Google recently rewrote the firmware for protected virtual machines in its Android Virtualization Framework using the Rust programming language and wants you to do the same, assuming you deal with firmware.

In a write-up on Thursday, Android engineers Ivan Lozano and Dominik Maier dig into the technical details of replacing legacy C and C++ code with Rust.

“You’ll see how easy it is to boost security with drop-in Rust replacements, and we’ll even demonstrate how the Rust toolchain can handle specialized bare-metal targets,” said Lozano and Maier.

Easy is not a term commonly heard with regard to a programming language known for its steep learning curve.

Nor is it easy to get C and C++ developers to see the world with Rust-tinted lenses. Just last week, one of the maintainers of the Rust for Linux project - created to work Rust code into the C-based Linux kernel - stepped down, citing resistance from Linux kernel developers.

“Here’s the thing, you’re not going to force all of us to learn Rust,” said a Linux kernel contributor during a lively discussion earlier this year at a conference.

  • GetOffMyLan@programming.dev
    link
    fedilink
    arrow-up
    65
    arrow-down
    9
    ·
    4 months ago

    Here’s the thing, you’re not going to force all of us to learn Rust

    That seems like a poor attitude imo.

      • tiredofsametab@fedia.io
        link
        fedilink
        arrow-up
        40
        arrow-down
        2
        ·
        4 months ago

        I mean, I work as a software engineering and if I’m not doing continuing ed, be it about architecture, storage, or new languages, I’m going to be of less value in the marketplace. I’ve learnt languages I didn’t particularly want to in the past for work (though I generally came to tolerate or even like some of them. Not lua, though; lua can go to hell).

        If Rust truly is the better, safer option, then these people are holding everything back.

        • wewbull@feddit.uk
          link
          fedilink
          English
          arrow-up
          28
          arrow-down
          1
          ·
          edit-2
          4 months ago

          “learn Rust” in this case is learn it to a level where all of the little behaviour around cross language integrations are understood and security flaws won’t be introduced. Expert level.

          It’s not “I did a pet project over the weekend”.

          • tiredofsametab@fedia.io
            link
            fedilink
            arrow-up
            24
            arrow-down
            2
            ·
            4 months ago

            You are correct and I am aware of that. However, it also seems that they both refuse to learn it and refuse to work with people at that expert level based on the recent drama, which seems very much like holding things back to me.

            • MyNameIsRichard@lemmy.ml
              link
              fedilink
              arrow-up
              7
              arrow-down
              9
              ·
              4 months ago

              If you mean the drama I’m thinking off, that seemed to me to be a guy taking on a role that was always going to be 90% political because people are resistant, and sometimes downright hostile, to change and then flouncing off when it was 90% political.

                • MyNameIsRichard@lemmy.ml
                  link
                  fedilink
                  arrow-up
                  2
                  ·
                  4 months ago

                  Flouncing off is about the drama of leaving, not the time served before doing so. You can be in a role for decades and then flounce off!

            • Strykker@programming.dev
              link
              fedilink
              arrow-up
              5
              arrow-down
              4
              ·
              4 months ago

              Sure for newcomers to a project like the Linux kernel they have to learn C , because that is what the project is currently written in, but trying to transition the Linux kernel to rust forces people who already are contributing to go and learn rust to be able to continue what they were already doing. And sure you can argue that it’s being done so not everything has to go over at once, but there is a level of rust knowledge required at the interface between the two languages, and that burden is as far as I’ve seen being forced on those long term contributors.

              It’s not the same thing.

              • arendjr@programming.dev
                link
                fedilink
                arrow-up
                6
                ·
                4 months ago

                and that burden is as far as I’ve seen being forced on those long term contributors.

                This is not what is happening. The current long term contributors were asked to clarify semantics about C APIs, so the Rust maintainers could take it from there. At no point were the C maintainers asked to help maintain the Rust bindings.

              • FizzyOrange@programming.dev
                link
                fedilink
                arrow-up
                1
                arrow-down
                4
                ·
                4 months ago

                Sure, but it’s very similar. The point is that those people didn’t get to choose the language they’re using and now someone is forcing them to use a specific language. They’ve always been forced to use a specific language.

