Google throws $1M at Rust Foundation to build C++ bridges
Chocolate Factory matches Microsoft money for memory safety
Google on Monday donated $1 million to the Rust Foundation specifically to improve interoperability between the language and C++.
C++, a popular general purpose programming language, has arguably fallen out of fashion due to concerns over safety. Memory safety errors are the source of the majority of vulnerabilities for Google and Microsoft, and this has led to evangelism for memory-safe Rust and a scarlet letter for C/C++.
"Based on historical vulnerability density statistics, Rust has proactively prevented hundreds of vulnerabilities from impacting the Android ecosystem," said Dave Kleidermacher, Google VP of engineering, Android security and privacy, in a statement. "This investment aims to expand the adoption of Rust across various components of the platform."
Thanks to endorsements by industry figures like Microsoft Azure CTO Mark Russinovich, and from public sector figures like CISA director Jen Easterly, not to mention industry efforts like ISRG's Prossimo, there's pressure on software developers to consider Rust and other memory-safe languages where suitable.
Lars Bergstrom, director of Android platform tools and libraries and chair of the Rust Foundation Board, announced the grant and said that the funding will "improve the ability of Rust code to interoperate with existing legacy C++ codebases."
Bergstrom told The Register that interoperability with C++ represents one of the biggest obstacles to broader adoption of Rust for Google and other organizations.
"This is the most common hurdle all organizations have to overcome to increase their implementation of Rust," he said. "Many existing legacy code bases, as well as core libraries and services, are either written in C++ or only have APIs available in C++, Java, Go, or Python. Integrating Rust today is possible where there is a fallback C API, but for high-performance and high-fidelity interoperability, improving the ability to work directly with C++ code is the single biggest initiative that will further the ability to adopt Rust."
- Microsoft seeks Rust developers to rewrite core C# code
- Dump C++ and in Rust you should trust, Five Eyes agencies urge
- Rusty revenant Servo returns to render once more
- Google Go language goes with opt-in telemetry
Google's Chromium project consists largely of C++ code, and Android uses the language too, alongside Java and others.
According to Bergstrom, Google's most significant increase in the use of Rust has occurred in Android, where interoperability started receiving attention in 2021, although Rust is also being deployed elsewhere.
Google has also been working to make developer tools like cxx, autocxx, bindgen, cbindgen, diplomat, and crubit handle communication between Rust and C++ code.
Bergstrom said that as of mid-2023, Google had more than 1,000 developers who had committed Rust code, adding that the ad giant recently released the training material it uses.
"We also have a team working on building out interoperability," he added. "We hope that this team’s work on addressing challenges specific to Google’s codebases will complement the industry-wide investments from this new grant we’ve provided to the Rust Foundation."
Google's grant matches a $1 million grant last November from Microsoft, which also committed $10 million in internal investment to make Rust a "first-class language in our engineering systems." The Google-bucks are expected to fund further interoperability efforts, along the lines of KDAB's bidirectional Rust and C++ bindings with Qt.
Rebecca Rumbul, executive director and CEO of the Rust Foundation said in a statement that while Rust offers technical advantages, it's unrealistic to expect organizations to abandon existing codebases. The Rust Foundation has also created a new Interop Initiative to make it more simpleto integrate Rust into existing C++ projects and workflows. ®