Google’s Chromium Project has acknowledged its growing interest in adding more Rust code to the mostly C++ Chromium codebase.
Rust is an open-source systems-oriented programming language championed by Mozilla that’s known for its memory safety, a characteristic of particular interest to developers interested in browser security.
The Chromium team makes clear that C++ is “the ruler” and that its current interest is having Rust code make calls into existing C++ rather than the other way around. But its recognition of Rust as a subordinate language suggests that Google devs want Rust to play a more prominent role in the Chromium court.
“Chrome engineers are experimenting with Rust,” the techies declared in documentation this month about Rust and C++ interoperability. “For the foreseeable future, C++ is the reigning monarch in our codebase, and any use of Rust will need to fit in with C++ — not the other way around. This seems to present some C++/Rust interoperability challenges which nobody else has faced.”
The page describes how Rust and C++ code should exchange data, which isn’t so straightforward due to differences between the languages. The Chromium team’s approach relies on a library published in January called cxx, created by Rust developer David Tolnay, which automatically creates bridges between C++ and Rust functions. You can do this by hand if you wish, though once you start juggling more than a few APIs – and Chromium has 1,700-plus – you should use a tool to avoid mistakes.
Robust Rust trust discussed after Moz cuts leave folks nonplussed: Foundation mulled for coding language
The Rust compiler catches during compile-time, among other things, potential memory access errors and refuses to build software that is hazardous, so that these bugs do not manifest nor are exploited during run-time. It is, for instance, rather strict on the use and passing of pointers. The C++ code a Rust function interacts with doesn’t come with the same level of guarantee. The role of cxx will be to help the two languages interoperate and exchange information in a well-defined and safe way.
Google engineers have been exploring Rust for years, but without any official endorsement of the language. Rust received a mention on the Chromium Project’s page about memory safety when it was first published back in May, but the page lacked the link to the project’s “Rust and C++ interoperability” post that appeared over the weekend. And Rust shows up before that in various posts to the Gerrit source code collaboration system used by the Chromium project.
Apple’s Swift programming language is also being explored as a way to create fewer unsafe memory bugs, though apparently not to the extent seen for Rust.
Google’s Fuchsia project has been more public in its affinity for Rust, declaring in March that the programming language “is approved for use throughout the Fuchsia Platform Source Tree,” except in the Zircon kernel. The Linux kernel project is also embracing Rust.
Google did not respond to a request for comment.
Rust, which earlier this year marked five years since its 1.0 release, has become something of a darling among programmers. It keeps winning popularity polls and continues to get favorable mentions from large companies looking to write more secure software without sacrificing rum-time speed.
On Tuesday, the Rust Project let it be known that a foundation will be formed by the end of the year to take over management of the language, a move to signal that Rust will be under stable, neutral management whatever happens at cash-strapped Mozilla.
“For now, Chrome investment in Rust will remain a background investigation (mostly directed towards prototyping these tools and techniques),” the Chromium team post says. “If we become convinced this sort of interoperability is possible, we’ll revisit widespread use of Rust in Chrome, and at that point we plan to work hard to achieve this with robust production-quality solutions.” ®
Rojenx is a leading concept artist who work appears in games and publications
Check out his personal gallery here