                I guess it just think “I don’t want to learn” is a lame excuse.

                • wewbull@feddit.uk
                  link
                  fedilink
                  English
                  arrow-up
                  1
                  arrow-down
                  3
                  ·
                  4 months ago

                  How about “To learn it to that level will take 10,000 hours I don’t have”? Does that make more sense to you?

        • stupidcasey@lemmy.world
          link
          fedilink
          arrow-up
          21
          arrow-down
          3
          ·
          4 months ago

          C/C++ is the bedrock of our modern civilization in some ways more fundamental than actual bedrock, the first step in getting any OS running is making it run C and after that you are basically done, it’s not surprising that developers resist, if nothing else it’s a common language, and standards are hard to change on the best of days. This isn’t just learning a language, it’s a complete paradigm shift.

          • calcopiritus@lemmy.world
            link
            fedilink
            arrow-up
            14
            arrow-down
            2
            ·
            4 months ago

            The bedrock of modern civilizations is expensive to develop, buggy and unergonomic though.

            If you make C run, you probably (I’m not sure, would have to verify) can make rust run. And if there isn’t yet, there will probably soon be a C compiler written in rust, so you can choose to bootstrap from wherever you prefer.

            C’s ABI will probably last longer than C, since there is not a stable rust ABI though.

              • Spore@lemmy.ml
                link
                fedilink
                English
                arrow-up
                2
                ·
                4 months ago

                Currently it’s a long chain from an early version of GCC to the latest one, then mrustc (in C++) which can compile rustc 1.54.0.

              • calcopiritus@lemmy.world
                link
                fedilink
                arrow-up
                1
                ·
                4 months ago

                To be fair, in that article mentions the way to get rust from C. Sure, there is not a compiler written in C, but C is down there in the list of compilers needed for rust, so “just” need to compile some other compilers in the middle.

                • BatmanAoD@programming.dev
                  link
                  fedilink
                  arrow-up
                  1
                  ·
                  4 months ago

                  Ah, sorry, I misinterpreted your comment somehow. Yes, Rust is bootstrappable today, it’s just a much longer process than it would be if there were a compiler written in C.

        • orcrist@lemm.ee
          link
          fedilink
          arrow-up
          5
          ·
          4 months ago

          It’s not a question of what’s the better option. In reality we have a lot of software that already exists and works, and you can’t replace it all in bulk at the same time. So the question is whether the implementation of Rust makes logistical sense, given the difficulties of maintaining currently existing software while replacing some parts of it.

      • superkret@feddit.org
        link
        fedilink
        arrow-up
        10
        arrow-down
        13
        ·
        4 months ago

        It isn’t unreasonable to ask someone to learn a new language, if they currently only speak Sumeric.

    • PlexSheep@infosec.pub
      link
      fedilink
      arrow-up
      7
      arrow-down
      1
      ·
      4 months ago

      I mean aren’t they forcing everyone else to learn C/C++ otherwise? If we follow that logic, at least

        • lad@programming.dev
          link
          fedilink
          English
          arrow-up
          4
          arrow-down
          1
          ·
          4 months ago

          That way we’ll just find maintainers went near extinct over time, just like COBOL developers that are as rare as they are expensive. Only Linux kernel isn’t a bank, and maybe will not have as much money to pay to rare developers capable of maintaining C codebase

          • lysdexic@programming.dev
            link
            fedilink
            English
            arrow-up
            1
            arrow-down
            2
            ·
            edit-2
            4 months ago

            That way we’ll just find maintainers went near extinct over time, just like COBOL developers that are as rare as they are expensive.

            Care to take a shot at figuring out why COBOL is still used today?

            I mean, feel free to waste your time arguing for rewrites in your flavor of the month. That’s how many failed projects start, too, so you can have your shot at proving them wrong.

            But in the meantime you can try to think about the problem, because “rewrite it in Rust” is only reasonable for the types who are completely oblivious to the realities of professional software development.

