As many programmers know, reaching the 1.0 milestone is an important day for any language. It signals the first stable point where developers can use its features without fear that their code will break with incoming changes. But what separates the open-source and openly developed Rust 1.0 is that Mozilla chose and backed it for building the company’s crazy-fast new Web browsing engine, Servo. Here, from a working developer’s point of view, I’ll explain the characteristics Mozilla has focused on when creating Rust, and how the company plans to use Rust to replace Gecko (the existing Firefox engine) with Servo.
The needs of Servo defined how Rust must improve over current languages — especially C++, which Rust will replace in future Mozilla browsers. If I had to single out one improvement in Rust, it’s its inherent safety. It eliminates the possibility of most of the errors that occur on applications written in C/C++. At the same time, Rust is also designed with concurrency in mind, facilitating the development of applications with a high level of parallelism. Furthermore, Rust achieves these improvements while being a low-level language with the same high performance everyone expects from C++.
Most errors in C/C++ applications come from its memory mishandling, such as allowing invalid memory accesses to data already released and reused, and buffer overruns to memory beyond the data structure you are intending to read and write. To solve these problems, Rust has brand-new memory management with static types, no implicit conversions, bound checks, variable addressing that’s statically checked by the compiler, non-mutable variables by default, and an ownership model that allows the application to automatically free the memory when its scope ends — and more importantly, ensure the validity of every pointer.
Many, if not all, of these concepts are already found in managed languages like Java and C#. But Rust allows them in applications compiled as native code, without needing to run within a runtime, and without suffering the big performance penalty of a garbage collector.
Although far from being as bad as a managed language, all those bound checks come with an small performance penalty over unsafe languages. So Rust also allows the execution of unsafe code, to allow the maximum possible performance for the occasional critical bits of code.
Rust’s ownership model model also provides a solution to painless development of highly parallel applications, so we can avoid the feared race conditions. Every thread is isolated in Rust, but data can still be shared through channels, which also transfers ownerships of the messages sent along, preventing the sender from racing back to that data. Locks can be defined, and some data types can be allowed to be shared by multiple threads.
The Servo Web Engine
Mozilla has put all the potential of this language to good use with their new Web engine: Servo.
Gecko, Firefox’s current Web engine, is a real dinosaur. It’s difficult to maintain, difficult to extend, and it’s poorly adapted to modern PCs and mobile devices. This is why Mozilla is building a revolutionary new engine from scratch to replace it and correct all of those defects. Choosing Rust facilitates Servo to divide every rendering task of HTML in as many parallel subtasks as possible. This way, the browser will be able to take advantage of modern processors. Even phones come nowadays with multiple cores, and MediaTek will soon launch a SoC with 10 CPU cores. The fact that Rust is inherently much safer than C++ doesn’t hurt, either.
Mozilla and Samsung have shared some performance comparisons between Servo and Gecko engines. When comparing the loading of CNN’s website, we can see that with a single processor, Servo is much faster than Firefox’s existing engine, and when running with a quad-core processor, the loading time decreases significantly.
To facilitate the adoption of Servo outside their own browsers, Mozilla has abandoned the complicated and troublesome Gecko API, and has adopted the Chromium Embedded Framework API, instead of yet creating another new Web API of its own. Despite being based on Blink (Chrome’s new web engine), this API aims to completely isolate users from the ever-changing, underlying Web engines, and has already been chosen by Adobe and Valve for its Steam Client.
Servo’s Roadmap tells us to expect an alpha browser later this year, but Mozilla is focusing on mobile and embedded spaces. So for the next two years, we should only expect mobile Servo browsers, and maybe the engine embedded within third-party software. Considering the spectacular results of those initial tests, we will have a hard time waiting so long.
It’s probably still too soon to start learning Rust for many developers. But if the Servo web engine becomes as successful as it looks, then Rust will have enough validation to stay with us for a long time.
