Is Rust the solution to all our problems - Google's Android team seems to think so and dubs Rust the "move fast and fix things" language.

It was Facebook that coined the "move fast and break things" meme of how programming should be done. Personally I've never liked it. The "move fast" part was fine, but I really didn't like the "break things" option. Now Jeff Vander Stoep, writing about Rust in Android on the Google Security blog, is suggesting that Rust might be the language I am looking for because a recent post claimed that:

"This year we look at how this approach isn’t just fixing things, but helping us move faster."

According to Vander Stoep the use of Rust has reduced memory safety vulnerabilities to below 20% of the total and the graph he presents is very convincing: 

And if you don't like pictures:

 "We adopted Rust for its security and are seeing a 1000x reduction in memory safety vulnerability density compared to Android’s C and C++ code. "

So far so good and you can see that a language that is designed to make memory access-safe might just achieve these results. What is slightly more surprising is:

"With Rust changes having a 4x lower rollback rate and spending 25% less time in code review, the safer path is now also the faster one."

The most surprising, to me at least, is the reduced time in code review - are we saying that that Rust is easier to understand? Or it could be that it is easier to see that the Rust is code is correct code because of  it its restrictions? It seems that Rust requires 20% fewer revisions than C++.

The Google team is curious enough to try to find out what is going on. It claims that Rust and C++ have a similar functional density, but perhaps Rust is tiny bit more dense. It is also more stable in the sense that changes aren't rolled back as often as C++ changes - a 4x lower rate than C++. 

It does seem, anecdotally, that Rust is easier to understand than C++ as a survey of programmers revealed that they thought that Rust was easier to review and more likely to be correct in the first place.  It seems that:

"Historically, security improvements often came at a cost. More security meant more process, slower performance, or delayed features, forcing trade-offs between security and other product goals. The shift to Rust is different: we are significantly improving security and key development efficiency and product stability metrics."

Google really does make Rust sound like the wonder cure, but it is important to notice that this seems to be very much a comparison between Rust and C++. Rust isn't really as object-oriented as C++, it has traits and uses composition rather than inheritance. I really see Rust a more like a memory-safe C than a memory-safe C++ although I can see that this is arguable.

Could it be that the reason that Rust is easier to review is that it doesn't have the bloat of C++? The paradox of Rust is that it is both a more sophisticated language than C++ and a simpler language than C++. I'd like to see some results about Rust v C and, as it makes its way into the Linux kernel, we might actually see some. For now we can only really conclude that Rust has advantages over C++; not that Rust is good in all possible ways.

More Information

Rust in Android: move fast and fix things

Related Articles

Rust Twice As Productive As C++

The Fuss About Fil-C...

Google Donates $1M To Rust

Microsoft Making C Safe - Checked C

The Feds Want Us To Move On From C/C++

DARPA Wants All C Converted To Rust

Is Rust Safe?

Can C++ Be As Safe As Rust?

Safe C++ Loses Out To Profiles

Bjarne Stroustrup Defends C++ As Safe

To be informed about new articles on I Programmer, sign up for our weekly newsletter, subscribe to the RSS feed and follow us on Twitter, Facebook or Linkedin.

Comments

Make a Comment or View Existing Comments Using Disqus

or email your comment to: comments@i-programmer.info