            • lad@programming.dev
              link
              fedilink
              English
              arrow-up
              2
              ·
              3 months ago

              It’s used because the ones who use it have enough money to pay for any problems that may arise from it’s use, and known problems are deemed better than unknown ones.

              It is a viable model when you have enough money and resources, but a conservative one

              • lysdexic@programming.dev
                link
                fedilink
                English
                arrow-up
                1
                arrow-down
                1
                ·
                3 months ago

                It’s used because the ones who use it have enough money to pay for any problems that may arise from it’s use, (…)

                That’s laughable. Literally the whole world uses it. Are you telling me that everyone in the world just loves to waste money? Unbelievable.

                • lad@programming.dev
                  link
                  fedilink
                  English
                  arrow-up
                  2
                  ·
                  3 months ago

                  Have you ever worked at large old corporation? Wasting money is a bit of an underestimation on that scale.

                  Also, not all banks use COBOL, but the ones that don’t are usually much younger.

                  Besides, Ada would’ve been a better example, as it is used by telecoms and seems to be held in high regard, unlike COBOL. The only issue with Ada I heard of is that it’s on par with C++ in complexity which is far from being simple.

    • lysdexic@programming.dev
      link
      fedilink
      English
      arrow-up
      4
      arrow-down
      12
      ·
      4 months ago

      That seems like a poor attitude imo.

      Why do you believe that forcing something onto everyone around you is justifiable? I mean, if what you’re pushing is half as good as what you’re claiming it to be, wouldn’t you be seeing people lining up to jump on the bandwagon?

      It’s strange how people push tools not based on technical merits and technological traits, but on fads and peer pressure.

      • GetOffMyLan@programming.dev
        link
        fedilink
        arrow-up
        16
        arrow-down
        2
        ·
        edit-2
        4 months ago

        It is literally being pushed for its technical merits and traits.

        Memory safe code with comparable performance in the kernel seems like an absolute no brainer.

        Also if you watch the video all he’s asking for is consistent interfaces for the file systems. He’s not even trying to get them to use rust. And the guy starts screeching about how he’ll code however he wants.

        Is it wrong to expect a consistent and well documented interface?

        Pretty sure C is actually being pushed against its technical merits here.

  • 0x0@programming.dev
    link
    fedilink
    arrow-up
    59
    arrow-down
    11
    ·
    4 months ago

    One of the deep-pocketed founding members of the Rust Foundation says it’s easy. I’m surprised.

    • Ephera@lemmy.ml
      link
      fedilink
      arrow-up
      21
      arrow-down
      4
      ·
      4 months ago

      Wut? They’re a member, because they find Rust useful. This is just them saying another time that they find Rust useful.
      While they (and everyone using Rust) will benefit off of more people using Rust, it’s not like they have a vested interest to the point of spreading misinformation.

      • lysdexic@programming.dev
        link
        fedilink
        English
        arrow-up
        13
        arrow-down
        5
        ·
        4 months ago

        They’re a member, because they find Rust useful. This is just them saying another time that they find Rust useful.

        Fans of a programming language stating they like the programming language is hardly thought-provoking stuff. There are also apps written in brainfuck and that means nothing as well.

        • Ephera@lemmy.ml
          link
          fedilink
          arrow-up
          6
          arrow-down
          2
          ·
          4 months ago

          I’m pretty sure that’s not how dyslexia works, but either way, I didn’t write that. And while the title of the article suggests otherwise, the news here isn’t that Google says something is easy. The news is that they published a guide to make that thing easy.

      • lysdexic@programming.dev
        link
        fedilink
        English
        arrow-up
        14
        arrow-down
        10
        ·
        4 months ago

        Clearly Rust is a conspiracy.

        Anyone in software development who was not born yesterday is already well aware of the whole FOMO cycle:

        1. hey there’s a shiny new tool,
        2. it’s so fantastic only morons don’t use it,
        3. oh god what a huge mistake I did,
        4. hey, there’s a shiny new tool,
        • Spore@lemmy.ml
          link
          fedilink
          arrow-up
          9
          ·
          4 months ago

          I assume that you do know that tools improve objectively in the cycle and are making a joke on purpose.

