home.social
Sign in Create account

Yerkebulan Tulibergenov

@[email protected]
View on hachyderm.io
  1. Yerkebulan Tulibergenov @yerke ·

    CPython core developers are considering introducing Rust to the codebase. A lot of them are in favor, including Guido.

    “Rust will initially only be allowed for writing optional extension modules, but eventually will become a required dependency of CPython and allowed to be used throughout the CPython code base.”

    discuss.python.org/t/pre-pep-r

    #rustlang #python #riir
  2. Yerkebulan Tulibergenov @yerke ·

    Android team at Google posted another update of their use of Rust as a replacement for C and C++.

    Switching to Rust for writing performance sensitive and low level code allowed them to reduce memory safety vulnerabilities from ~70% to below 20% of total vulnerabilities for the first time.

    Notable quotes:

    "We adopted Rust for its security and are seeing a 1000x reduction in memory safety vulnerability density compared to Android’s C and C++ code. But the biggest surprise was Rust's impact on software delivery. With Rust changes having a 4x lower rollback rate and spending 25% less time in code review, the safer path is now also the faster one."

    "For medium and large changes, the rollback rate of Rust changes in Android is ~4x lower than C++. This low rollback rate doesn't just indicate stability; it actively improves overall development throughput. Rollbacks are highly disruptive to productivity, introducing organizational friction and mobilizing resources far beyond the developer who submitted the faulty change. Rollbacks necessitate rework and more code reviews, can also lead to build respins, postmortems, and blockage of other teams. Resulting postmortems often introduce new safeguards that add even more development overhead."

    "In a self-reported survey from 2022, Google software engineers reported that Rust is both easier to review and more likely to be correct. The hard data on rollback rates and review times validates those impressions."

    "With roughly 5 million lines of Rust in the Android platform and one potential memory safety vulnerability found (and fixed pre-release), our estimated vulnerability density for Rust is 0.2 vuln per 1 million lines (MLOC)."

    "Our historical data for C and C++ shows a density of closer to 1,000 memory safety vulnerabilities per MLOC. Our Rust code is currently tracking at a density orders of magnitude lower: a more than 1000x reduction."

    Do read the whole blog post. It's very informative.

    security.googleblog.com/2025/1

    #rustlang #android #google #riir