Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Firefox Mozilla Open Source

Mozilla Binds Firefox's Fate To The Rust Language (infoworld.com) 236

An anonymous reader quotes InfoWorld: After version 53, Firefox will require Rust to compile successfully, due to the presence of Firefox components built with the language. But this decision may restrict the number of platforms that Firefox can be ported to -- for now... Rust depends on LLVM, which has dependencies of its own -- and all of them would need to be supported on the target platform. A discussion on the Bugzilla tracker for Firefox raises many of these points...

What about proper support for Linux distributions with long-term support, where the tools available on the distro are often frozen, and where newer Rust features might not be available? What about support for Firefox on "non-tier-1" platforms, which make up a smaller share of Firefox users? Mozilla's stance is that in the long run, the pain of transition will be worth it. "The advantage of using Rust is too great," according to maintainer Ted Mielczarek. "We normally don't go out of our way to make life harder for people maintaining Firefox ports, but in this case we can't let lesser-used platforms restrict us from using Rust in Firefox."

InfoWorld points out most Firefox users won't be affected, adding that those who are should "marshal efforts to build out whatever platforms need Rust support." Since most users just want Mozilla to deliver a fast and feature-competitive browser, the article concludes that "The pressure's on not only to move to Rust, but to prove the move was worth it."
This discussion has been archived. No new comments can be posted.

Mozilla Binds Firefox's Fate To The Rust Language

Comments Filter:
  • What's with all these other languages lately?
    • by TechyImmigrant ( 175943 ) on Saturday February 04, 2017 @12:44PM (#53802817) Homepage Journal

      What's with all these other languages lately?

      In the case of Rust, it addresses security problems that are the domain of internet facing software. When writing complex internet facing software, human's haven't got the brains to write secure code. Rust improves the situation by enforcing things that humans get wrong.

      For this reason, security people love it. They understand how they can write software with deterministic behavior in Rust where they know they cannot in C or many other compiled languages.

      Other people want different problems solved and look at Rust and think "Well that looks a bit inconvenient" and dismiss it, and continue to write browsers and servers and daemons and MTAs and other internet facing things full of security exploits.
       

      • Re: (Score:2, Insightful)

        Funny how the OpenBSD team doesn't have that problem.

      • What's with all these other languages lately?

        In the case of Rust, it addresses security problems that are the domain of internet facing software.

        Well it is basically a compact syntax for doing modern safe C++ but based on a hybridf of ML and C instead of just C, and proper ML-style enums and pattern matching thrown in to spice it up a bit.

        Nothing you can't do in C++ and people already are doing.

        • It's nothing you can't do in assembly either. What's your point? That this stuff should be harder than it needs to be? That makes no sense.

          • It's nothing you can't do in assembly either. What's your point? That this stuff should be harder than it needs to be? That makes no sense.

            Nope. I think Rust is nice, though I have seen better "C++-killers". There have just been a lot of languages like it. They tend to fail or remain niche if they don't provide something they do significantly better than what they are replacing.

            Also if you are concerned about these security aspect you should switch to safe techniques first, you can worry about a language that make such techniques more concise later, first you need to learn them.

        • by roca ( 43122 )

          Rust can do many things modern C++ can't do.

          For example, in Rust you can give away a reference to a field of an object *safely*:
          struct X { foo: Y }
          impl X {
              fn foo(&self) -> &Y { &self.foo }
          }
          No way to do that safely in C++. Sure, you can give away a pointer or a reference to a field, but the compiler can't ensure you haven't introduced a use-after-free bug. Rust can.

      • Sounds like its only used for COMPILING, not runtime.

        So wtf, is the point of rust? I am sure perl would work equally as well.

      • In the case of Rust, it addresses security problems that are the domain of internet facing software

        I don't think there are any common security problems that can't be fixed by using a good string and buffer library. Switching languages to get that advantage is a little overkill.

