[p-e-w]

It’s indeed rapidly progressing feature-wise, but I have yet to see an explanation for how they intend to manage security once market adoption happens.

Ladybird is written in C++, which is memory-unsafe by default (unlike Rust, which is memory-safe by default). Firefox and Chrome also use C++, and each of them has 3-4 critical vulnerabilities related to memory safety per year, despite the massive resources Mozilla and Google have invested in security. I don’t understand how the Ladybird team could possibly hope to secure a C++ browser engine, given that even engineering giants have consistently failed to do so.

[jsheard]

> Firefox and Chrome also use C++, and each of them has 3-4 critical vulnerabilities related to memory safety per year, despite the massive resources Mozilla and Google have invested in security.

And part of Firefox/Chromes security effort has been to use memory safe languages in critical sections like file format decoders. They're far too deeply invested in C++ to move away entirely in our lifetimes, but they are taking advantage of other languages where they feasibly can, so to write a new browser in pure C++ is a regression from what the big players are already doing.

[torginus]

I just checked out Servo, and like all browsers it has a VERY large footprint of dependencies (notably GStreamer/GOject, libpng/jpeg, PCRE). Considering browsers have quite the decent process isolation (the whole browser process vs heavily sandboxed renderer processes), I wonder how tangible the Rust advantage turns out to be.

[p-e-w]

Browsers have had sandboxing for well over a decade, and the 3-4 catastrophic vulnerabilities per year happen in spite of that.

And most of them are in the browser code itself, not in dependencies. By far the biggest offender tends to be the JavaScript engine.

[torginus]

Are you sure?

I just looked at the top CVEs for chrome in 2025. There are 5 which allow excaping the sandbox, and the top ones seem to be V8 bugs where the JIT is coaxed into generating exploitable code. One seems to be a genuine use-after-free.

So I can echo what you wrote about the JS engine being most exploitable, but how is Rust supposed to help with generating memory-safe JITed code?

[p-e-w]

Like this: https://github.com/nbp/holyjit

[binary132]

Ladybird is going to use Swift.

[DanOpcode]

I know they have said that. But it feels a bit strange to me to continue to develop in C++ then, if they eventually will have to rewrite everything in Swift. Wouldn't it be better to switch language sooner rather than later in that case?

Or maybe it doesn't have to take so much time to do a rewrite if an AI does it. But then I also wonder why not do it now, rather than wait.

[quux]

That is the plan, but they are stalled on that effort by difficulties getting Swift's memory model (reference counting) to play nice with Ladybird's (garbage collection)

I think there was some work with the Swift team at Apple to fix this but there haven't been any updates in months

[binary132]

I would love it if you would provide a reference I could go look at

[quux]

There's a few threads about this in the Swift forums, here's a couple:

https://forums.swift.org/t/ladybird-browser-and-swift-garbag...

https://forums.swift.org/t/ladybird-browser-event-loop-integ...

https://forums.swift.org/t/ladybird-gc-and-imported-class-hi...

[binary132]

Thank you! I look forward to perusing these.

[boxed]

That is very good news!

I've used Swift a bunch for hobby projects, and the two things that suck about it are:

1. XCode

2. Compile times

I would assume if you're coming from C++ or Rust the compile time issues aren't really something you notice anyway :P

[quux]

You don't strictly have to use Xcode to use swift, there's a good LSP for use in other editors.

That said, if you're using Swift to build an app, you're probably still going to want to use Xcode for building and debugging

[boxed]

Yea, I'm building iOS apps mostly, and some macOS apps, so definitely need to use XCode :/

[quux]

I have a nice workflow going for the iOS apps I work on where I use neovim for all my editing, and Xcode for building and debugging.

[torginus]

If I remember correctly, the guy behind it used to work at Apple, maybe that has to do something with it?

[binary132]

perhaps they do not think Rust is the best option for Ladybird

[p-e-w]

I know that that’s the plan, but I believe it when I see it. Mozilla invented entire language features for Rust based on Servo’s needs. It’s doubtful whether a language like Swift, which is used mostly for high-level UI code, has what it takes to serve as the foundation of a browser engine.

[no_wizard]

Swifts most notable use case is certainly making apps but if I recall correctly Apple has converted a good bit of their networking code to Swift.

It may not be the lowest of the low level but it certainly is more flexible than meets the eye

[binary132]

what technical demerits specifically make Swift a doubtfully viable option for a browser?