{"type":"doc","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"近日,谷歌宣佈 Android 開源項目(AOSP)現已支持使用 Rust 編程語言來開發 OS。這一舉動讓正火的 Rust 語言熱度再次上漲。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"要用 Rust 解決什麼問題?"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"目前,Android項目主要用兩種語言構建。Java(以及最近出現的與jvm兼容的語言,如Kotlin)已被用於操作系統的上層部分,如UI部分;在內核、驅動程序等 OS 的基礎層面,則通常用C編寫,有時也會使用C++。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"爲了更適合OS的底層編程,這些語言在設計時,考慮到了可控和可預測性等特性,可以提供對底層系統資源和硬件的訪問。同時,它們的資源需求相對輕量,可預測性更強。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"因此,C語言,甚至C++,都被認爲非常適用於系統級編程,因爲它們某種程度上提供了接近底層硬件的功能,這是一些高級語言都很難實現的。"}]},{"type":"image","attrs":{"src":"https:\/\/static001.geekbang.org\/infoq\/0d\/0d55ae9feefe1419dc5e8a37ae4c6aca.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"但這種靈活性是一把雙刃劍。目前,C 和 C++ 的內存安全問題仍然很難解決。由於沒有可依賴的垃圾收集,看似簡單的內存管理,經常導致嚴重的安全問題,如緩衝區溢出等。有分析指出,內存安全漏洞佔Android開源項目中發現的所有嚴重安全漏洞的70%。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"Rust 由 Mozilla 推出,最初是被設計爲C和C++更安全的替代語言。儘管Rust並沒有被廣泛用於應用開發,但它已經迅速成爲最受青睞的系統開發語言之一。Rust不像C那樣依賴手動內存管理,但也缺少帶有Java風格的垃圾收集器。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"谷歌方面認爲,Rust 使用編譯時檢查(強制執行對象生命週期 \/ 所有權)和運行時檢查(確保內存訪問有效)的組合來提供內存安全保證。提供這種安全性的同時,Rust 的性能表現足以匹敵 C 和 C++。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"除了Rust 編程語言的安全性能外,谷歌認爲使用Rust 也可以減少成本投入。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"據悉,目前所有 Android 進程均已沙箱化。它們通過遵循“三選二”規則(Rule of 2)來確定功能是否需要額外的隔離和特權。這種規則很簡單:給定三個選項,開發人員只能選擇以下三個選項中的兩個。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.geekbang.org\/infoq\/d5\/d5aa78bad467c40c8f1407bb55442c68.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"對 Android 來說,這意味着如果代碼是用 C\/C++ 編寫並解析了不可靠的輸入,則應將其放入一個嚴格受限和無特權的沙箱中。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"雖然這個規則可以有效降低安全漏洞的嚴重性和暴露程度,但 IPC(進程間通信) 和額外的內存佔用,也會使其需要的新進程帶來額外的開銷並引入延遲。同時,高漏洞密度會降低其有效性,讓攻擊者可以將多個漏洞連接在一起。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"像 Rust 這樣的內存安全語言,可以降低代碼中錯誤的密度,提高當前沙箱的效率,並且可以減少谷歌對沙箱的需求,從而引入更安全、更省資源的新特性。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"Rust的核心理念是所有權。簡而言之,每個值都有一個所有者。當該所有者超出範圍時,該值將被刪除。這限制了基於內存的安全漏洞風險,同時也限制了爲確保安全而需要編寫的代碼數量。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"根據谷歌的分析,大多數內存錯誤出現在新的或最近修改的代碼中,大約 50%的錯誤出現時間還不到一年。谷歌方面認爲,在內存安全語言方面,最好是專注於新開發的代碼,而不是重寫成熟的 C\/C++ 代碼。"}]},{"type":"image","attrs":{"src":"https:\/\/static001.geekbang.org\/infoq\/0b\/0b0c3f5808151f84a4cd6f622c7d0bb7.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" “當然,引入一種新的編程語言並不能解決現有 C\/C++ 代碼中的錯誤問題。即便我們重新分配 Android 團隊中所有軟件工程師的工作,重寫幾千萬行代碼也是不可能的。”谷歌表示,舊代碼並不是亟需改進的。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"該消息宣佈後,一些開發者表示希望可以做NDK,但據Android開發者關係團隊的一名成員透露,谷歌目前沒有發佈Rust NDK的計劃,支持應用程序開發的語言將繼續是Kotlin、Java、C和C++。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"Rust,谷歌“新寵”"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"在過去的18個月中,谷歌一直在Android開源項目中添加Rust支持,但將Rust擴展到更多的OS會是一個艱鉅且耗時很久的項目。除了要維護一些工具鏈和依賴關係,測試基礎設施和工具必須同步更新,開發人員也需要接受培訓。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"去年7月,Android平臺安全負責人Sudhi Herle表示,將繼續在Rust上進行投資,看看哪些系統組件用Rust編寫會更好。“我們相信,Rust將最終從根本上讓我們所有的用戶都能安全地使用這個平臺。”"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"目前,Android的新藍牙堆棧重寫代碼“ "},{"type":"link","attrs":{"href":"https:\/\/android.googlesource.com\/platform\/system\/bt\/+\/master\/gd\/rust\/","title":null,"type":null},"content":[{"type":"text","text":"Gabeldorsche"}],"marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}]},{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" ”已經使用Rust編寫。