Open Source Security, Inc. has announced new funding for the GCC front-end for Rust project. The funding will go towards full-time and public development efforts.
GCC front-end for Rust is an open-source project designed to provide an alternative Rust compiler for GCC. “The origin of this project was a community effort several years ago where Rust was still at version 0.9; the language was subject to so much change that it became difficult for a community effort to play catch up. Now that the language is stable, it is an excellent time to create alternative compilers. The developers of the project are keen “Rustaceans” with a desire to give back to the Rust community and to learn what GCC is capable of when it comes to a modern language,” the team wrote on its GitHub page.
Open Source Security, Inc. aims to address underfunded and understaffed attention to security in Linux. While the organization doesn’t expect Rust code to be included in the Linux kernel in the near future, it saw a security issue with a mixed Assembly/C/Rust execution environment as well as mixing different compilers with different implementations. “As the source of the GCC plugin infrastructure in the Linux kernel and nearly all of the GCC plugins adapted for inclusion in the upstream Linux kernel, we too immediately spotted the importance of this problem and set out to ensure both those plugins as well as the security features built-in to GCC itself are able to instrument code from all languages supported by the Linux kernel with compatible and consistent security properties,” Brad Spengler, president of Open Source Security, Inc., wrote in a post.
As part of its efforts, Open Source Security Inc. brought on developer Philip Herron to work on the project full time with the help of Embecosm, a UK-based company involved with GCC/LLVM development. Embecosm is providing Herron’s employment as well as project management services for the project.
“The project has attracted multiple contributors on GitHub over its time being purely community driven and we want to continue to create an inclusive environment to welcome everyone to learn and create their own mark on the compiler. This can be achieved by creating clear documentation on getting up and running and readable code and a clean review process. Leveraging docker we can automate publishing prebuilt images of the compiler allowing people to test the compiler without requiring a development environment for the compiler, such that people can report feedback easily into the GitHub issue system,” Herron wrote in a post.
Open Source Security, Inc. also stated as part of their efforts to help the project remain vendor-neutral, it will not own any copyright code developed through its funding. All code will be GPLv3-licensed and copyright will be assigned to the Free Software Foundation.