Why 2021 Will be a ‘Rust’y Year for System Programmers

Disclaimer: This blog post does not make recommendations on when you should or should not use Rust. It offers an elaborate overview on the state of Rust in the industry with a bit of the language capabilities and differentiators sprinkled along the way.

In recent years, Rust has gained a significant fan following. And for good reason. Rust aims to be a credible alternative to C++ for system programming needs. It addresses many of the inherent limitations in C++ such as memory safety and thread safety issues often leading to the infamous segmentation faults. Rust aims to bring the power of high level languages to meet low level systems programming needs.

In many cases, memory safety errors have been the root cause of security exploits. For perspective, think of this number – “About 70% of all CVEs at Microsoft are memory safety issues“. C/C++ programmers run into memory related errors all the time – use of uninitialized memory, use after “freeing” memory and buffer overruns. Another tricky source of errors are data races and race conditions – unpredictable use of data based on the sequence in which the reads/writes are made.

Rust is an open-source systems programming language that focuses on speed, memory safety and parallelism.

Three words define Rust – Safe, Concurrent and Fast. The goal is to prevent memory safety errors from being introduced in the first place.

Screenshot of a simplistic example of how Rust catches memory errors at compile time – the actual scenarios are more complex which is where the built-in features should come in handy.

Source: Talk by Steve Klabnik (@SteveKlabnik)

At its core, C++ is not a memory safe language although modern variants introduce more safeguards. Given that C/C++ is used to build much of the core platform components, this is concerning to say the least.

Who uses Rust

Source: Ryan Levick’s presentation

There are quite a few applications of Rust in production. I will count two of them here – operating systems as an example of systems program and Firefox Servo as an example of high concurrency.

Amazon Firecracker, an open source virtualization technology that powers AWS Lambda and AWS Fargate is written in Rust. The aim was to take advantage of thread safety of Rust and prevent buffer overrun errors that can lead to security vulnerabilities.

Other AWS services include Amazon Simple Storage Service (Amazon S3), Amazon Elastic Compute Cloud (Amazon EC2), Amazon CloudFront, Amazon Route 53.

Operating systems

AWS launched Bottlerocket, a Linux-based container operating system written in Rust. Bottlerocket includes only the essential software to run containers, which improves resource usage and reduces the attack surface.

The TCP/IP stack for Google Fuchsia OS is written in Rust. Fuchsia has a modular kernel architecture with some components written in C++, some in Go and others in Rust. This speaks to Rust’s ability to interplay with components written in other languages to help implement a modular kernel architecture.

Source: https://blog.quarkslab.com/playing-around-with-the-fuchsia-operating-system.html

Firefox takes advantage of the built-in, compile-time support for parallelism in Rust in its new CSS engine (Quantum CSS). Parallelism in the context of a web browser means you are trying to parallelize all of the different parts of rendering a web page. Parallelism is difficult because it introduces “race conditions” which are difficult to identify and difficult to troubleshoot. This is where the power of Rust shines – Rust compiler statically verifies the code to prevent race conditions during compile time.

Source: https://hacks.mozilla.org/2017/08/inside-a-super-fast-css-engine-quantum-css-aka-stylo/

WebAssembly adds new functionality to web applications by bringing compiled code to the browser. WebAssembly allows you to take functionality written in a compiled language, such as C++ and Rust and safely run it within your web browser.

Check out an insightful video of Ryan Levick at Microsoft offering a primer on Rust and what Microsoft is up to with Rust.

Rust offers the industry’s best chance to creating a safe systems programming language.

– Ryan Levick, Microsoft

What changed in 2020

Rust was originally conceived as a Mozilla research project and was until recently the single official sponsor of the [open source Rust] project. However, in August 2020, it laid off 250 people which included  folks who are active members of the Rust project and the Rust community.

A couple of Rust maintainers are joining Amazon and Facebook to lead their newly created Rust teams. Niko Matsakis  (@nikomatsakis) joined Amazon and Patrick Walton (@pcwalton) joined Facebook as Rust team tech leads. In addition, Rust foundation is being incorporated as an independent entity but it is not yet clear who the sponsors will be. Its current list of sponsors include Sentry, GitHub, Google Cloud, Amazon Web Services, Mozilla and Microsoft. GitHub and Azure host the repo and CI infrastructure.

Check out the Foundation FAQ for more details.

Rust Differentiators

1. Unlike Java, Rust’s design does not require a garbage collector. Not requiring a garbage collector means you don’t incur runtime performance penalties esp. on low power hardware.
2. Compile time verification for thread-safety and memory safety. I think this is the single-most important differentiator since you are no longer relying on runtime checks.
3. Systems programming should shift-left exception handling to compilation time and preempt programmers from making mistakes in the first place. Doesn’t allow Nulls and doesn’t support Exceptions.
4. Availability of a package manager out of the box and integrates with the rest of the ecosystem – much like Python – but this has not been available to system programming languages before.
5. Zero cost abstractions – i.e. performance and safety in higher level languages often require a tradeoff because of the overhead of abstractions. Think reference counted pointers and runtime checks.

Rust Cautions

For all the goodness, it does involve a steep learning curve before you become fully productive. In addition, it is unlikely that organizations will rewrite all existing software using Rust but will rather use it to build new components that integrate with the current ecosystem. Therefore, interoperability across libraries, components and toolchains becomes a key consideration and challenge.

Check out this Sub-Reddit survey (r/adventofcode) where Rust comes in the 2nd most used language behind Python.

Tooling

• Cargo is Rust’s build system
• Rust uses the LLVM compiler

Evidence:

• https://research.mozilla.org/rust/
• https://doc.rust-lang.org/book/title-page.html 
• https://doc.rust-lang.org/stable/rust-by-example
• https://blog.rust-lang.org/2020/08/18/laying-the-foundation-for-rusts-future.html
• https://aws.amazon.com/blogs/aws/firecracker-lightweight-virtualization-for-serverless-computing/
• https://aws.amazon.com/blogs/opensource/why-aws-loves-rust-and-how-wed-like-to-help/
• Brilliant talk by Ryan Levick – Rust at Microsoft

Trivia

Do you know the [unofficial] mascot for Rust? Click here 🙂