October 3, 2023
Exploring Rust: Fast and Safe
—By Steven Mocarski, CTO
At OpenFin, we are continuously evaluating the latest technologies to ensure we are using the best tools on behalf of our customers. Recently, we began an exploration into Rust, a language that promises both the performance of C++ but without sacrificing safety. Because our platform is based on Google Chromium (which is written in C++), when it comes to building high performance native components, C++ has been our language of choice. In this post, we'll share the reasons for our interest in Rust and some of our initial findings.
There are a lot of reasons to consider Rust, but for us there were three main drivers:
- Memory Safety
Memory safety is not just a nice feature to have; it is a critical requirement for any software that deals with sensitive data or runs on critical systems. The lack of memory safety in C++ is a serious concern, as it is a common cause for exploits, even in the best software. It’s been estimated that 70% of all Chrome security bugs are memory safety issues; although the report was a few years ago, we work with these issues and the patches firsthand and that number seems about right even now. Apple and Microsoft have released similar numbers for Windows, iOS, etc.. Memory safe languages like Rust are one way to reduce the frequency of these issues.
I like to say that C++ was the first language I programmed in “seriously.” As a young programmer, I felt “real” engineering was not supposed to be easy. Now, after a few grey hairs, a promotion or two, and a budget: efficiency and deadlines matter a lot more than ego. Rust provides helpful messages and the tooling is pretty standardized which should help us build better and faster. As one of our senior engineers said, “it's almost like it wants to help you find your mistake!”
- Interoperability with C++
Transitioning entirely to a new language is a Herculean task. We are 11 years and over 50 releases into our core container product alone. Thankfully, Rust provides seamless interoperability with C++, making gradual transitions possible. While Microsoft is actively moving Windows to Rust, the Chromium team is still focused on other alternatives; is that because Mozilla created Rust? Probably not, and they may move there someday. If they do, OpenFin will be ready.
Additional benefits like concurrency and the wide array of available packages were interesting but not the most compelling for us: we need to build a lot of stuff, quickly, and make it as stable and secure as possible. In this way, Rust has a lot of potential.
Our Experimentation with Rust
Given the compelling advantages, we embarked on a pilot project to evaluate Rust's fit for our environment. We started with a quick POC, followed by a 2 week pilot. After a successful pilot, we weighed the pros/cons and set a date for a full production release. I’m proud to say that our full production version of OpenFin Snap SDK — which allows OpenFin new, fast and secure ways to interoperate with native windows on the desktop — is now production ready and largely built in Rust.
No good journey is without its challenges, and ours was no exception: while Rust's ownership and borrowing system ensures memory safety, it does introduce a learning curve. The concurrency model also takes some getting used to and it can be hard to “think” in Rust at first. At OpenFin, I’m lucky to have a team that deeply loves learning and was committed to our deadline — to be honest, we would have been late were it not for some late nights and a few (voluntary) weekends from the team.
Our initial exploration into Rust has been promising and we’re loving it so far. We've experienced firsthand the benefits of memory safety, concurrency, and the modern toolchain. However, the transition to any new language, especially in a setup as intricate as ours, requires careful planning and consideration.
Will Rust replace C++ entirely in our toolkit? Not anytime soon; we are going to follow Google’s lead for code written on top of the Chromium project. However, we are optimistic about integrating Rust more deeply into our tooling and for other important but isolated native components, to ensure OpenFin remains the best and most secure container on the planet, wherever you may be running it.
Check back soon for more of what we’re thinking about in the OpenFin Engineering team!
To learn more, check out our on-demand webinar "Mastering Your Workspace: Unleash Productivity with OpenFin’s Snap SDK" for an in-depth walk-through and a live demo of Snap SDK, followed by a Q&A with the team behind it.
Enjoyed this post? Share it!
Related PostsAll Posts ->
Fireside Chat with OpenFin's Adam Toms & LSEG's Dean Berry
A Single Pane of Everything