--People are not important --
--There are no people in technology,
just replaceable components --
(Laughter)
Alright let's do this.
Alright, I'm going to tell
you about what Rust is,
why Rust is a part of Mozilla's work
and when it's going to start
being a part of Mozilla's work.
Let's begin.
So Rust is a new programming language
that has been created inside Mozilla
and shared with the outside world.
The goal of it
is basically
anytime when you traditionally
as a developer have
reached for C++
because you needed certain guarantees
about performance for example
we want Rust to be a viable alternative
in every single case.
There should be no reason to choose C++
over Rust
in the ideal future.
So it began as a side project
of a Mozillian named Graydon Hoare
back in before 2009.
He started working on it full-time
in 2009
because Mozilla saw the
ideas that he had and said
"We can see how we
could put this into Firefox...
...and make the product better
if we actually had this language".
So that's when we started investing
time and resources into it.
Fast forward a few years
we now have a team under
the Mozilla Research umbrella
who's working full-time
on improving the language
and we released
version 1.0 last year
and every 6 weeks we
now release a new version
so we just released 1.13
and there is a large community
around the language now
so not only do we have developers
working in Mozilla on it
some of those developers are part
of what's called the Core Team
and those are the people that
decide the future of the language
and help shape where
it's going as time goes on
so in addition to our employees
we have volunteers
and employees from other companies
that are now depending on
Rust for their products
and they're helping shape this ecosystem
which then has a large number of libraries
that are being developed by people
who are enthusiastic about the language
it's got a lot of downloads happening
since the last time I gave this talk
there've been 10 million more downloads
and 300 new libraries published
so there's a lot going on,
there's also the friends of Rust
which I'll show you
there is a page showing lots of different
companies that've told us
"Yes, we are relying on
Rust in production...
...we are very excited
about its prospects".
So, lots of cool things going on there.
So the reason for Rust
is that we have in the past
what 10 or more years of using Firefox
and Javascript in Firefox
sorry C++ and Javascript in Firefox
we've come across the fact that
there are some pervasive problems
that are caused by using C++
that is writing code that
makes use of local threads
is very difficult
it's easy to write incorrect code
and it is very easy to write
code which is unsafe
and that translates into
security exploits
things that are stored by governments
and by hackers
all over the world
and used to
steal data from users
and take over their computers
using the browser as a vector.
There's a huge number of these
that are released every year
by security investigators
and there's competitions showing
who can pwn a browser the quickest.
So we looked for ways to address this
by creating a new language
and it turns out
that actually both of these issues
make it difficult to write parallel code
that makes use of modern hardware
and writing code that is
safe and not exploitable
turns out they can both be addressed
by introducing the concept of
Ownership in the language.
So let's talk about what that means.
Ownership encapsulates two ideas basically
it is what the owner of a value is
and whether there are
multiple owners of a value
or mulitple users that are sharing a value
and additionally when that
value is actually valid.
What is the point in the program
in which it's actually safe
to interact with the value.
And so from this we can derive a few rules
that if there is only a
single owner for a value
that value can be destroyed
when the owner goes out of scope
because there are no ways to
reference that value anymore
similarly if a value
has only a single owner
that means that it is legal to mutate it
because no one can observe
the change to that value
and finally
if you have multiple owners
you need to have
something called Borrowing
which is, you still have a single owner
but other people can observe it
but it cant be changed during that time.
So let's talk about an analogy here,
if I've got a colouring book and a marker
and some friends
we can establish some rules
the colouring book and
the marker are my property
so they go with me wherever I go
if I leave no one else can
observe the book
or colour in it
however I am able to loan
the book to someone else
and that means they're
borrowing it from me
that also means that I can't colour
in it while they're borrowing it
because that's rude
so they can also choose to
lend it to people around them
but that means that if
anyone else is borrowing it
they need to give it back
to me before they leave
because it's my property
and only I can leave with it.
Additionally,
if I have the marker
I'm able to colour in the book
if I have the book
I can also give the marker to someone else
and that means they can colour
in the book if they have it
but that means that I'm
no longer able to colour
because there's only a single marker.
And finally,
if I want to leave but I dont actually
have the book in my posession
there's a problem, either I need to wait
until someone gives me the book back
or I need to actually give
it to someone else and say
"OK, it's not my property anymore,
...it's yours to deal with".
So Ownership in Rust.
If we have a type we call a ColouringBook
and it gives us a constructor
that returns a new instance
of a ColouringBook.
We can say OK,
here is a variable called a Book
which we will say
stores this ColouringBook value.
That means that we can now
call this Colour method
which will change the
Colouring Book in some way,
it'll colour in it.
That's fine, we can mutate it
because we only have a single owner.
So what happens if
someone borrows the Book?
We now have another variable
called Borrowed Book
and we use the ampersand
to show that we are borrowing the value
that's stored in this value called Book
- this variable called Book.
