A new report from Google offers compelling data on Rust's impact in Android development. The findings indicate not just enhanced security, but also a significant boost to developer productivity and code stability.
With concrete metrics like a 4x lower rollback rate compared to C++, Google's experience challenges the long-held belief that memory safety comes at the cost of development velocity. Does this signal a major shift for large-scale enterprise projects considering Rust?
In today’s Rust recap:
> Google’s report on Rust adoption in Android
> Zed’s new Rust-to-Wasm backend
> A Google AI tool gets rewritten in Rust
> Formal verification support lands for unsafe code
Google's Rust dividend
The Recap: Google's latest report on Rust adoption in Android reveals that the language is not only drastically improving security but also accelerating development. The data shows a 1000x reduction in memory safety bugs and a 4x lower rollback rate compared to C++.
Unpacked:
Rust code is proving to be more stable and efficient, with a 4x lower rollback rate for medium and large changes and spending 25% less time in code review.
Google is expanding Rust's footprint beyond system services into the Android Linux kernel, firmware, and first-party apps, including an ongoing collaboration on a Rust-based kernel-mode GPU driver.
A near-miss memory safety vulnerability was caught pre-release and would have been rendered deterministically non-exploitable by Android’s Scudo hardened allocator, demonstrating the power of a defense-in-depth security strategy.
Bottom line: This data challenges the old assumption that stronger security must come at the cost of development speed. For teams building critical systems, Google’s experience provides compelling evidence that the safer path can also be the faster one.
Zed's Wasm backend
The Recap: The team behind the Zed editor has rebuilt its cloud infrastructure from the ground up in Rust, compiling it to WebAssembly and running it on a serverless platform for a more scalable and operationally simple backend.
Unpacked:
The primary goal was to reduce operational effort, leading the team to build on Cloudflare Workers and leverage its managed services like Hyperdrive for Postgres, KV for storage, and Queues for async jobs.
A custom
Platformtrait was created to write platform-agnostic code, allowing the same logic to run against the real Cloudflare runtime in production and a simulated environment for robust end-to-end testing.This new backend is the foundation for Zed's future collaborative coding features, which will be powered by a new technology called DeltaDB.
Bottom line: Zed's Rust-to-Wasm approach offers a blueprint for building high-performance, scalable cloud services with a small operational footprint. This allows the team to focus more on building product features and less on managing infrastructure.
Google's AI gets Rusty
The Recap: Google has rewritten its AI tool for file-type detection, Magika, in Rust for its 1.0 release. The result is a high-performance engine and a native command-line tool that can scan hundreds of files per second.
Unpacked:
The new Rust core uses the high-performance ONNX Runtime for model inference and Tokio for parallel processing, enabling it to process nearly 1,000 files per second on a modern laptop.
Magika 1.0 doubles its detection capabilities to over 200 content types, using Gemini to generate synthetic training data for rare and specialized formats.
The project is fully open source, and the team is inviting the community to contribute new features and bindings on its GitHub page.
Bottom line: Magika's rewrite is a powerful example of replacing a tool's core with Rust to achieve native performance and memory safety. This release further solidifies Rust's position as a go-to language for building production-grade security and AI tooling.
Rust's formal proof
The Recap: The TrustInSoft Analyzer, a formal verification toolchain, now officially supports Rust. This enables developers in safety-critical industries to gain mathematical, provable confidence in their mixed C, C++, and Rust codebases.
Unpacked:
The tool addresses gaps in Rust's safety guarantees by detecting undefined behaviors, overflows, and memory vulnerabilities that can still occur in Rust's
unsafesublanguage or when calling into C functions.This release is the result of a partnership with Ferrous Systems, bringing together its qualified compiler toolchain, Ferrocene, with TrustInSoft's formal analysis engine.
New native support for analyzing concurrent code allows the tool to explore all execution paths in multi-threaded scenarios to flag race conditions and non-deterministic behaviors with mathematical certainty.
Bottom line: Access to formal verification tools marks a significant step for Rust's adoption in the most demanding industries like automotive and aerospace. It provides a level of assurance that moves beyond compiler checks to offer mathematical proof of software correctness.
The Shortlist
Rust 1.91.1 Released: This version includes important fixes that enhance compiler performance.
Async Programming in Rust: This updated guide offers detailed insights into async programming nuances in Rust, which is integral for modern development practices.