          • lysdexic@programming.dev
            link
            fedilink
            English
            arrow-up
            3
            arrow-down
            10
            ·
            4 months ago

            If you had a grasp on the subject you’d understand that it takes more than mindlessly chanting “tools” to actually get tangible improvements, and even I’m that scenario often they come with critical tradeoff.

            It takes more than peer pressure to make a case for a tool.

            • Spore@lemmy.ml
              link
              fedilink
              arrow-up
              10
              ·
              4 months ago

              mindlessly chanting “tools”

              That’s what you were doing in the first place. Instead of evaluating and trying new things, you are putting them in an imaginary cycle, ignoring any actual value that they brings.

              Also Rust has been on your “stage 2” for 10 years. It’s now widely used in multiple mainstream operating systems for both components and drivers, driving part of the world’s internet stack, and is used to build many of those “shiny and new tools”.

        • lolcatnip@reddthat.com
          link
          fedilink
          English
          arrow-up
          5
          arrow-down
          3
          ·
          4 months ago

          Yeah, because the new tools are never actually better, right? If condescending luddites like you had your way we’d still be living in the literal stone age. At every step of the way, people like you have smugly said that the older, more established ways of doing things were good enough and new ways were just a fad that would die out.

          Your favorite language was dismissed as fad when it was new. High level languages were a fad. Computing was a fad. Electricity was a fad. See a pattern?

          Nice job projecting with the “only morons” bit, BTW, when it is in fact you who started off by denigrating people whose preferences are different from yours.

          • lysdexic@programming.dev
            link
            fedilink
            English
            arrow-up
            2
            arrow-down
            4
            ·
            edit-2
            4 months ago

            Yeah, because the new tools are never actually better, right?

            Well, yes. How many fads have come and went? How many next best things already died off? How many times have we seen the next best thing being replaced by the next best thing?

            And yet, most of the world still runs on the same five languages: C, Java, C++, C#, JavaScript.

            How do you explain that, with so many new tools being so much better than everything?

            Might it be because fanboys tend to inflate their own definition of “actually better”, while turning a blind eye to all the tradeoffs they need to pretend aren’t there?

            • Spore@lemmy.ml
              link
              fedilink
              English
              arrow-up
              7
              arrow-down
              1
              ·
              edit-2
              4 months ago

              And yet, most of the world still runs on the same five languages: C, Java, C++, C#, JavaScript.

              Did you just assume that those languages exists since the dawn of computing? Or they run the world as long as they came to existence and were never “the new thing”? You are just contradicting yourself at this point to defend yourself from anything you don’t want to accept.

            • lolcatnip@reddthat.com
              link
              fedilink
              English
              arrow-up
              8
              arrow-down
              2
              ·
              edit-2
              4 months ago

              I’m old enough to remember when 4 of those 5 languages were the hot new thing. You’d have had me ignore them all and keep using C for everything. If I had done that I wouldn’t have even landed my first job.

              • lysdexic@programming.dev
                link
                fedilink
                English
                arrow-up
                1
                arrow-down
                1
                ·
                4 months ago

                You’d have had me ignore them all and keep using C for everything.

                Please tell me which language other than C is widely adopted to develop firmware.

                You’re talking about so many up-and-comers during all these decades. Name one language other than C that ever came close to become a standard in firmware and embedded development.

                Right.

    • taanegl@beehaw.org
      link
      fedilink
      arrow-up
      5
      arrow-down
      6
      ·
      4 months ago

      Your mom is easy… said the deep-pocketed founding member of the Rust Foundation.

  • nickwitha_k (he/him)@lemmy.sdf.org
    link
    fedilink
    arrow-up
    7
    arrow-down
    3
    ·
    4 months ago

    If the target for the firmware has stdlib already implemented, my experience has been that it is indeed easy with minimal experience in the language.