Gabeldorsche的研發工作始於Android 11,但至今仍未投入使用。Android的Keystore 2.0模塊是用Rust編寫的,Android的IPC驅動程序binder的用戶空間部分也是如此。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"Rust 正在成爲谷歌“新寵”,不僅表現在Android開發上。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"今年2月,Rust Core 團隊宣佈了新成立的 Rust 基金會,創始成員中就包括谷歌。同月,谷歌宣佈與 Internet Security Research Group 合作用 Rust 語言重新實現安全組件,包括用 Rust 爲 curl 開發 HTTP 和 TLS 後端,爲 Apache httpd 項目開發 TLS 庫。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"谷歌有望取代Android的全新操作系統Fuchsia的新網絡棧也使用了Rust編寫。此外,ChromeOS中使用的"},{"type":"link","attrs":{"href":"https:\/\/chromium.googlesource.com\/chromiumos\/platform\/crosvm\/","title":null,"type":null},"content":[{"type":"text","text":"crosvm"}],"marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}]},{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"虛擬機監視器和驅動程序、用於支持FIDO安全密鑰的固件等都在使用Rust。谷歌還對Rust開源項目"},{"type":"link","attrs":{"href":"https:\/\/www.mercurial-scm.org\/wiki\/OxidationPlan","title":null,"type":null},"content":[{"type":"text","text":"Mercurial"}],"marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}]},{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"的控制系統也作出了貢獻。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"谷歌高級軟件工程師兼 Rust 核心團隊成員Manish Goregaokar 表示,谷歌選擇 Rust 語言,部分原因是它能夠與其他語言輕鬆集成。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"過去幾個月,谷歌、Amazon、Facebook、微軟以及等科技巨頭正瘋狂吸納人才市場上的 Rust 語言程序員,各方都在着力籌備組建 Rust 團隊。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"去年 8 月的一輪裁員之後,Mozilla 遣散了約 250 名員工,其中包括不少原 Rust 團隊的活躍開發人員,谷歌聘請了此輪裁員中的 Mozilla 前員工 Lars Bergstrom擔任工程技術總監。Goregaokar 也來自Mozilla,他目前主要任務是構建一套國際化 Rust 庫,並有意繼續在該語言的開源項目開發中投入精力。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"開發者表示歡迎"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"對於谷歌的這一決定,很多開發者表示很興奮。在"},{"type":"link","attrs":{"href":"https:\/\/news.ycombinator.com\/news","title":null,"type":null},"content":[{"type":"text","text":"Hacker News"}],"marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}]},{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"上,一位開發者留言表示:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"blockquote","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"我很高興看到Rust在越來越多的項目中發揮作用。我在幾周前開始學習,感覺與C++相比,Rust 更加簡單,快速,它有一個熟悉的註冊表。它適用於嵌入式、web,、Wasm、一些快速腳本,CLIs。我的背景主要是JavaScript、Dart和Java,但現在我很興奮地嘗試一些更低層次的東西,唯一的問題是我需要找到一種方法過渡到一個好的Rust項目。"}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"另外,也有開發者提出了一個疑問:在Java\/Kotlin應用程序中添加Rust代碼,應用程序將不斷地在Java和本機代碼之間切換,雖然可以但對性能不是很友好。但值得慶幸的是,Chrome和Firefox並沒有完全編譯成字節碼,JIT和渲染代碼是用本機代碼編寫的。Mozilla在瀏覽器中使用了Rust,這意味着至少Android上已經有一個相當大的Rust運行庫了。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"Kotlin和Java都很棒,在這一點上,開發者們幾乎沒有什麼分歧,但有開發者表示“Java太沉重了,使用Rust會帶來新體驗。”隨着Rust的應用越來越廣,已經有開發者討論,谷歌將來會不會發佈一個可以用來寫Rust的應用程序。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}},{"type":"strong"}],"text":"參考鏈接:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"link","attrs":{"href":"https:\/\/security.googleblog.com\/2021\/04\/rust-in-android-platform.html","title":null,"type":null},"content":[{"type":"text","text":"https:\/\/security.googleblog.com\/2021\/04\/rust-in-android-platform.html"}],"marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}]}]}]}
谷歌“新寵” Rust