        Using Rust will get rid of a lot of memory leaks though (not all of them), so that is a benefit. Judicious use of techniques like memory pools, stack allocation, and reference counting will get you similar benefits in C, requires more discipline (which Firefox developers definitely don't all have), but eliminates more bugs.

        The

        • Judicious use of techniques like memory pools, stack allocation, and reference counting will get you similar benefits in C, requires more discipline

          Does it? Look at Apache memory management through APR: you do not need special discipline, just use it and get rid of memory leaks.

          • By Apache APR I assume you are referring to their memory pools? Those are great, but not appropriate for all problems. For example, if you have an object that gets created, passed off to another section of code, which passes it off to another section of code, which frees it. This is common in a producer/consumer situation, or a message-passing situation, or almost any situation where you have queues. Memory pools don't work as well in those situations, because you don't want to delete a whole pool, you just
        • by roca ( 43122 )

          String and vector libraries can't protect you from use-after-free bugs. To prevent those, before Rust, you needed some kind of GC, which imposes performance tradeoffs (some combination of increased memory usage, throughput overhead, and pauses). (Swift's ARC is really a form of reference-counting-based GC.) Rust offers a new approach where you can have manual memory management but the compiler can verify you don't have use-after-free bugs.

      • by gweihir ( 88907 )

        For this reason, security people love it. They understand how they can write software with deterministic behavior in Rust where they know they cannot in C or many other compiled languages.

        I am a security person and I do not love Rust. In fact, I think it will make matters worse, because it will make people think that they can write security-critical software with even less understanding of what is going on. Rust will make some types of attacks harder to do, but by the dumbing-down effect it will add other problems. My expectation is that in total, what we will see is a decrease of security due to less competent architecture, design and implementation.

        There is no silver bullet, and those that

        • by roca ( 43122 )

          Are you saying that instead we should make people smarter? Or that we should write less software?

      • Other people want different problems solved and look at Rust and think "Well that looks a bit inconvenient" and dismiss it, and continue to write browsers and servers and daemons and MTAs and other internet facing things full of security exploits.

        Right, because if you use Rust your code will magically become secure, and bug-free, and crash-proof, and all your problems will go away, and Adriana Lima will fall in love with you and have your babies. I've heard similar stuff from other True Believers about their pet languages, e.g. the academic who said that everything should be written in Haskell because it's impossible to write bad code in it (this actually happened!).

        You need to balance a lot of things when deciding which language you want to use.

  • Courage. (Score:5, Insightful)

    by serviscope_minor ( 664417 ) on Saturday February 04, 2017 @12:53PM (#53802869) Journal

    Courage is not removing the headphone jack. Courage is switching to a new systems language because the existing one, while good, just doesn't allow them to reach th quality level they want.

  • is basically a wholly owned subsidiary of Mozilla. This whole thing smacks of eating your own dog food. As long as their support for the big 3 (Windows, OSX, Linux) isn't impacted I suppose it won't matter much. But if it even means waiting a bit for patches on Ubuntu or Red Hat then expect Chromium to eat what's left of their lunch.
  • Servo (Score:5, Informative)

    by jimbo ( 1370 ) on Saturday February 04, 2017 @01:33PM (#53803093)

    Given the quality of our comments recently, here is a good presentation with some actual information on their work currently and going forwards: Servo Architecture: Safety and Performance [youtube.com].

  • ESR vs Rust (Score:5, Informative)

    by Jodka ( 520060 ) on Saturday February 04, 2017 @02:47PM (#53803431)

    That bizarre cathedral guy, Eric Raymond, is busy cleaning up NTP for security and recently evaluated Rust as a possible language for a complete re-write and found it deficient. His blog posts on that:

    "Rust vs. Go" [ntpsec.org]
    Rust severely disappoints me [ibiblio.org]
    "Rust and the limits of swarm design" [ibiblio.org]

Never test for an error condition you don't know how to handle. -- Steinbach

Working...