- cross-posted to:
- [email protected]
- cross-posted to:
- [email protected]
We’ve been searching for a memory-safe programming language to replace C++ in Ladybird for a while now. We previously explored Swift, but the C++ interop never quite got there, and platform support outside the Apple ecosystem was limited. Rust is a different story. The ecosystem is far more mature for systems programming, and many of our contributors already know the language. Going forward, we are rewriting parts of Ladybird in Rust.
“Let’s stop halfway through our multi-year project to rewrite it in another language” is peak nerd shiny distraction. I say this as one who resists the urge every day. Way to delay your project by several more years, clown.
All things considered the way they’re approaching the migration is fine enough - they’re only moving specific portions at a time, they’re not stopping C++ development, and they’re making sure it doesn’t introduce regressions. Adopting a memory-safe language for something like a browser makes sense because it completely eliminates that class of vulnerabilities.
The problem is the way they’re approaching the code itself. From their wording, it sounds like they’re relying on AI heavily for both writing and reviewing the code. Rust has a steeper learning curve than most languages and is very different from C++. They even mention in the blog that their current Rust code looks like C++ code ported over. If they don’t take the time to actually learn Rust before adopting it, it’ll just lead to security logic issues that their AI couldn’t catch because C++ and Rust don’t always behave the same way. And that’s completely ignoring all of the other ethical/technical issues with AI
Be that as it may, the time to choose Rust was at the beginning. It existed then, but they made their technology choice. Continuing to develop in C++ while doing the migration just means more throwaway code and duplicated effort. This decision is truly the worst of both worlds.