Microsoft's Rust Experiments Are Going Well, But Some Features Are Missing (zdnet.com) 33
Microsoft gave a status update today on its experiments on using the Rust programming language instead of C and C++ to write Windows components. From a report: Microsoft began experimenting with Rust over the summer. The Redmond-based software giant said it was interested in Rust because, over the past decade, more than 70% of the security patches it shipped out fixed memory-related bugs, an issue that Rust was created to address.
[...] Today, almost four months later, we got the first feedback. "I've been tasked with an experimental rewrite of a low-level system component of the Windows codebase (sorry, we can't say which one yet)," said Adam Burch, Software Engineer at the Microsoft Hyper-V team, in a blog post today. "Though the project is not yet finished, I can say that my experience with Rust has been generally positive," Burch added. "In general, new components or existing components with clean interfaces will be the easiest to port to Rust," the Microsoft engineer said. However, not all things went smoothly. It would have been unrealistic if we expected they would. Burch cited the lack of safe transmutation, safe support for C style unions, fallible allocation, and a lack of support for at-scale unit testing, needed for Microsoft's sprawling code-testing infrastructure.
[...] Today, almost four months later, we got the first feedback. "I've been tasked with an experimental rewrite of a low-level system component of the Windows codebase (sorry, we can't say which one yet)," said Adam Burch, Software Engineer at the Microsoft Hyper-V team, in a blog post today. "Though the project is not yet finished, I can say that my experience with Rust has been generally positive," Burch added. "In general, new components or existing components with clean interfaces will be the easiest to port to Rust," the Microsoft engineer said. However, not all things went smoothly. It would have been unrealistic if we expected they would. Burch cited the lack of safe transmutation, safe support for C style unions, fallible allocation, and a lack of support for at-scale unit testing, needed for Microsoft's sprawling code-testing infrastructure.
Re: (Score:3)
Look in the mirror (Score:4, Funny)
If you'd like see Microsoft's code tester, look in the mirror.
Re: (Score:2)
Exactly!
Re: (Score:2)
Not sure if 'troll' is correct there, as much of it is valid, perhaps off-topic would be a better classification. It is somewhat contradiction. This is posted as 'Anonymous', yet the copy-pasta seems to point towards services that require some form of accountability.
Re: (Score:2)
New Rust belt (Score:4, Funny)
Features missing from what? (Score:4, Insightful)
Burch cited the lack of safe transmutation, safe support for C style unions, fallible allocation
Rust is missing these things compared to what? I didn't know any of that was "safe" in C or C++ in the first place.
Re: (Score:2)
How do you make a UNION safe anyway? I guess you can do bounds checks like anything else but beyond that? I guess you could add a field or something to track which member was last used to write on the instance and error if someone tries to read a different member? Seems like a lot of complexity
Re: (Score:2)
C safe (Score:2)
In C, a union is "safe" meaning that the way to access it is defined in advance,
It's a fixed memory location (the union) which can be accessed as the exhaustive list of types which is set in advance (the member types listed in the union).
It would be unlikely to accidentally access the wrong memory section or as an unexpected type.
The "unsafe" C version would be using pointer math.
The memory location being accessed with some generic pointer (say: void* ptr;) and using pointer cast to access it as other type
Re: (Score:2)
Perhaps that's all that is necessary. Rust has stupidly powerful enums which are good as unions at runtime.
Rust also has some limited safe transmutation functions, e.g to turn numbers in and out of endian formats. But if you're transmuting some random b
Re: (Score:3)
C++ has std::variant [cppreference.com] which is a safe union. It remembers what kind of data it has and won't let you access the wrong one.
For example:
#include <variant>
int main() // v now contains an int // no problem // throws error, v contains an int
{
std::variant<int, float> v;
v = 12;
int value = std::get<int>(v);
float value2 = std::get<float>(v);
}
Re: (Score:3)
Re: (Score:2)
I hope you misspelled "C++" because people using "C" is the main cause of all those "memory-related bugs".
Re: (Score:2)
A big deal of 'C++ programmers' still think you should only use a subset of the language, e.g. no templates, it is pretty difficult to write quality code without using STL or boost.
Re: (Score:2)
> A big deal of 'C++ programmers' still think you should only use a subset of the language,
When even a C++ committee member admits he writes in a sub-set of C++ himself [youtu.be] then the language itself is bloated.
Gee, maybe if iostream performance wasn't crap [youtu.be] then maybe, just maybe, people could actually trust the FULL language.
Worse, we have stupid shit like this -- N3888: 2D Graphics Rendering API proposal [open-std.org] -- by people who don't know how to fucking use existing APIs so they feel the need to add even MORE crap
Re: (Score:3)
What has a CRC to do with using STL or boost?
No idea why you think iostreams are slow ... they are faster than the C equivalent ...
And no one forces you to use them.
Yes, C++ is a bit bloated meanwhile (and an API is an API and not part of the language, stupid argument with your graphics thin), no one doubts that.
But having the policy to only use a (small?) subset of the language makes you never fully grasp it and you never will get e.g. the orthogonal synergy effects of multiple inheritance and templates.
Wh
Re: (Score:2)
Re: (Score:2)
I think MS care about Rust as one of their business areas is sale of Hyper-V services. Often running Linux ([1]>50% of the VMs in Azure are Linux).
Since MS care about Linux (half that revenue stream uses it), then they should care about Rust as it is a safe systems language. MS only care about things when it affects their business. They didn't care about Android until they wanted to get their service clients (MS Authenticator, Outlook, Teams, etc) to run on the majority of devices. Of course, they should
Cool and Exciting (Score:3)
Really interesting read. I never knew about these considerations needed for coding in those different languages.
I really like the Microsoft of the 2019s. It's matured quite a bit from a bombastic 90s demon to a surprisingly mature and yet innovative IBM like entity.
What about their toilets? (Score:2)
I enjoy hearing about every random thing Microsoft does, but wonder what they're doing to modernize the shitter. I look forward to hearing their experiences with different models, and the blow by blow of breaking in a new one on particularly trying projects like "Bad Burrito Night".
Re: (Score:2)
You're probably joking, but the Gates Foundation invests a lot of money in sanitation, including toilets, as part of the work to get clean water and eradicate waterborne diseases like cholera.
Re: (Score:2)
Don't know about you guys but I'm buying one of those $300 Toto systems that fit on a regular toilet. It's the good one with heated water and will go in my basement bathroom.
Obsession with using C-likes. (Score:1)
The only ones who think C-likes are superior, are those who never truly looked into anything more advanced.
Which unfortunately, is the majority of grunts out there.
Patching it up left and right, with tricks and grafting features onto it, will only result in either a Windows ME situation, or one of those advanced languages (like Haskell) that they shunned. Because guess what: That is that advanced part they were designed for! You're re-inventing the wheel. Badly. And with a butt-ugly syntax.
Re: (Score:2)
Oh, you mean the world of programming grunts has refused to see better alternatives because they were too alternative? One doesn't turn an aircraft carrier around on a dime. And the syntax isn't any more butt-ugly that C's, hell it even copied most of C's.
Re: (Score:3)
Rust isn't patched up C. The syntax has some C-like aspects for blocks and comments which makes it more familiar to people who may have used other languages like C, C++, JavaScript, Java, Swift, Go etc. That is a good thing.
The language itself isn't C although it is a compiled language with similar runtime characteristics.
So it's like everything else? (Score:2)
"In general" indeed! Just take out the part that specifically mentions porting to Rust, and it turns out these guys' project is exactly the same as everyone else's.
Rust was originally designed by .. (Score:1)
Brendan Eich formally of Mozilla before he was cancelled by the social justice fanatics.