The company had preferred languages like Java and Kotlin as the best options for Android app development, and with the Android OS use of Java extensively, thereby protecting large portions of the Android platform from memory safety bugs.
However, Java and Kotlin languages aren't an option for the lower layers of the Android OS, with code written in C and C++ languages requiring robust isolation when parsing untrustworthy input, the technique of containing the code in a strictly constrained sandbox can be expensive, and results additional memory usage and latency issues.
What Rust Programming Language brings to the table
Rust programming language provides memory safety guarantees through a combination of compile-time checks that enforce object lifetime/ownership and runtime checks which ensures that every memory access is valid.
Given the memory safety bugs in C and C++ which constitutes about 70% of all high severity security vulnerabilities in Android, the idea to switch to a memory-safe language like Rust is to prevent such from happening in the first instance.
Albeit, Google would not have to rewrite all of its existing C and C++ code into the underlying OS, but rather to focus its memory-safe language efforts on new or recently modified code with higher likelihood of memory bugs.
Some other efforts at Memory Safety with Rust Language
Microsoft has been working on new ‘memory safe’ programming language, which internally is referred to as “Safe Infrastructure Programming” based on Rust language.
The experiment with the Rust language is in a bid to improve its software, under Project Verona initiative, as Rust programming language is better than the C/C++ languages commonly used to write micro-controller firmware.
No comments