It’s confirmed: The Linux kernel will have Rust support soon. Also this week, Microsoft’s Azure CTO said the age of C++ is over—Rust is the future.
Fast, memory-safe code without garbage collection? Walk this way, say Linus Torvalds and Mark Russinovich.
The momentum is surely unstoppable. In this week’s Secure Software Blogwatch, we see both sides.
Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: Physical Karaoke.
The time is now
What’s the craic? Steven J. Vaughan-Nichols reports — “Linus Torvalds: Rust will go into Linux 6.1”:
“Rust on Linux has gotten much more mature”
The Rust in Linux debate is over. The implementation has begun. … The Rust programming language entering the Linux kernel has been coming for some time.
It took a while to convince the top Linux kernel developers. … But, in the end, it was decided that Rust is well enough supported in the Clang — the C language family compiler front end — to move forward.
It also helped Rust's case that — thanks to the ground-breaking work of … Miguel Ojeda — Rust on Linux has gotten much more mature. In addition, Andreas Hindborg … showed you could write a first-rate driver, an SSD NVM-Express (NVMe) driver … in Rust.
Where the Linux kernel team goes, others will follow? Thomas Claburn — “In Rust We Trust”:
“Less prone to potential memory corruption bugs”
Microsoft Azure CTO Mark Russinovich has had it with C and C++: … "Speaking of languages, it's time to halt starting any new projects in C/C++ and use Rust for those scenarios where a non-[garbage collected] language is required," he said. "For the sake of security and reliability, the industry should declare those languages as deprecated."
Rust, designed by as a hobby by Graydon Hoare, started taking shape at Mozilla in 2006 and debuted publicly in 2010. It began to attract serious attention as an alternative to C/C++ in 2015 with the release of Rust 1.0. Since that time, Rust has been the most loved programming language in the annual StackOverflow Survey seven years running … and has been integrated into projects at major technology companies.
Rust seems less prone to potential memory corruption bugs and this makes software less vulnerable. Microsoft has been talking about dumping C/C++ and exploring Rust at least since 2019. … According to Microsoft, about 70 percent of the CVEs it has patched since 2006 are due to memory safety issues. Eliminating those bugs would dramatically improve software security.
But what about performance? Nikolay Ivanov asks, “Is Rust C++-fast?”:
“Performance of Rust is similar to C++”
Rust is a relatively new system programming language that has been experiencing a rapid adoption in the past 10 years. Rust incorporates a memory ownership model enforced at compile time. Since this model involves zero runtime overhead, programs written in Rust are not only memory-safe but also fast.
Multiple existing benchmarks comparing the performance of Rust with other languages focus on rarely used superficial algorithms, leading to somewhat inconclusive results. In this work, we conduct a comparative performance benchmark of Rust and C++ using commonly used algorithms and data structures.
Our evaluation shows that the overall performance of Rust is similar to C++, with only minor disadvantage. We also demonstrate that in some Rust routines are slightly faster than the ones of C++.
ELI5? DrYak explains like you’re five-ish:
One way to look at Rust is as a distant cousin of C++, except where all the memory safety features (shared pointers, bound-checked accessors to vectors, etc.) are mandatory and you need special steps to bring back good old pointers and arbitrary memory locations.
Fine if you’re building a new thing, but what about adding to an existing thing? HildyJ is skeptical:
Rust is currently the language of choice for new projects that would have previously been written in C/C++. But migrating an existing system from C/C++ to Rust is difficult. It is a replacement for C/C++, not a successor.
In July … Google announced it is working on Carbon as a successor which will be backward compatible with C/C++. [But] rest assured that bad programmers will still be able to write bad code regardless of the language.
However, others disagree. mr_eel slides into your DMs:
It's not a magic bullet … but Rust was built with interoperability with C/C++ in mind. Many Rust projects are built with C/C++ dependencies. Mozilla's use of Rust in Firefox is a good example of gradual adoption and interoperability.
Aside from memory safety, what else is nice about Rust? u/phazer99 suggestifies thuswise:
Regarding error handling, I think Rust's model is much superior to C++ exceptions. Code that can fail and code that cannot fail are different beasts, and in Rust the difference is clear. The advantage with Result compared to checked exceptions (a la Java) is that a result is a normal value which can be mapped, filtered, stored etc.
I use the ?-operator or map value or error to some other type. … Also, in the future there will be try blocks, but for the moment you can break out the code to a separate function.
I think Rust is superior to C++ in pretty much every regard and would hate to go back to developing in C++ (which I've done for 20+ years previously).
But gweihir holds back from the cheeleading throng:
Let's see how it goes. [SJVN] states, "The debate is over." That is obviously far from the truth.
Linux gives the Rust people enough rope to hang themselves. Whether they do or not will be interesting to see and is impossible to predict at this time. Rust has some major issues it needs to overcome.
If there is general consent in a year or so that this was a successful move, I will give Rust a chance. Before, not so much.
Meanwhile, after reading Russinovich’s road-to-Damascus tweet, Dr.Kaan Gündüz — @calimelo — makes this epic Dad joke:
Another one bites the Rust.
- Learn more about Secure Dev & DevSecOps
- Get up to speed on the SBOM's evolution
- Download report: NVD Analysis 2022 — A Call to Action on Supply Chain Security
- See survey report: Tampering top of mind for dev — but detection lags
You have been reading Secure Software Blogwatch by Richi Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites … so you don’t have to. Hate mail may be directed to @RiCHi or email@example.com. Ask your doctor before reading. Your mileage may vary. Past performance is no guarantee of future results. Do not stare into laser with remaining eye. E&OE. 30.