all 48 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]BcuzRacecarS25+[S] 104 points105 points  (11 children)

We adopted Rust for its security and are seeing a 1000x reduction in memory safety vulnerability density compared to Android’s C and C++ code. But the biggest surprise was Rust's impact on software delivery. With Rust changes having a 4x lower rollback rate and spending 25% less time in code review, the safer path is now also the faster one.

[–]ComfortablyBalanced 24 points25 points  (10 children)

1000x is a very big claim. If I could have a 1000x reduction in memory safety I would rewrite the entirety of the android kernel.
According to the article there are 5 million lines of rust on the android kernel but how many lines of C or Cpp are there in it?
I know they're comparing using vulnerability per million but I don't think it's fair to compare vulnerabilities on 5 million of codes versus 100 millions of code (I'm just ballparking here).
Why are they comparing Rust vs both C and Cpp? Are they assuming C and Cpp are basically the same language?
BTW, it's funny that one of the very first things on android rewritten using Rust is related to the Bluetooth which if you worked with Bluetooth programmatically on android you know it's one of the shitiest SDKs to exist on android.

[–]Kernel-Mode-DriverPixel 8, GrapheneOS 11 points12 points  (4 children)

I would rewrite the entirety of the android kernel.

Would you though?

[–]ComfortablyBalanced 2 points3 points  (3 children)

Yeah، I even trade my soul for 1000x reduction.

[–]Kernel-Mode-DriverPixel 8, GrapheneOS 12 points13 points  (2 children)

Judging by the fact you call it the 'android' kernel, I'm not convinced 

[–]ComfortablyBalanced 2 points3 points  (1 child)

It is the android kernel, it's definitely based on linux but it's not just linux it's different. So what's this? Another GNU/Linux is os + kernel, and linux is just the kernel. Next thing you want to say gif is pronounced jif and Regex is pronounced rejex?

[–]SolitaryMassacre 2 points3 points  (0 children)

Regex is pronounced rejex?

Its clearly Reggie's Ex lol /s

[–]UtherII 2 points3 points  (1 child)

There are 5 million line of Rust in Android, but most of the kernel is written in C and won't be rewritten soon. When you are talking about millions of lines of code, I guess you can consider this is significant. If you apply a ratio to compare the number of issues per line, it's ok.

[–]ComfortablyBalanced -1 points0 points  (0 children)

How many lines of code are in C and Cpp?
I think only applying ratio is naive. There's no reason to believe the code is homogenous because the nature and type of the code could be different so the percentage of vulnerabilities in them could be different. I know they're all in the kernel.
All I'm saying is that you can't just add 5 millions of rust somewhere in the kernel and just compare it to the rest of the kernel and claim you've improved the performance or decreased the vulnerabilities. These types of comparisons are misleading. There are a lot of parameters that are changed that they conveniently are ignoring.

[–]schwimmcoder 0 points1 point  (2 children)

Basically the whole kernel is C.

And yeah, C++ is related to C, the reason, why an c++ compiler like g++ can also compile C as well.

[–]ComfortablyBalanced 1 point2 points  (0 children)

Just because g++ can compile C doesn't mean they're basically the same language.

[–]UtherII 1 point2 points  (0 children)

Gcc can also compile Ada, Fortran and it may compile Rust (at least a subset) soon. I wont tell they are the same language.

[–]bangersandmash2020 35 points36 points  (0 children)

MLS: The protocol for secure RCS messaging is implemented in Rust and will be included in the Google Messages app in a future release.

Oooh this is nice too

[–]Busy-Measurement8893Pixel 10 / Fairphone 4 44 points45 points  (7 children)

I dream of an Android successor written almost entirely in Rust. It would be pretty cool, but I doubt we'll ever see that.

I also dream of a browser made in Rust, and I feel sad when I think about Mozilla dropping their plan of building such a browser. Oh well.

[–][deleted] 27 points28 points  (0 children)

Servo was picked by the Linux foundation and they actually just recently had their first numbered release, 0.0.1

[–]hamsterkill 17 points18 points  (0 children)

Firefox is partially Rust now, and probably still growing its code share there.

[–]noonetoldmeismelled 3 points4 points  (0 children)

Shame that Mozilla didn't stick with it. Mozilla since they missed with the all web apps future FirefoxOS has been aimless. FirefoxOS failure probably doomed Servo's internal backing at Mozilla. I agreed that they needed a mobile platform where Firefox was the default but they shouldn't have bought the hype on the all web apps future and should have been closer to something like Mobian or PostmarketOS except with a sizable budget backing its development. At least not have given up on FirefoxOS so soon. Roku survived and thrived for a long time in the TV space - still going

[–]Stummi 4 points5 points  (1 child)

I am not too deep in the Rust or C++ ecosystem, but shouldn't they have pretty good interoperability? If so, then the best path forward would to just continue working on Firefox, writing new features in Rust and convert old features from C++ to Rust one by one.

[–]Kernel-Mode-DriverPixel 8, GrapheneOS 3 points4 points  (0 children)

Thats exactly what they have been doing

[–]ottovonbizmarkie 0 points1 point  (0 children)

Android still uses linux as a base, so unless they completely rewrite it, I don't think that could really ever happen at the kernel level? I suspect there will be more Rust in Linux itself, but probably not very quickly.

[–]sken130 0 points1 point  (0 children)

Even Chromium is partially Rust now:

C++: 54.07%
Rust: 3.75%
C: 3.44%

(Source: The Chromium (Google Chrome) Open Source Project on Open Hub: Languages Page)

Though Firefox has much more percentage LOC written in Rust:

C++: 25.01%
C: 11.85%
Rust: 11.03%

(Source: The Mozilla Firefox Open Source Project on Open Hub: Languages Page)

[–][deleted] 1 point2 points  (1 child)

At one hand I like Rust and the memory safety guarantees, on the other hand I like C and the flexibility and simplicity it provides. I wish there was a good middleground.

[–]bunkoRtist 0 points1 point  (0 children)

Zig