    • 0x0@programming.dev
      link
      fedilink
      arrow-up
      22
      arrow-down
      1
      ·
      4 months ago

      Mixing “firmware” with “easy with minimal experience” in the same sentence makes me cringe…

      • nickwitha_k (he/him)@lemmy.sdf.org
        link
        fedilink
        arrow-up
        11
        ·
        4 months ago

        That’s fair. To be clear, I meant minimal experience with the Rust programming language. I’ve mainly tinkered with ESP32 types of MCUs in Arduino and CircuitPython when it comes to firmware, but have much more software experience. In some ways, I found the little bit of Rust that I tried easier because of the tooling - defaulting to a CLI tool to flash rather than an IDE is much more comfortable for me.

        • towerful@programming.dev
          link
          fedilink
          arrow-up
          1
          ·
          4 months ago

          I’ve been meaning to play with rust, and I’ve always enjoyed tinkering with various MCUs… Although I’m not very strong with firmware/embedded programming.

          Do you think programming an ESP32 is a good project for learning rust?
          Any suggested place to start? (Tutorials, YouTube Vida etc)

          • nickwitha_k (he/him)@lemmy.sdf.org
            link
            fedilink
            arrow-up
            2
            ·
            4 months ago

            Do you think programming an ESP32 is a good project for learning rust?

            I’ve only barely scratched the surface there myself but, I absolutely do think so. For several reasons. First, ESP32 is one of the few series of MCUs that support the Rust stdlib. And learning what that entails for Rust is extremely helpful in conceptualizing build targets. Second, MCUs are a very constrained target for software/firmware. Getting comfortable there will likely improve your code efficiency in other code platforms as you are more likely to think about resource usage earlier. And third, there’s some pretty excellent docs and tutorials.

            Any suggested place to start? (Tutorials, YouTube Vida etc)

            For tutorials, my recommended starting point is with the official docs/books themselves:

      • socsa@piefed.social
        link
        fedilink
        arrow-up
        3
        ·
        4 months ago

        Meh, it’s depends on what you do. I know several low level C engineers who would be far more comfortable rolling a fresh driver over doing some more abstract intro CS projects.

  • eronth@lemmy.world
    link
    fedilink
    arrow-up
    4
    ·
    4 months ago

    Rust is one of those things that every time I look into it, I don’t really follow what makes it so good. What’s a good starter project to learn the language and get a sense of what makes it worthwhile over the established stuff?

    • FizzyOrange@programming.dev
      link
      fedilink
      arrow-up
      4
      ·
      4 months ago
      1. If your alternative is C++ then it removes the enormous burden of manually tracking lifetimes and doing manual memory management. C++ does have RAII which helps with that enormously but even then there are a gazillion footguns that Rust just doesn’t have - especially with the newer stuff like rvalue references, std::move, coroutines etc. It also saves you from C++'s dreaded undefined behaviour which is everywhere.

      2. It has a very strong (and nicely designed) type system which gives an “if it compiles it works” kind of feel, similar to FP languages like Haskell (so they say anyway; I’ve not used it enough to know). The borrow checker strongly pushes you to write code in a style that somehow leads to less buggy code. More compiler errors, but much less debugging and fixing bugs.

      3. The libraries and APIs are generally very well designed and nice to use. If you’ve ever used Dart or Go think how nice the standard library is compared to JavaScript or PHP. It took C++ like 2 decades to get string::starts_with but Rust started with it (and much more!).

      4. Fast by default.

      5. Modern tooling. No project setup hassle.

      6. It’s a value based language, not reference based. References are explicit unlike JavaScript, Java, C#, etc. This is much nicer and makes things like e.g. copying values a lot easier. JavaScript’s answer for ages was “serialise to JSON and back” which is crazy.

      Downsides:

      1. Slow compilation sometimes. I’d say it’s on par with C++ these days.

      2. Async Rust is kind of a mess. They shipped an MVP and it’s still kind of hard to use and has unexpected footguns, which is a shame because sync Rust avoids footguns so well. Avoid async Rust if you can. Unfortunately sometimes you can’t.

      3. Interop with C++ is somewhat painful because Rust doesn’t have move constructors.

      Great language overall. Probably the best at the moment.

