Google says replacing C/C++ in firmware with Rust is easy

Google recently rewrote the firmware for protected virtual machines in its Android Virtualization Framework using the Rust programming language and wants you to do the same, assuming you deal with firmware.

In a write-up on Thursday, Android engineers Ivan Lozano and Dominik Maier dig into the technical details of replacing legacy C and C++ code with Rust.

"You'll see how easy it is to boost security with drop-in Rust replacements, and we'll even demonstrate how the Rust toolchain can handle specialized bare-metal targets," said Lozano and Maier.

Easy is not a term commonly heard with regard to a programming language known for its steep learning curve.

Nor is it easy to get C and C++ developers to see the world with Rust-tinted lenses. Just last week, one of the maintainers of the Rust for Linux project - created to work Rust code into the C-based Linux kernel - stepped down, citing resistance from Linux kernel developers.

"Here's the thing, you're not going to force all of us to learn Rust," said a Linux kernel contributor during a lively discussion earlier this year at a conference.

• DARPA suggests turning old C code automatically into Rust – using AI, of course
• LLM-driven C-to-Rust. Not just a good idea, a genie eager to escape
• How to maintain code for a century: Just add Rust
• CISA looked at C/C++ projects and found a lot of C/C++ code. Wanna redo any of it in Rust?

Nonetheless, Google is encouraging those who are willing to do so. Citing the lack of high-level security mechanisms in firmware, which is often written in memory-unsafe languages such as C or C++, Lozano and Maier argue that Rust provides a way to avoid the memory safety bugs like buffer overflows and use-after-free that account for the majority of significant vulnerabilities in large codebases.

"Rust provides a memory-safe alternative to C and C++ with comparable performance and code size," they note. "Additionally it supports interoperability with C with no overhead."

The US government lately has been hammering on this theme, with support from leading tech firms and non-profit initiatives to rewrite critical open source projects and components in Rust. Witness the Cybersecurity & Infrastructure Security Agency recommendation last year that software vendors "make it a top-level company goal to reduce and eventually eliminate memory safety vulnerabilities from their product lines."

Google was already sold on the idea, having concluded that its Rust developers are twice as productive as its C++ engineers.

"We recognize Rust's critical role in building secure and reliable software at all levels of the stack," said Lars Bergstrom, director of engineering for Android Programming Languages at Google and chair of the Board of Directors of the Rust Foundation, in a statement provided to The Register.

"At Google, we’re increasing Rust's use across Android, Chromium, and more to reduce memory safety vulnerabilities. We're dedicated to collaborating with the Rust ecosystem to drive its adoption and provide developers with the resources and training they need to succeed. This work on bringing Rust to embedded and firmware addresses another critical part of the stack." ®