Why 2021 Will be a 'Rust'y Year for System Programmers

Share on facebook
Share on twitter
Share on linkedin
Disclaimer: This blog post does not make recommendations on when you should or should not use Rust. It offers an elaborate overview on the state of Rust in the industry with a bit of the language capabilities and differentiators sprinkled along the way. In recent years, Rust has gained a significant fan following. And for good reason. Rust aims to be a credible alternative to C++ for system programming needs. It addresses many of the inherent limitations in C++ such as issues related to memory safety and thread safety often leading to the infamous segmentation fault errors. It fundamentally aims to bring the power of high level languages to meet low level systems programming needs. In many cases, memory safety errors have been the root cause of security exploits as well. C/C++ programmers run into these errors all the time - use of uninitialized memory, use after "free''ing memory and buffer overruns. Fundamentally pointing to incorrect [illegal] access to memory locations. Another example is "data races" - unpredictable use of data based on the sequence in which the reads/writes are made. For perspective, think of this number - "About 70% of all CVEs at Microsoft are memory safety issues". Rust is an open-source systems programming language that focuses on speed, memory safety and parallelism. Three words define Rust - Safe, Concurrent and Fast. The goal is to prevent memory safety errors from being introduced in the first place. Screenshot of an example of how Rust catches memory errors at compile time: Source: Talk by Steve Klabnik (@SteveKlabnik) At its core, C++ is not a memory safe language although modern variants introduce more safeguards. Given that C/C++ is used to build much of the core platform components, this is concerning to say the least. Who uses Rust Source: Ryan Levick's presentation There are quite a few applications of Rust in production. I will count two of them here - operating systems as an example of systems program and Firefox Servo as an example of high concurrency. Amazon Firecracker, an open source virtualization technology that powers AWS Lambda and AWS Fargate is written in Rust. The aim was to take advantage of thread safety of Rust and prevent buffer overrun errors that can lead to security vulnerabilities. Other AWS services include Amazon Simple Storage Service (Amazon S3), Amazon Elastic Compute Cloud (Amazon EC2), Amazon CloudFront, Amazon Route 53. Operating systems AWS launched Bottlerocket, a Linux-based container operating system written in Rust. Bottlerocket includes only the essential software to run containers, which improves resource usage and reduces the attack surface. The TCP/IP stack for Google Fuchsia OS is written in Rust. Fuchsia has a modular kernel architecture with some components written in C++, some in Go and others in Rust. This speaks to Rust's ability to interplay with components written in other languages to help implement a modular kernel architecture. Source: https://blog.quarkslab.com/playing-around-with-the-fuchsia-operating-system.html Firefox takes advantage of the built-in, compile-time support for parallelism in Rust in its new CSS engine (Quantum CSS). Parallelism in the context of a web browser means you are trying to parallelize all of the different parts of rendering a web page. Parallelism is difficult because it introduces "race conditions" which are difficult to identify and difficult to troubleshoot. This is where the power of Rust shines - Rust compiler statically verifies the code to prevent race conditions during compile time. Source: https://hacks.mozilla.org/2017/08/inside-a-super-fast-css-engine-quantum-css-aka-stylo/ WebAssembly adds new functionality to web applications by bringing compiled code to the browser. WebAssembly allows you to take functionality written in a compiled language, such as C++ and Rust and safely run it within your web browser. Check out an insightful video of Ryan Levick at Microsoft offering a primer on Rust and what Microsoft is up to with Rust. Rust offers the industry's best chance to creating a safe systems programming language. - Ryan Levick, Microsoft   What changed in 2020 Rust was originally conceived as a Mozilla research project and was until recently the single official sponsor of the [open source Rust] project. However, in August 2020, it laid off 250 people which included  folks who are active members of the Rust project and the Rust community. A couple of Rust maintainers are joining Amazon and Facebook to lead their newly created Rust teams. Niko Matsakis  (@nikomatsakis) joined Amazon and Patrick Walton (@pcwalton) joined Facebook as Rust team tech leads. In addition, Rust foundation is being incorporated as an independent entity but it is not yet clear who the sponsors will be. Its current list of sponsors include Sentry, GitHub, Google Cloud, Amazon Web Services, Mozilla and Microsoft. GitHub and Azure host the repo and CI infrastructure. Check out the Foundation FAQ for more details. Rust Differentiators Unlike Java, Rust's design does not require a garbage collector. Not requiring a garbage collector means you don't incur runtime performance penalties esp. on low power hardware. Compile time verification for thread-safety and memory safety. I think this is the single-most important differentiator since you are no longer relying on runtime checks. Systems programming should shift-left exception handling to compilation time and preempt programmers from making mistakes in the first place. Doesn't allow Nulls and doesn't support Exceptions. Availability of a package manager out of the box and integrates with the rest of the ecosystem - much like Python - but this has not been available to system programming languages before. Zero cost abstractions - i.e. performance and safety in higher level languages often require a tradeoff because of the overhead of abstractions. Think reference counted pointers and runtime checks. Rust Cautions For all the goodness, it does involve a steep learning curve before you become fully productive. In addition, it is unlikely that organizations will rewrite all existing software using Rust but will rather use it to build new components that integrate with the current ecosystem. Therefore, interoperability across libraries, components and toolchains becomes a key consideration and challenge. How is the Rust Community Responding For five years running, Rust has taken the top spot as the most loved programming language in StackOverflow's Developer survey. For example, in the 2020 survey, 86.1 % of developers who are developing with the language or technology and have expressed interest in continuing to develop with it. That is almost twice the "vote of  love" that C++ received! Check out this Reddit survey (r/adventofcode) where Rust comes in the 2nd most used language behind Python. Tooling Cargo is Rust's build system Rust uses the LLVM compiler Evidence: https://research.mozilla.org/rust/ https://doc.rust-lang.org/book/title-page.html  https://doc.rust-lang.org/stable/rust-by-example https://blog.rust-lang.org/2020/08/18/laying-the-foundation-for-rusts-future.html https://aws.amazon.com/blogs/aws/firecracker-lightweight-virtualization-for-serverless-computing/ https://aws.amazon.com/blogs/opensource/why-aws-loves-rust-and-how-wed-like-to-help/ Brilliant talk by Ryan Levick - Rust at Microsoft Trivia Do you know the [unofficial] mascot for Rust? Click here :)

This post was originally published on this site

Source: Gartner Blog Network On:

Read On

About the author: CIO Minute
Tell us something about yourself.

Leave a Comment

CIO Portal