We have already described where the Rust language is used. What is it like to advocate for Rust at work? After overcoming the initial hurdle, it tends to go well. A 2017 discussion, reprinted below, provides a nice anecdote. One member of Google’s Chrome OS team discusses what it was like to introduce the language to the project:
indy on Sept 27, 2017
Is Rust an officially sanctioned language at Google?
zaxcellent on Sept 27, 2017
Author here: Rust is not officially sanctioned at Google, but there are
pockets of folks using it here. The trick with using Rust in this
component was convincing my coworkers that no other language was right
for job, which I believe to be the case in this instance.
That being said, there was a ton of work getting Rust to play nice
within the Chrome OS build environment. The Rust folks have been super
helpful in answering my questions though.
ekidd on Sept 27, 2017
> The trick with using Rust in this component was convincing my
> coworkers that no other language was right for job, which I believe
> to be the case in this instance.
I ran into a similar use case in one of my own projects—a vobsub
subtitle decoder, which parses complicated binary data, and which I
someday want to run as web service. So obviously, I want to ensure
that there are no vulnerabilities in my code.
I wrote the code in Rust, and then I used 'cargo fuzz' to try and
find vulnerabilities. After running a billion(!) fuzz iterations, I
found 5 bugs (see the 'vobsub' section of the trophy case for a list
https:/ /github.com/rust-fuzz/trophy-case).
Happily, not _one_ of those bugs could actually be escalated into an
actual exploit. In each case, Rust's various runtime checks
successfully caught the problem and turned it into a controlled panic.
(In practice, this would restart the web server cleanly.)
So my takeaway from this was that whenever I want a language (1) with
no GC, but (2) which I can trust in a security-critical context, Rust
is an excellent choice. The fact that I can statically link Linux
binaries (like with Go) is a nice plus.
Manishearth on Sept 27, 2017
> Happily, not one of those bugs could actually be escalated into
> an actual exploit. In each case, Rust's various runtime checks
> successfully caught the problem and turned it into a controlled
> panic.
This has been more or less our experience with fuzzing rust code in
firefox too, fwiw. Fuzzing found a lot of panics (and debug
assertions / "safe" overflow assertions). In one case it actually
found a bug that had been under the radar in the analogous Gecko
code for around a decade.
From this excerpt, we can see that language adoption has been “bottom up” by engineers looking to overcome technical challenges in relatively small projects. Experience gained from these successes is then used as evidence to justify undertaking more ambitious work.
In the time since late 2017, Rust has continued to mature and strengthen. It has become an accepted part of Google’s technology landscape, and is now an officially sanctioned language within the Android and Fuchsia operating systems.
