Comment by silotis
8 months ago
It's a good point in general, but in this case it's not clear if the cost of re-writing the existing codebase is less than the cost of staying with a memory-unsafe language.
We know from past experience that it takes an extreme amount of time and effort to harden a browser written in C++ against malicious web content. The Ladybird codebase is not particularly "old" in any sense of the word. Judging by Github's stats most of the code is less than 4 years old and it is still a long ways from being ready for general use. I think it's safe to say Ladybird still has a vast amount of work to be done fixing vulnerabilities that arise from lack of memory safety.
I find it quite plausible that the cost of re-writing the existing code in Rust is less than the cost of fixing all of the current and future bugs in the C++ codebase that Rust would catch at compile time.
That is the sneaky thing about rewrites. The "Ship of Theseus" rewrite is reasonably safe based on the article and what I could find of people sharing their experiences with rewrites. Fix what needs fixing, but swap in the newer better language/framework/whatever a piece at a time. It works!
People get in trouble when they decide to rewrite the whole thing. You might be right in this case, but I'm sure every person who began a doomed rewrite project felt the the benefits outweighed the risks.
Viewed in the rear view mirror of history, the Netscape rewrite was a good thing in a technical sense. As far as I understand it gave us the foundation for Firefox and the Gecko engine. It was just bad business in context because it let other browsers run laps around it while the rewrite proceeded. It let IE get a foothold that didn't shake for many years until Netscape became Firefox.
Rewriting the new browser in Rust would probably be similar from a technical POV. But from a business standpoint, we seem to be at an inflection point where a new browser might be able to enter in the cracks of discontent over sketchy AI features in Edge and the slow-boiling attempts to break ad blocking in Chrome. If they divert resources now to a rewrite, they could miss this opportunity to do to Chrome what Firefox did to IE.
It sounds like the plan is a Ship of Theseus rewrite anyway, so they'll get there in time without the risk of distraction.