      • JustEnoughDucks@feddit.nl
        link
        fedilink
        arrow-up
        4
        ·
        4 months ago

        I disagree with 5.

        I am an electronics engineer, so admittedly only ever worked with C and Python scripting (and not a programmer by any means) but I literally stopped learning rust for embedded because every single tooling setup step was wrong or failed for both chips I was testing out (NRF chip and an esp32-C3). Maybe only embedded rust was still a mess tooling-wise, but I have no use case for learning userspace rust first. It would just be a waste of my limited free time 😅

        • FizzyOrange@programming.dev
          link
          fedilink
          arrow-up
          1
          ·
          4 months ago

          I think embedded Rust is simply really really new, and requires interacting with crusty C tools which is going to reduce reliability.

          It’s also a little fragmented with people trying different things out (e.g. Embassy vs RTIC), and different chips getting different levels of support.

          Totally different experience to desktop development.

        • milis@programming.dev
          link
          fedilink
          arrow-up
          1
          ·
          edit-2
          3 months ago

          I just would like to learn from your experience.

          I have a different background, can’t say I am developer but a coder who mainly do prototyping in short amount of time, and sometimes help out building microservices, backend stuffs. Go really fit the bill neatly for my job, so my first attempt jumping into the embedded world, as a hobbyist, was with TinyGo and found it completely different from userspace application development. To be honest, I did like it as a unified toolchain, but it was not yet that mature the time when I used it (I hope they are much better now) and I always had to go into the “machine” code file to find out things that should be documented better. That said, I was really happy when I got my head around multiplexed led array on the microbit, and even figured out how to drive a continuous rotation servo by timed highs and lows (TinyGo had no PWM support for microbit) for a car crusher, with an empty tissue box of course. Made my little one cry when he saw it the first time and thought his toy cars were crushed.

          But when I got into more “serious” hobbyist realm, playing around with nRF52840, ESP32 and Cortex-M0, I found that Zephyr Project just feel right to me. Maybe because I am not a bare-metal magician by trade, I found the device tree concept so easy to understand and I managed to tune a DTS for ESP-EYE to use the correct address region for PSRAM, though I could only enable 4MB of it as I still couldn’t understand why there are 2 separated address regions for a total 8MB of PSRAM!

          By pure coincidence, IoT became the next big thing for the company I work in, so I am thinking about getting more tools in my shed. I will definitely look into CircuitPython. Never learned Python before because I just don’t like it, without any objective reason I am afraid, but I reckon it is a great tool to build something really really quickly. Another language I want to learn, as you can tell, is Rust, because I can’t expect my colleagues to know Zephyr when FreeRTOS is just a much more popular choice. I think one day I will have to look into FreeRTOS again but wouldn’t hurt learning one more modern langauge that hopefully can do the trick easily.

          However, with some initial digging, it scares me. From libraries and tutorials, one thing that bugs me is that it seems everyone has to do like Peripherals::take().unwrap() and many other long chains of method calls ending with .unwrap(). I feel like the borrow-checker is not quite ready for memory mapped IO but assumes every pointer is allocated on the heap. I just feel worried that one day they will say “okay, we actually need a different compiler for embedded, just like TinyGo for Go”, and I have to relearn. Another thing that I don’t know yet is, it seems not so easy to get them onto the chip? If I understand correctly, some of the nRF and ESP32 are on tier-1 support so I suppose they will be the easier choices to get started. I am interested to know from your experience what was wrong in the equation?

          Thanks and my apologies for making it so long.

      • ZILtoid1991@lemmy.world
        link
        fedilink
        arrow-up
        2
        ·
        4 months ago

        I would add to the downside that it’s not the best programming language for game development, etc. There was some blog post about how troublesome is it to develop games using Rust due to some of the features that are good in other areas, like the whole concept of “immutable by default”.

        I can also recommend D, if you want to deal with different issues, like the D Language Foundation fearing of change due to not wanting to deal with division from a new and incompatible version yet again, the GC being both a blessing and curse, if you want to go without a (tracing) GC you’ll need to go with a custom runtime that potentially missing many of its features, the attribute hell, etc.