missing many of its features, the attribute hell, etc.
The guy doesn’t know what he is talking about.
When someone is stating something like “best programming language”, you immediately know he’s fuck all and he’s trying to sell you something…
-