{"type":"doc","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"近日,谷歌宣佈 Android 開源項目(AOSP)現已支持使用 Rust 編程語言來開發 OS。這一舉動讓正火的 Rust 語言熱度再次上漲。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"要用 Rust 解決什麼問題?"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"目前,Android項目主要用兩種語言構建。Java(以及最近出現的與jvm兼容的語言,如Kotlin)已被用於操作系統的上層部分,如UI部分;在內核、驅動程序等 OS 的基礎層面,則通常用C編寫,有時也會使用C++。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"爲了更適合OS的底層編程,這些語言在設計時,考慮到了可控和可預測性等特性,可以提供對底層系統資源和硬件的訪問。同時,它們的資源需求相對輕量,可預測性更強。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"因此,C語言,甚至C++,都被認爲非常適用於系統級編程,因爲它們某種程度上提供了接近底層硬件的功能,這是一些高級語言都很難實現的。"}]},{"type":"image","attrs":{"src":"https:\/\/static001.geekbang.org\/infoq\/0d\/0d55ae9feefe1419dc5e8a37ae4c6aca.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"但這種靈活性是一把雙刃劍。目前,C 和 C++ 的內存安全問題仍然很難解決。由於沒有可依賴的垃圾收集,看似簡單的內存管理,經常導致嚴重的安全問題,如緩衝區溢出等。有分析指出,內存安全漏洞佔Android開源項目中發現的所有嚴重安全漏洞的70%。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"Rust 由 Mozilla 推出,最初是被設計爲C和C++更安全的替代語言。儘管Rust並沒有被廣泛用於應用開發,但它已經迅速成爲最受青睞的系統開發語言之一。Rust不像C那樣依賴手動內存管理,但也缺少帶有Java風格的垃圾收集器。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"谷歌方面認爲,Rust 使用編譯時檢查(強制執行對象生命週期 \/ 所有權)和運行時檢查(確保內存訪問有效)的組合來提供內存安全保證。提供這種安全性的同時,Rust 的性能表現足以匹敵 C 和 C++。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"除了Rust 編程語言的安全性能外,谷歌認爲使用Rust 也可以減少成本投入。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"據悉,目前所有 Android 進程均已沙箱化。它們通過遵循“三選二”規則(Rule of 2)來確定功能是否需要額外的隔離和特權。這種規則很簡單:給定三個選項,開發人員只能選擇以下三個選項中的兩個。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.geekbang.org\/infoq\/d5\/d5aa78bad467c40c8f1407bb55442c68.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"對 Android 來說,這意味着如果代碼是用 C\/C++ 編寫並解析了不可靠的輸入,則應將其放入一個嚴格受限和無特權的沙箱中。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"雖然這個規則可以有效降低安全漏洞的嚴重性和暴露程度,但 IPC(進程間通信) 和額外的內存佔用,也會使其需要的新進程帶來額外的開銷並引入延遲。同時,高漏洞密度會降低其有效性,讓攻擊者可以將多個漏洞連接在一起。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"像 Rust 這樣的內存安全語言,可以降低代碼中錯誤的密度,提高當前沙箱的效率,並且可以減少谷歌對沙箱的需求,從而引入更安全、更省資源的新特性。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"Rust的核心理念是所有權。簡而言之,每個值都有一個所有者。當該所有者超出範圍時,該值將被刪除。這限制了基於內存的安全漏洞風險,同時也限制了爲確保安全而需要編寫的代碼數量。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"根據谷歌的分析,大多數內存錯誤出現在新的或最近修改的代碼中,大約 50%的錯誤出現時間還不到一年。谷歌方面認爲,在內存安全語言方面,最好是專注於新開發的代碼,而不是重寫成熟的 C\/C++ 代碼。"}]},{"type":"image","attrs":{"src":"https:\/\/static001.geekbang.org\/infoq\/0b\/0b0c3f5808151f84a4cd6f622c7d0bb7.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" “當然,引入一種新的編程語言並不能解決現有 C\/C++ 代碼中的錯誤問題。即便我們重新分配 Android 團隊中所有軟件工程師的工作,重寫幾千萬行代碼也是不可能的。”谷歌表示,舊代碼並不是亟需改進的。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"該消息宣佈後,一些開發者表示希望可以做NDK,但據Android開發者關係團隊的一名成員透露,谷歌目前沒有發佈Rust NDK的計劃,支持應用程序開發的語言將繼續是Kotlin、Java、C和C++。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"Rust,谷歌“新寵”"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"在過去的18個月中,谷歌一直在Android開源項目中添加Rust支持,但將Rust擴展到更多的OS會是一個艱鉅且耗時很久的項目。除了要維護一些工具鏈和依賴關係,測試基礎設施和工具必須同步更新,開發人員也需要接受培訓。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"去年7月,Android平臺安全負責人Sudhi Herle表示,將繼續在Rust上進行投資,看看哪些系統組件用Rust編寫會更好。“我們相信,Rust將最終從根本上讓我們所有的用戶都能安全地使用這個平臺。”"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"目前,Android的新藍牙堆棧重寫代碼“ "},{"type":"link","attrs":{"href":"https:\/\/android.googlesource.com\/platform\/system\/bt\/+\/master\/gd\/rust\/","title":null,"type":null},"content":[{"type":"text","text":"Gabeldorsche"}],"marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}]},{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" ”已經使用Rust編寫。