Big Win for Memory Safe Languages at Google

Today’s Issue: The Rust Game Engine Aiming for the Guinness Book World Record, Rusty V8 Just Got Stable, and Convert a Phrase to Its Acronym

Ferris the crab mascot — Image courtesy of tweedegolf

Hello, Rustaceans!

Welcome to another edition of the Rust Bytes newsletter.

In this issue, we’ll talk about the big impact of memory-safe languages at Google, challenge you with a Rust quiz, spotlight an amazing Rust project, and share some incredible links of the week.

Here’s issue 41 for you!

THE MAIN THING

Big Win for Memory Safe Languages at Google

Google’s Android team recently shared insights on how adopting memory-safe languages has drastically reduced their vulnerability rate from 76% down to 24%.

That’s a 68% relative reduction — not a bad outcome for some smart language choices.

Just a few months ago, the U.S. White House released a paper advocating for the need to transition to memory-safe languages to tackle security vulnerabilities effectively. Turns out, Google was already onto something.

The Android team discovered that most bugs in their codebase stem from newly written or recently modified code.

In response, they made the logical call: any new project should exclusively use memory-safe languages.

This is part of their long-term goal for a “secure-by-default” design — favoring languages built with memory safety and security in mind.

The Android’s team move of integrating Rust into new codebases has proved very promising.

Not only have they seen fewer memory-related vulnerabilities, but they have also avoided other classes of bugs altogether. Talk of killing two bugs with one language!

As Android transitioned to memory-safe languages for new features, they noticed that leaving legacy code mostly untouched — except for essential bug fixes — indicated that future vulnerabilities would significantly decrease as more memory-safe code gets introduced.

From their insight, Google’s approach to mitigating memory safety vulnerabilities can be categorized into four generations:

1. First generation: Reactive patching, which unfortunately resulted in significant costs to the business.
2. Second generation: Proactive mitigation strategies, such as stack canaries and control-flow integrity. While this reduced exploits, it introduced recurring costs and often conflicted with product goals.
3. Third generation: Proactive discovery methods using fuzzers and sanitizers. While effective in detecting issues, they mainly addressed the symptoms rather than solving the root causes.

Google’s current fourth generation approach focuses on adopting memory-safe languages with interoperability in mind, recognizing the fact that rewriting their entire codebase isn’t feasible.

By ensuring smooth interoperability between existing and memory-safe code, Google aims to drastically reduce vulnerabilities while maintaining practical development workflows.

RUST QUIZ

Convert a Phrase to Its Acronym

Write a function abbreviate that converts phrases into its corresponding acronym.

Its similar to writing a program that turns ‘Away From Keyboard’ into the super-cool ‘AFK’ or ‘Portable Network Graphics’ to its acronym ‘PNG’.

Punctuation should be handled as follows: hyphens are word separators (like whitespace); all other punctuation can be removed from the input.

For example:

Input

HyperText Markup Language => HTML

As Soon As Possible => ASAP

Liquid-crystal display => LCD

Thank George It’s Friday! => TGIF

You can start writing and test your code on Rust Playground here.

The more memory efficient and faster your solution the better.

Share your code in the comment as a Rust playground Link.

PROJECT SPOTLIGHT 💡

Vector

Vector is a high-performance, end-to-end (agent & aggregator) observability data pipeline that puts you in control of your observability data.

Think of Vector as the Swiss Army Knife of observability. It collects, transforms, and routes all your logs and metrics (with traces coming soon!), giving you the freedom to send them anywhere you want, whenever you want.

Vector offers dramatic cost reduction, novel data enrichment, and data security where you need it, not where it is most convenient for your vendors.

Here’s why Vector is the hero your observability data needs:

• Cut Costs Dramatically: Ditch the vendor lock-in and stop paying premium prices for basic functionality.
• Unleash Your Data Power: Transform and enrich your data for deeper insights, all within Vector.
• Security You Control: Keep your data secure where it matters most — with you.
• Blazing Fast: Vector is built on Rust, making it a speed demon compared to the competition.

Vector is also open source and up to 10x faster than every alternative in the space.

Don’t take our word for it, check out the benchmarks.

And hey, it’s made by the same geniuses who brought you DataDog.

AWESOME LINKS OF THE WEEK 🔗

1. Rusty V8 is now stable and production ready. Thanks to Ryan Dahl and the Deno crew for making our JavaScript dreams come true.
2. Niko Matsakis wrote about “Making overwrite opt-in”. Could this be the beginning of a beautiful new era of error-free programming?
3. Dmitry Kudryavtsev’s article on “One year of Rust in production” is such a good read. From the thrill of type safety to the slow burn of compile times, he’s seen it all.
4. Andrew Gazelka released Hyperion a Minecraft game engine which could rewrite the Guinness record books for the Largest multiplayer videogame PvP battle.
5. Developer Roadmaps released Rust Roadmap, it’s your trusty compass to guide you through the Rust land.
6. Wanja Zaeske, Pietro Albini, Florian Gilcher, and Umut Durak have released a gem of a paper titled “Towards Modified Condition/Decision Coverage of Rust,”. They tackle the challenge of applying the MC/DC testing metric to Rust — highlighting its quirky features to ensure safety in high-stakes applications.
7. Think you know concurrency? Think again. Alex Kladov’s article is a must-read for anyone who wants to avoid the concurrency chaos. Read here.
8. Alexander Medvedev made a youtube video on making a video Game Engines in Rust.
9. Tired of Rust’s quirks? Seph’s article on “Rewriting Rust” is a cathartic release. He’s got a vision for a better language, one that’s more intuitive, powerful, and less likely to make you want to throw your computer out the window.
10. Özgün Özerk released state-shift, a macro library that generates type-state-pattern boilerplate code for your structs.

RUST CHALLENGE: SOLUTION

You can check out the solution for the challenge on Rust Playground.

This challenge is from Exercism.

Do you have a Rust challenge/Tip you’d like to share with fellow Rustaceans? We’d be more than happy to feature them in a future issue, with full credit given to you. Submit your challenges or tips to us via email rustaceanseditors@gmail.com.

BEFORE YOU GO 👋

You’re Rust Bytes biggest fans, and we love to see it.

Here are a few ways you can help us spread the word:

• ❤️ Recommend Rust Bytes to your friends.
• 🤳 Connect with us on our socials: X, Rustaceans Publication.
• 📨 Email us at rustaceanseditors@gmail.com feedback is welcome.
• ☕️ Support our editors and Buy Us Coffee.

That’s all for now, Rustaceans. Keep getting better at what you put your hands on.

John & Elley.