3 min Devops

Google: new code increasingly written in ‘memory safe’ languages like Rust

Google: new code increasingly written in ‘memory safe’ languages like Rust

Google expects to increasingly use ‘memory safe’ programming languages like Rust for its code. In widely used -and now decades old- languages like C and C++, bugs caused by errors in memory management are commonplace. However, these languages are so ubiquitous that it makes more sense to transition gradually while taking care of the most significant risks present in the existing languages.

Google, in a recently released report, states the obvious by pointing out that errors due to incorrect memory management often crash programs and make digital infrastructure susceptible to incidents. Such bugs account for 70 percent of all vulnerabilities in Microsoft products.

Secure-by-Design approach

Google therefore sees a future in a so-called Secure-by-Design approach. Here, the code design already prevents as many avoidable errors as possible. For example, the responsibility for memory allocation should fall on the programmer to a much lesser extent.

To this end, Google has adopted the “safe coding” approach in which all high-risk constructs (as in: error- or abuse-prone) are already marked as security risks even before a programmer sees them. The company does not expect C++ to evolve into a language with robust memory security. Therefore, Google plans to increasingly write new code in ‘memory safe’ languages and repackage existing C++ code into a more secure subset. This is complemented by hardware security.

Also read: Microsoft releases more Rust features for Windows kernel

The company appears to be embracing Rust programming language as an alternative. Not only does Rust’s design prevent a developer from having to monitor memory management constantly, it also does not rely on “garbage collectors,” the cleanup method employed by Java, among others.

Rust ‘reliable with low overhead’

Google is critical of this method because of the strain on the hardware it imposes. According to Google, Rust is currently the language that most embodies the safe coding approach precisely because of its reliability and ‘low runtime overhead’. This is still true if it means compilation time is undesirably long. On the contrary, Google seems to view the way Rust compiles as a sign of reliability and trustworthiness.

The recommendation from tech giant Google is a sign of encouragement for Rust. CEO Rebecca Rumbul of the Rust Foundation recently expressed concerns about the state of the programming language. For example, developers would find the learning curve too steep and stay away. Also, dealing smartly with memory management is by no means a cure-all for preventing errors.

Tip: Google pledges million to Rust for interoperability with C++