2017-04-01 07:58:41 UTC
bugs / roadmap points which depend on our rust-build-system working.
tor will not switch immediately, but it shows the importance of having a
working rust-build-system. Firefox will switch at some point.
Danny, could you list what's left for completion? Is it just circular
dependencies? I'm about to publish my project page within the next few
days. I hope you don't mind if I list you as a go-to person for getting
involved in upstream (Guix) to fix up the rust-build-system.
If you do mind, please let me know. I will not publish your email
address, I'll rather point to a git commit.
----- Forwarded message from Sebastian Hahn -----
From: Sebastian Hahn
Subject: [tor-dev] Tor in a safer language: Network team update from Amsterdam
Hi there tor-dev,
as an update to those who didn't have the chance to meet with us in
Amsterdam or those who haven't followed the efforts to rely on C less,
here's what happened at the "let's not fight about Go versus Rust, but
talk about how to migrate Tor to a safer language" session and what
Notes from session:
We didn't fight about Rust or Go or modern C++. Instead, we focused on
identifying goals for migrating Tor to a memory-safe language, and how
to get there. With that frame of reference, Rust emerged as a extremely
strong candidate for the incremental improvement style that we
considered necessary. We were strongly advised to not use cgo, by people
who have used it extensively.
As there are clearly a lot of unknowns with this endeavor, and a lot
that we will learn/come up against along the way, we feel that Rust is a
compelling option to start with, with the caveat that we will first
experiment, learn from the experience, and then build on what we learn.
You can also check out the session notes on the wiki (submitted, but not
The real fun part started after the session. We got together to actually
make a plan for an experiment and to give Rust a serious chance. We
quickly got a few trivial things working like statically linking Rust
into Tor, integrating with the build system to call out to cargo for the
Rust build, and using Tor's allocator from Rust.
We're planning to write up a blog post summarizing our experiences so
far while hopefully poking the Rust developers to prioritize the missing
features so we can stop using nightly Rust soon (~months, instead of
We want to have a patch merged into tor soon so you can all play with
your dev setup to help identify any challenges. We want to stress that
this is an optional experiment for now, we would love feedback but
nobody is paid to work on this and nobody is expected to spend more
time than they have sitting around.
We have committed to reviewing any patch that includes any Rust code to
provide feedback, get experience to develop a style, and actually make
use of this experiment. This means we're not ready to take on big
patches that add lots of tricky stuff quite now, we want to take it slow
and learn from this.
We would like to do a session at the next dev meeting to give updates on
this effort, but in the meantime, if team members would like to start
learning Rust and helping us identify/implement small and well-isolated
areas to begin migration, or new pieces of functionality that we can
build immediately in Rust, that would be really great.
So, for a TLDR:
What has already been done:
- Rust in Tor build
- Putting together environment setup instructions and a (very small)
initial draft for coding standards
- Initial work to identify good candidates for migration (not tightly
What we think are next steps:
- Define conventions for the API boundary between Rust and C
- Add a non-trivial Rust API and deploy with a flag to optionally use
(to test support with a safe fallback)
- Learn from similar projects
- Add automated tooling for Rust, such as linting and testing
Alex, Chelsea, Sebastian
: Will be visible here https://trac.torproject.org/projects/tor/wiki/org/meetings/2017Amsterdam/Notes
tor-dev mailing list
----- End forwarded message -----