Google says replacing C/C++ in firmware with Rust is easy

Google recently rewrote the firmware for protected virtual machines in its Android Virtualization Framework using the Rust programming language and wants you to do the same, assuming you deal with firmware.

In a write-up on Thursday, Android engineers Ivan Lozano and Dominik Maier dig into the technical details of replacing legacy C and C++ code with Rust.

"You'll see how easy it is to boost security with drop-in Rust replacements, and we'll even demonstrate how the Rust toolchain can handle specialized bare-metal targets," said Lozano and Maier.

Easy is not a term commonly heard with regard to a programming language known for its steep learning curve.

Nor is it easy to get C and C++ developers to see the world with Rust-tinted lenses. Just last week, one of the maintainers of the Rust for Linux project - created to work Rust code into the C-based Linux kernel - stepped down, citing resistance from Linux kernel developers.

"Here's the thing, you're not going to force all of us to learn Rust," said a Linux kernel contributor during a lively discussion earlier this year at a conference.

Nonetheless, Google is encouraging those who are willing to do so. Citing the lack of high-level security mechanisms in firmware, which is often written in memory-unsafe languages such as C or C++, Lozano and Maier argue that Rust provides a way to avoid the memory safety bugs like buffer overflows and use-after-free that account for the majority of significant vulnerabilities in large codebases.

"Rust provides a memory-safe alternative to C and C++ with comparable performance and code size," they note. "Additionally it supports interoperability with C with no overhead."

The US government lately has been hammering on this theme, with support from leading tech firms and non-profit initiatives to rewrite critical open source projects and components in Rust. Witness the Cybersecurity & Infrastructure Security Agency recommendation last year that software vendors "make it a top-level company goal to reduce and eventually eliminate memory safety vulnerabilities from their product lines."

Google was already sold on the idea, having concluded that its Rust developers are twice as productive as its C++ engineers.

"We recognize Rust's critical role in building secure and reliable software at all levels of the stack," said Lars Bergstrom, director of engineering for Android Programming Languages at Google and chair of the Board of Directors of the Rust Foundation, in a statement provided to The Register.

"At Google, we're increasing Rust's use across Android, Chromium, and more to reduce memory safety vulnerabilities. We're dedicated to collaborating with the Rust ecosystem to drive its adoption and provide developers with the resources and training they need to succeed. This work on bringing Rust to embedded and firmware addresses another critical part of the stack." ®

Search
About Us
Website HardCracked provides softwares, patches, cracks and keygens. If you have software or keygens to share, feel free to submit it to us here. Also you may contact us if you have software that needs to be removed from our website. Thanks for use our service!
IT News
Oct 11
Oct 11
Tencent builds one NoSQL database to rule all data models

Tamed DB sprawl and saved cloudy resources with 'X-Stor'

Oct 11
GSA plows ahead with face matching tech despite its own reliability concerns

A week after saying remote ID verification tech is unreliable, the GSA is expanding access to other agencies

Oct 10
Microsoft admits Outlook crashes, says impact 'mitigated'

Users just need to 'refresh/restart' their sessions

Oct 10
AMD aims latest processors at AI whether you need it or not

Ryzen AI PRO 300 series leans heavily on Microsoft's Copilot+ PC requirements

Oct 10
Version 7.6 - the 'OpenBSD of Theseus' - released

Ideal for black-clad ultra-minimalist types. You probably wouldn't like it

Oct 10