All Android processes are sandboxed and we follow the Rule of 2 to decide if functionality necessitates additional isolation and deprivileging. This safety is achieved while providing equivalent performance to C and C++.Ĭ and C++ languages don’t provide these same safety guarantees and require robust isolation. Rust provides memory safety guarantees by using a combination of compile-time checks to enforce object lifetime/ownership and runtime checks to ensure that memory accesses are valid. Unfortunately, it's easy to make mistakes when doing this, especially in complex and multithreaded codebases. They are light on resources and have more predictable performance characteristics.įor C and C++, the developer is responsible for managing memory lifetime. They provide access to low level system resources and hardware. These languages are designed with control and predictability as goals. Lower levels of the OS require systems programming languages like C, C++, and Rust. Unfortunately, for the lower layers of the OS, Java and Kotlin are not an option. The Android OS uses Java extensively, effectively protecting large portions of the Android platform from memory bugs. The Android Runtime (ART) manages memory on behalf of the developer. These languages are designed for ease of use, portability, and safety.
Managed languages like Java and Kotlin are the best option for Android app development. In addition to memory-safe languages like Kotlin and Java, we’re excited to announce that the Android Open Source Project (AOSP) now supports the Rust programming language for developing the OS itself. Memory-safe languages are the most cost-effective means for preventing memory bugs. In addition to ongoing and upcoming efforts to improve detection of memory bugs, we are ramping up efforts to prevent them in the first place. Yet in spite of these efforts, memory safety bugs continue to be a top contributor of stability issues, and consistently represent ~ 70% of Android’s high severity security vulnerabilities. We invest a great deal of effort and resources into detecting, fixing, and mitigating this class of bugs, and these efforts are effective in preventing a large number of bugs from making it into Android releases. Memory safety bugs in C and C++ continue to be the most-difficult-to-address source of incorrectness.
Posted by Jeff Vander Stoep and Stephen Hines, Android TeamĬorrectness of code in the Android platform is a top priority for the security, stability, and quality of each Android release.
0 kommentar(er)
