Chris's Wiki :: blog/programming/RustIsInevitable

Recently, I saw a poll on the Fediverse about making Rust a hard dependency for fwupd. This got me to post a lukewarm take of my own:

Lukewarm take: the spread of Rust in open source software is inevitable, because nothing else fills the niche for 'C/C++ but strongly safe'. We need a replacement C because in general we can't write safe C/C++ at scale.

Rust isn't really my thing, but this shift implies that sooner or later I'm going to have to learn enough to read it and modify it.

I was then asked about my views on Zig in this context:

@williewillus I haven't used Zig, but it (and other C alternatives) doesn't bring the kind of memory, concurrency, and other safety that Rust does. My view is that changes for only small improvements are not going to motivate many OSS developers (although they could get used in some greenfield projects driven by enthused developers).

This issue is similar to how Rust is in our future, but from a different angle. My earlier entry was coming from how quite a few open source programmers like Rust and so naturally were writing things in it. Now I feel that Rust is also inevitable because people trying to add more safety to important software (such as Linux's fwupd) are going to turn to Rust as basically their best option. Zig could become inevitable for the first reason (programmer enthusiasm), but seems unlikely to do so for the second reason, where Rust stands more or less alone.

(In a similar line is Google's Memory Safe Languages in Android 13, although I consider Android only nominally open source software in this sense.)

This shift will inevitably make life harder for smaller and more niche (Unix) operating systems and architectures, since you'll increasingly need a Rust toolchain as well as a C and C++ one in order to bring up various important software. In that way it's just as harmful and also just as inevitable as the migration from HTTP to HTTPS for websites. The security landscape isn't getting much better for C and C++, and at the same time we have a steady increase in the amount of code out there. There are plenty of developers who really want to bend this curve, and asking them to refrain from their best and easiest option in order to help a small fraction of people is not likely to work.

(Telling developers to do better at writing safe C and C++ doesn't work, especially at scale. Doing so is also generally more work than simply writing in Rust, and open source developers have finite amounts of time.)