Rust: Memory Safety, High Performance, Pick any Two
This control comes with the responsibility to make programs safe and secure, which is not easy: Microsoft recently published a study showing that 70% of all its patches addressed memory safety bugs. In a nutshell, these memory safety bugs are caused by multiple entities in a program taking ownership over the same piece of memory. Disagreements on the lifecycle, size or shape of a piece of memory can result in arbitrary code execution and from there, a full system compromise.
One of the programming languages thas has recently gained traction in the industry is Rust. In Rust, ownership of memory is explicit: a piece of memory may only have one owner at any given time. This means that the memory safety issues from above are by definition impossible: the Rust compiler will signal a compile error. Explicit ownership also improves programmers’ ability to reason about multi-threaded programs, where concurrent access to shared data is a constant source of headaches. The net benefit is that programmers can deliver software with fewer bugs, quicker.
How to get started
Despite all the advantages of Rust, few people are advocating for rewriting existing codebases in Rust or mandating it for all new projects. The programming languages mentioned at the beginning of this blog post still have their place and their vast ecosystems of libraries. Rust is not going to displace these any time soon. Instead we expect that the native libraries underneath will become “oxidized”, either gradually or as rewrites. The Android operating system is a good example of this philosophy. In Android 13, 21% of all new native code was written in Rust — most notably media components which need to decode untrusted inputs at high speeds. The Firecracker project (mentioned earlier here) is exclusively written in Rust for the same purpose. Microsoft is similarly using Rust for new Windows low-level components and rewriting existing components as needed.
Since Rust is supported by the major platforms and the toolchain is mature, the best way to get started as a company is use cases where Rust’s strengths are needed: code that is security-critical, performance-critical, or both.