Gabeldorsche的研發工作始於Android 11,但至今仍未投入使用。Android的Keystore 2.0模塊是用Rust編寫的,Android的IPC驅動程序binder的用戶空間部分也是如此。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"Rust 正在成爲谷歌“新寵”,不僅表現在Android開發上。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"今年2月,Rust Core 團隊宣佈了新成立的 Rust 基金會,創始成員中就包括谷歌。同月,谷歌宣佈與 Internet Security Research Group 合作用 Rust 語言重新實現安全組件,包括用 Rust 爲 curl 開發 HTTP 和 TLS 後端,爲 Apache httpd 項目開發 TLS 庫。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"谷歌有望取代Android的全新操作系統Fuchsia的新網絡棧也使用了Rust編寫。此外,ChromeOS中使用的"},{"type":"link","attrs":{"href":"https:\/\/chromium.googlesource.com\/chromiumos\/platform\/crosvm\/","title":null,"type":null},"content":[{"type":"text","text":"crosvm"}],"marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}]},{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"虛擬機監視器和驅動程序、用於支持FIDO安全密鑰的固件等都在使用Rust。谷歌還對Rust開源項目"},{"type":"link","attrs":{"href":"https:\/\/www.mercurial-scm.org\/wiki\/OxidationPlan","title":null,"type":null},"content":[{"type":"text","text":"Mercurial"}],"marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}]},{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"的控制系統也作出了貢獻。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"谷歌高級軟件工程師兼 Rust 核心團隊成員Manish Goregaokar 表示,谷歌選擇 Rust 語言,部分原因是它能夠與其他語言輕鬆集成。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"過去幾個月,谷歌、Amazon、Facebook、微軟以及等科技巨頭正瘋狂吸納人才市場上的 Rust 語言程序員,各方都在着力籌備組建 Rust 團隊。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"去年 8 月的一輪裁員之後,Mozilla 遣散了約 250 名員工,其中包括不少原 Rust 團隊的活躍開發人員,谷歌聘請了此輪裁員中的 Mozilla 前員工 Lars Bergstrom擔任工程技術總監。Goregaokar 也來自Mozilla,他目前主要任務是構建一套國際化 Rust 庫,並有意繼續在該語言的開源項目開發中投入精力。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"開發者表示歡迎"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"對於谷歌的這一決定,很多開發者表示很興奮。在"},{"type":"link","attrs":{"href":"https:\/\/news.ycombinator.com\/news","title":null,"type":null},"content":[{"type":"text","text":"Hacker News"}],"marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}]},{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"上,一位開發者留言表示:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"blockquote","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"我很高興看到Rust在越來越多的項目中發揮作用。我在幾周前開始學習,感覺與C++相比,Rust 更加簡單,快速,它有一個熟悉的註冊表。它適用於嵌入式、web,、Wasm、一些快速腳本,CLIs。我的背景主要是JavaScript、Dart和Java,但現在我很興奮地嘗試一些更低層次的東西,唯一的問題是我需要找到一種方法過渡到一個好的Rust項目。"}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"另外,也有開發者提出了一個疑問:在Java\/Kotlin應用程序中添加Rust代碼,應用程序將不斷地在Java和本機代碼之間切換,雖然可以但對性能不是很友好。但值得慶幸的是,Chrome和Firefox並沒有完全編譯成字節碼,JIT和渲染代碼是用本機代碼編寫的。Mozilla在瀏覽器中使用了Rust,這意味着至少Android上已經有一個相當大的Rust運行庫了。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"Kotlin和Java都很棒,在這一點上,開發者們幾乎沒有什麼分歧,但有開發者表示“Java太沉重了,使用Rust會帶來新體驗。”隨着Rust的應用越來越廣,已經有開發者討論,谷歌將來會不會發佈一個可以用來寫Rust的應用程序。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}},{"type":"strong"}],"text":"參考鏈接:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"link","attrs":{"href":"https:\/\/security.googleblog.com\/2021\/04\/rust-in-android-platform.html","title":null,"type":null},"content":[{"type":"text","text":"https:\/\/security.googleblog.com\/2021\/04\/rust-in-android-platform.html"}],"marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}]}]}]}
發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.
相關文章