This is an Immutable Borrow.
That means that it is not possible
to mutate the original value anymore
because it's borrowed.
So we cannot colour in the book
while it's borrowed by someone else.
This follows our analogy.
The other thing however
is that if someone else is
borrowing the book,
they also cannot colour in it.
They don't have the marker.
In this case they only have
an Mutable Borrow
so they cannot mutate it.
So we can work around this
by using what's called a Mutable Borrow.
This says OK,
give me the book and
give me the marker
and then they have both those elements
necessary in order
to actually colour in it
and mutate it in this case.
So we have the ampersand
followed by the Mute keyword
and this means
give me a Mutable Borrow
to the value that follows.
However the thing to note here
is that we cannot use
the original variable
called Book
in order to mutate it while it's borrowed.
We cannot have two different
people colouring in it
because only one person
can colour at a time.
So let's go back to the
example we had before.
So we've got a Book value
we're allowed to colour in it
because there's no one borrowing it
then on the next line
we have an Immutable Borrow
and we're not allowed to colour
in the original one again
this is fine
it's borrowed
it can't be coloured in.
So let's fix this
this is where we talk about lifetimes
because remember how I said that
we can figure out
when a value is valid?
So this means that if we have a scope here
deliniated by
the curly braces
this means that inside the curly braces
anything that is unique inside there
no longer exists outside of them.
So if we create this Borrowed Book value
and we borrow from the Book value
we have a Mutable Borrow
and that's fine
we can then do something with this
that doesn't require mutating it
we can just look through the
Book, we can investigate it,
and that doesn't mutate it, that's fine.
And so previously calling Colour
on the original Book value
would've been an error
because it was borrowed
but now the borrow no longer exists
because it is only valid within
the scope of these braces.
This is how we can control
the scope of a Borrow.
So finally we can also transfer Ownership.
This is how we talk about giving
away the Book to someone else.
By default we can say OK,
we'll create a new variable called Book 2
and it will have the contents
of the Book variable
and we can now colour in Book 2.
That's fine, it's not a borrow
there's no ampersand there
we are giving control of the value
to another variable
and additionally
if you try to compile this
you'll note that
we can no longer interact
with the Book variable
because we transfered Ownership
it doesn't exist anymore
the compiler knows this and can say
"Nope, that is not safe
what you're trying to do".
And you'll note the link up here
actually goes to a playground
where you can play with the
Rust compiler in your browser
and there's a sample for this code
that you can experiment with there
already prepared for you.
So
we understand Borrowing
a little bit better now
especially with the analogy
but how does this
actually help in practice?
How does this address the two
cases we talked about before?
Using values after they're no longer valid
and writing code that works with
multiple threads at the same time.
So first
with Use-after-free problems
those happen in C++
because you'll have pointers in your code
but the pointers are not associated
with the value they're pointing to.
So you could delete
the memory that they're pointing to
but the pointers are still
pointing at that memory
and so if you aren't careful
you can end up using pointers
that are pointing to invalid memory.
So in Rust
the compiler is actually tracking this
so it doesn't let you write code
that has the potential
where pointers could point at
memory that no longer is valid
and that means that
you're always taking
borrowed pointers to values
where the compiler says
"OK. I know exactly how
long this value is valid for...
...because I know what the owner
is and therefore any pointers to it...
...must no longer exist before
the owner no longer exists"
and additionally
you can also
because the Rust compiler also
tracks outstanding Borrows
you can also say
"OK, we are guaranteed that
there's no way to mutate this...
...while anyone else is borrowing
and trying to look at the value"
and this addresses another case
where this can happen in C++
where you end up changing the value
like reallocating a pointer or something
while other things are trying to point to
memory that it was relying on
and as for parallel code
with multiple threads
the issue arises with Data Races
where you have multiple threads
that are sharing values and
they're also mutating them.
It's the same issue we
just talked about basically
where they're not
coordinated in figuring out
when it's safe to write to a value and
when it's safe to read from a value
because you might get intermediate values
when the write hasn't completed yet.
So Rust addresses this by forcing you
to either transfer ownership of values
that another thread needs to use
so that two threads cannot
share the same value
or
ensuring that any values that you
do share between the threads
abide by certain restrictions
that prevent invalid writes from happening
and invalid reads from happening
so that races can't happen
and it's impossible to write code that
is not actually thread safe.
So
how this actually applies
to what we're doing at Mozilla
is that we've got the Mozilla
Research organisation
and so part of them are working
on improving Rust the language.
However another part of them
are working on building a
brand new web browser
because Firefox is not enough.
