Meet the Rustaceans: Hasnain Lakhani
This article was written in collaboration with Hasnain Lakhani, a software engineer at Facebook.
For today’s interview we have Hasnain Lakhani, software engineer in the product safety team at Facebook. In particular, Hasnain’s team is working on dynamic analysis by building a large-scale fuzzing infrastructure and tools. While working on this team, Hasnain used Rust as one of the main development languages. Most of his work these days focuses on finding security and reliability bugs in C / C ++ / Rust / Go code used on Facebook. Let’s hear from him about his experience with Rust and learn more about his work.
In what capacity did you use Rust?
Together with a few other engineers in my team, I run a fuzzing planner service. This service is the “brain” of our larger system: it’s responsible for distributing work across a large fleet of machines and ensuring that all of our fuzzing-specific business logic works correctly. We recently migrated this service from Python to Rust. I started designing the service and worked with my teammates to refine the design, write the code, and deploy it. Nowadays I spend about 30% of my time in Rust, the rest I spend with our C ++ / Python / Hack codebases and wish they were in Rust too!
Why did your team on Facebook choose to use Rust over other languages?
Our service had to be revised because the old system was over 2 years old and could not be expanded to include the new use cases that we had to build. After agreeing that a revision was needed, the first question we faced was the choice of language. We quickly ruled out Python because our existing Python service faced significant scaling challenges despite major investments in optimizing it. That left C ++ or Rust as our options. Since not everyone on the team was familiar with the intricacies of C ++, there was a fear that we would be stuck debugging tricky memory corruption or race condition bugs in a multithreaded service. instead of spending our time creating value for our users.
I had already used Rust on some personal projects and some side projects at work, and wanted to use more of them for work. After discussing the memory security benefits, performance benefits, and guarantees of correctness of writing multithreaded asynchronous code; We felt that Rust would allow us to deliver bug-free code faster. The rest of the team had been curious to meet Rust for a while, and this opportunity was too good to pass up!
What projects have you been working on on Facebook that use Rust?
- My team’s organizer service.
- CLI tools for running large fuzzing experiments in the scheduler service.
- An internal tool for analyzing network configurations for security risks.
- I’ve made a few fixes here and there to popular Rust libraries and tools on Facebook; including writing Rust clients for some services that my team needed.
What do you think of Rust’s growth path on Facebook?
I’ve been really passionate about Rust over the past few years and the development looks bigger than ever. When we wrote the first scheduler service a few years ago, we actually decided * against * Rust because there wasn’t enough integration with Facebook’s internal libraries and tools. With many of the basics in place, it’s really easy to set up a service in Rust and focus on your business logic rather than integrating with missing libraries. And in case you still need to add integrations, tools like cxx can do it in a matter of hours! When people ask me about the language selection for new code, I now tend to Rust by default.
What is the value of Facebook for Rust?
Facebook contributes many libraries and tools that make writing Rust easier.
I think cxx is a game changer: one of the main blocks I saw to the introduction of Rust was the desire to work with a large amount of existing code. With cxx, the integration of Rust and C ++ code takes a few hours at the most, even with complex libraries, and the result is ergonomic and safe to use in both languages. I think this is going to be very important as people try to incrementally migrate code to Rust, and it’s a great way to migrate security critical pieces of code to Rust within a larger code base. I’ve used cxx in all sorts of directions (Rust calling C ++, C ++ calling Rust, and one case C ++ calling Rust calling back in C ++). It was all great!
Facebook also maintains a library of boxes that are generally useful and used in all of our projects. We use a lot of these in my team’s production service, especially the SQL crate for all of our storage needs.
How do you think Rust will grow as a language in 2021?
A few years ago I felt like the weird one on my team / peer group of engineering friends when I was learning Rust, and resources felt tight. These days I hear more and more stories and blog posts from companies that use Rust. Even more exciting, when I talk to people about Rust, they have heard of the language many times and know why it’s great, and are excited to learn more about it!
Some people who have used Rust really like it. Why do you think that is the case and what is your favorite feature of Rust?
When I first started learning Rust, I was thrilled with the promise to write code that was more free from security issues like memory corruption errors, while also performing well.
I didn’t expect to become a Rust advocate because I’m much more productive when writing Rust! Speaking to a teammate, I heard how the tools and libraries made it very easy to get started and get quick feedback (rustc’s error messages are the best in their class). Language functions such as the loan check and the pattern comparison with enumerations reduced the mental burden when creating and checking code. This was also in line with my experience: the compiler is like a free engineer who is always available for pair programming and makes sure that I don’t add any bugs!
Rust has given me a new way of thinking about designing code – finding a bug and then changing the code so that similar bugs become bugs at compile time is mind-boggling – as discussed in detail here and here.
Where can people learn more about Rust and how can they start contributing to it?
When I first started learning Rust, I spent a lot of time going through the Rust Canonical Language Book and the exercises in it to learn by example. I still reach for the Rust Cookbook when doing general Rust tasks, and it really comes in handy. I would recommend trying porting an existing project to Rust and writing it in idiomatic Rust to really learn the language.
I subscribe to the This Week in Rust newsletter to keep my knowledge up to date.
We would like to thank Hasnain for taking the time for this interview. It was very interesting to see how Rust is used as the primary language for building fuzzing infrastructure and tools, and how we learn from all the things we build here and contribute to the Rust community. We hope you found this interview helpful and it gave you some insight into how and where Rust is used on Facebook. Follow Hasnain on Twitter at @mhlakhani.
Check out our previous blogs from the Meet the Rustaceans series:
Meet the Rustaceans: Chris Konstad
Meet the Rustaceans: Pedro Rittner
Meet the Rustaceans: Neil Mitchell
Meet the Rustaceans: Daniel Xu
Meet the Rustaceen: Eric Kuecks
Meet the Rustaceans: Gus Wynn
Meet the Rustaceans: Brendon Daugherty
About the Meet the Rustaceans series
Rust has consistently been rated the “Most Popular” Language for the past 5 years and we at Facebook believe Rust is a standout language that shines on critical issues like storage security, performance and reliability and is widely used across a wide range of projects here. We have joined the Rust Foundation to help improve and grow Rust, which not only strengthens our commitment to the Rust language, but also to the sustainable development of open source technologies and developer communities around the world.
This blog is part of our Meet the Rustaceans series where we invite engineers and developers who use Rust regularly to share their experiences and tell us about the amazing products they are building with Rust here on Facebook. Keep an eye out for more interview blogs where we meet many more engineers and hear their thoughts on the subject.
To learn more about Facebook Open Source, visit our open source site, subscribe to our YouTube channel, or follow us on Twitter and Facebook.
Interested in working in the infrastructure department on Facebook? View our job postings on our infrastructure career page here.