Google has announced that the Android Open Source Project (AOSP) is adding support for Rust as a development language for the Android operating system. The support is being added to help avoid memory safety bugs in the code.
Google advocates the use of managed languages such as Java and Kotlin as the best option for Android app development, because they are designed for ease of use, portability, and safety. The Android Runtime (ART) manages memory on behalf of the developer.
Writing about the new support Google’s Jeff Vander Stoep and Stephen Hines of the Android Team said that that
“memory safety bugs in C and C++ continue to be the most-difficult-to-address source of incorrectness. We invest a great deal of effort and resources into detecting, fixing, and mitigating this class of bugs, and these efforts are effective in preventing a large number of bugs from making it into Android releases. Yet in spite of these efforts, memory safety bugs continue to be a top contributor of stability issues, and consistently represent ~70% of Android’s high severity security vulnerabilities.”
In view of this, Google is increasing efforts to prevent memory bugs, and memory-safe languages are the best way to achieve this. With this in mind, Google is adding support for Rust to the existing languages supported.
The Android OS uses Java extensively, effectively protecting large portions of the Android platform from memory bugs. The developers say that unfortunately, for the lower layers of the OS, Java and Kotlin are not an option. Instead the lower levels of the operating system need systems programming languages like C, C++, and Rust, which are designed with control and predictability as goals, and provide access to low level system resources and hardware.Stoep and Hines said:
“They are light on resources and have more predictable performance characteristics.For C and C++, the developer is responsible for managing memory lifetime. Unfortunately, it’s easy to make mistakes when doing this, especially in complex and multithreaded codebases.”
Rust avoids these mistakes by providing memory safety guarantees by using a combination of compile-time checks to enforce object lifetime/ownership and runtime checks to ensure that memory accesses are valid. This safety is achieved while providing equivalent performance to C and C++.