程序员的那些事·2025-11-16 10:14Core Insights - Rust has become a controversial programming language, with government agencies in the U.S. advocating for its adoption over C/C++ due to its memory safety features, while some developers express skepticism about its complexity and perceived overhype [1][2]. Group 1: Rust's Impact on Android Security - Memory safety vulnerabilities in Android have dropped below 20% for the first time, according to Google's 2025 data [2]. - Rust has reduced the density of memory safety vulnerabilities by 1000 times compared to existing C/C++ code in Android [4]. - The introduction of Rust has not only improved security but also enhanced software delivery efficiency, with rollback rates decreasing by 4 times and code review times reduced by 25% [4][15]. Group 2: Adoption and Trends - Since 2021, Google has been integrating Rust into the Android system as a safer alternative to C/C++ [5]. - The usage of Rust is rapidly increasing, while new C++ code is declining [6]. - Rust's new code volume is now comparable to that of C++, indicating similar development efficiency [9]. Group 3: Performance Metrics - Google utilized the DORA framework to assess performance, focusing on throughput and stability [10]. - Rust code requires approximately 20% fewer modifications than C++ code of similar scale [11]. - Rust's rollback rate is about one-fourth that of C++ in medium to large changes, indicating higher stability [18]. Group 4: Broader Applications of Rust - Google is expanding Rust's use in various areas, including system services, libraries, and applications, due to its safety and productivity advantages [22]. - Specific implementations include Nearby Presence for Bluetooth device discovery, RCS security messaging, and various parsers in Chromium [23]. Group 5: Addressing Concerns and Future Outlook - Google acknowledges that while Rust does not guarantee zero vulnerabilities, it significantly reduces vulnerability density, estimating 0.2 vulnerabilities per million lines of Rust code compared to 1000 per million lines of C/C++ [32][33]. - The company believes that Rust allows for a balance between speed and safety, potentially restoring performance and productivity previously sacrificed for security [37][38].