Shulou(Shulou.com)06/03 Report--

This article introduces the knowledge of "Why to use Rust to write system code". Many people will encounter such a dilemma in the operation of actual cases, so let the editor lead you to learn how to deal with these situations. I hope you can read it carefully and be able to achieve something!

As a quite perfect mobile operating system, Android system involves many components. Broadly speaking, it can be divided into two parts, the application ecology and the operating system itself. For developers, the programming language of choice will vary depending on the part of Android being developed.

Java and Kotlin are popular choices for application developers, while C and C++ are popular choices for developers engaged in operating systems and internal infrastructure. Today, Google has added the third option for operating system developers-Rust, because Android Open Source Project now supports the Rust programming language to develop operating systems.

C and C++ restrictions

The bottom layer of Android system needs system programming languages such as C and C++. These languages provide developers with control and predictability, which is important when accessing low-level system resources and hardware. Unfortunately, C and C++ do not provide memory security guarantees, making them vulnerable to errors and security vulnerabilities. Developers have a responsibility to manage memory lifetime in these languages, but in a complex and multithreaded code base, this is easier said than done.

C and C++ together make up tens of millions of lines of code on the Android platform. These memory security vulnerabilities have become the most difficult source of code errors, accounting for about 70% of Android high-severity security vulnerabilities. Simply fixing these bug is not enough to deal with the problem, and a better way is to prevent these bug in the first place.

Due to the lack of memory security, developers are forced to run Android processes within the strictly restricted and unprivileged sandboxie. But sandboxie's cost of resources is high, which consumes extra overhead and introduces delays. Sandboxie can not completely eliminate the loopholes in the code, and due to the high density of bug, sandboxie's efficiency will be reduced, further allowing attackers to chain multiple vulnerabilities.

Another limitation, which is not unique to C and C++, but applies to all memory security issues, is that the error state must be actually triggered in instrumented code before it can be detected. So even if your code is well tested, the actual bug may not be discovered. When bug is found, getting them repaired is another task, which involves a long and expensive process and may not be repaired correctly. As a result, bug testing becomes unreliable, and given these limitations, bug prevention is a better approach.

Rust and its advantages

Rust provides memory security by using a combination of compile-time and run-time checks to enforce the lifetime / ownership of objects and to ensure that memory access is valid. While implementing this security, it can also provide performance equivalent to that of C and C++. Rust also reduces the need for sandboxie, giving developers more room for overhead to introduce new features that are more secure and lightweight.

While Rust does have its benefits, it is not feasible to replace the entire Android operating system with Rust overnight. And it may not be necessary at all, because most Android memory errors occur in new or recently modified code, and about 50% of the code is less than a year old. Google believes that the work of its memory-safe language should be focused on new development, rather than rewriting mature C and C++ code.

What does switching to Rust mean for Android

Rust also focuses on preventing bug, rather than relying heavily on detecting bug, to improve the correctness of the code. It has several key features, such as memory security, data concurrency, a more expressive type system, default immutable references and variables, safer integer handling, better error handling in the standard library, and so on.

Google says it has been adding Rust support to Android open source projects for the past 18 months. But adding a new language to the Android platform is a huge project. Some tool chains and dependencies need to be maintained, test infrastructure and tools must be updated, and developers need to be trained.

This is the end of "Why use Rust to write system code". Thank you for reading. If you want to know more about the industry, you can follow the website, the editor will output more high-quality practical articles for you!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.