This one's called Servo
and so we're building it
from the ground up
and the reason we're doing this is that
there are decisions that were made
design decisions for Firefox
that were made a decade ago
which are very difficult to
change at this point in time
it'd be a huge amount of work
to redesign parts of Firefox
we think could be better
but it's also difficult
to verify whether that would be
a worthwhile use of time
without actually doing it
so we compromise by creating
a brand new browser
where we can actually try out new ideas
and give ourselves a playground
to experiment with things
we could do better in Firefox
and if they work out great
we can then start transferring them
back into Firefox and integrate them
and additionally
this means that we can experiment
with letting out pages
doing that in parallel
rather than all other browsers today
which do them sequentially
and single-thread
we can do things
like experiment with the way
that we
redraw things to the screen
and do it more like a computer game
we can do things like change the way
that we're managing memory
for the parts of the web page
so that it's more integrated
with the garbage collection
that the Javascript code
ends up ineracting with
so all of this are things
that we're doing in Servo
and we're getting some great results
and some of them are already
being integrated back into Firefox.
So we're already shipping foot code today
in Firefox that's written in Rust.
For example we have parts
of our Media Stack where
we have code that's just responsible
for reading parts of video files
which has been a source of security
vulnerabilities in the past
and there's no reason
that should be the case
so we rewrite it in Rust
and we get safety by default.
So that's shipping in Firefox today.
We've also got a project called Oxidation
which is a list on the wiki
of all the pieces that
we're in the process
of writing in Rust in Firefox today
some of the most challenging ones
that I mentioned previously
the Rendering Engine
the Style System and Layout
those are being integrated
into Firefox today
as part of the Quantum Project
and so you can basically expect that
the amount of Rust code in Firefox
will increase over time
there's been a lot of really good
results panning out so far
especially for areas where
they shouldn't be security sensitive
that they need to be high performance
those could be great places
for integrating Rust code
because you've got those by default
so if you'd like to know more about Rust
and Mozilla
you can check out the Rust
Playground I mentioned earlier
that allows you to experiment
with writing Rust code
in your browser
we've got a nice introductory book
that covers everything you need
to know about the language
called The Rust Programming Language
which is accessible from the language
website and we've got IRC channels
which are designed for both beginners
who like to interact with other people
who really want to answer
your questions right there
as well as a huge community
in the Rust channel
who really adore asking
and answering questions.
That's all.
Thank you very much.
[Applause]
Any questions?
Yes
What would be a good way to
start contributing or participating?
There's a few ways
so if there are
let me see
if there are libraries that you
would like to use from Rust
that don't exist yet
writing either libraries
from scratch in Rust
to scratch that itch
very handy
publishing that for the community
or if there are libraries
written in C which already exist
which would give you functionality
but don't exist in Rust yet
then writing bindings in Rust
around a C library
is very useful
because that allows you to
build safer abstractions
on top of things that would
otherwise be potentially unsafe
but is really easy to
integrate with C code
which is one reason why it's working
out so well to integrate Rust in Firefox.
There's lots of other suggestions
on the Rust website
of ways to participate in
the Rust Community
if that's what you're asking.
Yes Lucy?
What are the most compelling
reasons for someone to learn
the language and potentially start
participating and contributing?
One thing I've heard
is that actually people
who don't already have what's called
systems programming experience
so a lot of experience
using C++ for example
one of the lower level languages
people coming from a web
development background
people writing a lot of
Javascript, Ruby, Python
what I've heard is that people
coming from those languages
are actually getting
their first experience
doing low level programming stuff
but in a way which is much less daunting
than C or C++
where they know that the
compiler has their back
in ways that the compilers
for C++, for example, don't
and it will tell you when
you're making mistakes
and it won't let you make those mistakes
which is pretty exciting.
There are two people who I know
who come from Ruby
Javascript backgrounds
who are now putting together
a series of tutorials
for teaching people how to do
kernel programming using Rust
with the intention that other
people are coming from those
high level backgrounds
and trying this out for the first time
so there's a lot of ways to experiment
with things that traditionally has been
rather unapproachable
for large segments of the
developer population.
Pretty compelling reason really
and even if you do have
experience doing C++
and lower level things like that
I find that not having to worry
about whole classes of problems
you can make
as a developer in those languages
makes a huge difference
it allows you to reason
about your code better
it allows you to be more
adventurous with your code.
(Inaudible audience discussion)
So the questions was
one of the things people have talked about
is that Rust should be able to make
the process of refactoring your code
easier, safer, generally less complicated
and less uncertain
and has there been talk of that
has there been evidence of that
and yes
there's actually a really great blog post
in the past couple weeks
of someone who was
refactoring their code
and the compiler kept pointing out
ways in which it would not be safe
to refactor it in that certain way
because it was shared between threads
like he would fix that thing
and it would go down the
rabbit hole a little bit further
and say "Oh now this isn't safe anymore".
and was this very compiler
guided refactoring session
which he wrote about
and documented top to bottom
and it's great, it seems to just
verify the premise
that this does prevent you
from making mistakes.
Alright let's call it there.
Thank you for attending everybody
[Applause]