We will only support third-party libraries for now.In this way, Rust can not land in arbitrary C++ code, only in functions passed through the API from C++. Rust can not depend on C++ so it cannot know about C++ types and functions, except through dependency injection. By limiting interop to a single direction, we control the shape of the dependency tree. Chromium is written in C++, and the majority of stack frames are in C++ code, right from main() until exit(), which is why we chose this direction. We will support interop in only a single direction, from C++ to Rust, for now.What the limits of safe, simple, and reliable interop might be.īased on our research, we landed on two outcomes for Chromium. Understanding the implications of incrementally moving to writing Rust instead of C++, even in the middle of our software stack. The Chrome Security team has been investing time into researching how we should approach using Rust alongside our C++ code. How Chromium Will Support the Use of Rust We can expect that the shape of these limitations will change in time through new or improved tools, but the decisions and descriptions here are based on the current state of technology. We know that C++ and Rust can play together nicely, through tools like cxx, autocxx bindgen, cbindgen, diplomat, and (experimental) crubit. Rust has been an incredible proof that we should be able to expect a language to provide safety while also being performant. Thank you Mozilla for your huge contribution to the systems software industry. Rust was developed by Mozilla specifically for use in writing a browser, so it’s very fitting that Chromium would finally begin to rely on this technology too. And we believe that we can use third-party Rust libraries to work toward this goal. Our goal in bringing Rust into Chromium is to provide a simpler (no IPC) and safer (less complex C++ overall, no memory safety bugs in a sandbox either) way to satisfy the rule of two, in order to speed up development (less code to write, less design docs, less security review) and improve the security (increasing the number of lines of code without memory safety bugs, decreasing the bug density of code) of Chrome. In this blog post, we will discuss how we arrived at the decision to support third-party Rust libraries at this time, and not broader usage of Rust in Chromium. We’re starting slow and setting clear expectations on what libraries we will consider once we’re ready. This will enable us to include Rust code in the Chrome binary within the next year. To do so, we are now actively pursuing adding a production Rust toolchain to our build system. We are pleased to announce that moving forward, the Chromium project is going to support the use of third-party Rust libraries from C++ in Chromium. Posted by Dana Jansens (she/her), Chrome Security Team
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |