Microsoft is Creating a New Rust-Based Programming Language For Secure Coding

Under Project Verona, Microsoft is working to make Windows 10 more secure by integrating Mozilla-developed Rust for low-level Windows components. "'Memory safety' is the term for coding frameworks that help protect memory space from being abused by malware," reports ZDNet. "Project Verona at Microsoft is meant to progress the company's work here to close off this attack vector." From the report: Microsoft's Project Verona could turn out to be just an experiment that leads nowhere, but the company has progressed far enough to have detailed some of its ideas through the UK-based non-profit Knowledge Transfer Network. Matthew Parkinson, a Microsoft researcher from the Cambridge Computer Lab in the UK who's dedicated to "investigating memory management for managed programming languages," gave a talk last week focusing on what the company is doing to address these memory issues.

In the talk, Parkinson discussed the work Microsoft has done with MemGC, which is short for Memory Garbage Collector, for Internet Explorer (IE) and Edge. MemGC addressed vulnerabilities in the standard browser feature known as a Document Object Model (DOM), a representation of the data used by browsers to interpret web pages. Google's elite Project Zero hackers were impressed with Microsoft's MemGC after canvassing major browsers. [...] The other class of bugs Microsoft is working on to address relates to uninitialized memory in a way that also doesn't kill performance. [...] Parkinson said Microsoft is rewriting some "targeted" components in Rust. His talk focused on language design and compartmentalization. "If we want compartments, and to carve up the legacy bits of our code so [attackers'] exploit code can't get out, what do we need in the language design that can help with that?" This is Project Verona and Parkinson said it was the first time he'd discussed the project, which will be made open source "soon". It is a new language for what Microsoft is calling "safe infrastructure programming." "The challenge for Microsoft is dealing with the 'application spectrum,' which spans from C# for desktop apps through to C and C# for Exchange, ASP.NET, Azure, and device drivers, to deep Windows components like memory management and boot loaders and the Windows kernel hardware abstraction layer (HAL)," the report says.

"The ownership model in Verona is based on groups of objects, not like in Rust where it's based on a single object," said Parkinson. "In C++ you get pointers and it's based on objects and it's pretty much per object. But that isn't how I think about data and grammar. I think about a data structure as a collection of objects. And that collection of objects as a lifetime. So by taking ownership at the level of ownership of objects, then we get much closer to the level of abstraction that people are using and it gives us the ability to build data structures without going outside of safety."

Isn't Windows rusty enough?

[Way Smarter Than You]

*RIM SHOT!* I'm here every night, folks! Don't forget to fill the tip jar on your way out!

Re:

[AHuxley]

Could go full Ada?

Never go full Ada.

[BAReFO0t]

Coq Alt-Ergo!
Coq Alt-Ergo!
(Let's see if anyone gets this...)

Re:

[AHuxley]

Worked well for France..

Re:

[jfdavis668]

Don't handle all exceptions, then turn off automatic exception handling...37 sec...Boom!

Re:

[msauve]

Anytime there's news like "Microsoft is Creating a New X-based Y", it's simply another example of E3 [wikipedia.org].

Re:

[gweihir]

Indeed. Good to know that Rust is dead!

Re:

[Gadget_Guy]

Anytime there's news like "Microsoft is Creating a New X-based Y", it's simply another example of E3.

That's total BS. This is being implemented under a different name and is going to be released as open source. Exactly how does this lead to them extinguishing anything?

And furthermore, if this sort of news is always just an example of E3, give us some examples of something that Microsoft has actually embraced, extended and successfully extinguished. I guess you could say that they weren't successful with Java because Sun sued them, but that still is an example from 20 years ago. Is there anything more recen

Re:

[Sun]

I'm not arguing against the "20 years" argument, but Microsoft was successful in extinguishing both Javascript and Netscape (and Internet browsers at large).

It took Netscape open-sourcing its main product + many many years of dedicated work for Firefox to rise to the point it became a viable alternative. Microsoft could call it anything other than "great success".

The same goes with Javascript. For years, people couldn't tell "Javascript" and "Internet explorer's strange variant of Javascript" apart.

They will "add" to rust

[ClueHammer]

And introduce insecurity... It is the Microsoft way!

Re:

[AHuxley]

2X the code of conduct. 4X the SJW reviews.

You misspelled "incompatibility".

[BAReFO0t]

Although the demons, err I mean services, at MS are probably like "Why not both?".

Hmmm...

[wb8wsf]

The concept of Microsoft creating something secure is I think, akin to a Fox lawyer creating civil liberties
guarantees to the residents of a hen house.

We shall see.

Re:Hmmm...

[Tough Love]

The concept of Microsoft creating something secure is I think, akin to a Fox lawyer creating civil liberties
guarantees to the residents of a hen house.

We shall see.

Just the fact that Microsoft is sinking resources into it is a big, flashing neon sign that Rust is much more than your run of the mill curly language of the week, it actually brings some new and important to the tech party. They must have gone through quite some evaluation phase before authorizing some nerds to earn their paychecks trying to make it better.

Re:

[gtall]

No, it is MS trying to cash in on the security craze they helped create with dodgy products. Yes, what the world definitely needs is yet another goddamn programming language.

Re:Hmmm...

[Tom]

Rust isn't yet another programming language. It has interesting concepts that solve several serious security liabilities that other programming languages introduced. And unlike a few other attempts, it is also fast, making it a potential competitor to C++ and C for low-level programming.

It's not there yet, a lot of the parts are still missing or in early development, but I know close to 20 programming languages and Rust is not just another one, it genuinely has a few new and different approaches.

Re:

[gweihir]

Rust is yet another programming language. It comes with (as any hyped thing) fans that claim differently, but as always, these claims are not true. And a "few new and different approaches" are basically what is needed for yet another programming language to get noticed at all.

Re:

[Tom]

Just that most of the time, what the new fancy language does different is just shuffling things around, naming them in a different way and messing with the syntax.

Rust actually does things differently under the hood, and that's not so common. Its approach to memory handling, for example.

Re:

[gweihir]

Not that special either. Sure, Rust is a moderately interesting yet-another-language, but that neither assures success nor does it merit more than passing attention. There are run-of-the-mill yet-another-languages that are not even worth a glance.

Re:

[ThosLives]

I still think Rust would've been better off had it not been named after a form of industrial decay.

Naming things is important!

Re:

[Tough Love]

Right you are, Rust really needs a much more awesome name! Like Git! Oh wait.

Re: Hmmm...

[ArmoredDragon]

Git the fuck outta here

Re:

[Afell001]

You are right...people are too lazy to understand proper coding.

You are also (inherently) right that you are smarter than other people because you get it and never make stupid mistakes.

Not everyone operates on your level, though.

In fact, most people operate somewhere below that.

And it's not as if Rust is any easier to grok than C or C++.

In some ways, understanding the borrowing concept is just about as hard as the locks, garbage collection and other mechanisms put in place in other languages and enviro

Re:

[ichimunki]

The problem I have with Rust is that while it may solve some very important problems from a technical perspective it solves absolutely nothing from the human perspective. Even the abomination formerly known as JavaScript doesn't require me to type irrelevant semicolons at the end of every statement. When people are concocting these new wonder-languages do they ever stop to look for ways to make the syntax more expressive and readable? Or are the people involved so brain-fried from programming in C++ that an

Re:

[ichimunki]

So I was spouting off without having seen enough Rust to really know what I was talking about... so I looked at it some more. It is actually WORSE than I thought. Not only do you have to type the semicolon to end a statement, but if you want to return the value of an expression at the end of a function, then you have to leave the semicolon OFF because otherwise your expression turns into a statement that returns an empty tuple? And of course, in the line declaring the function the return type is buried in b

Re:

[Tough Love]

if you want to return the value of an expression at the end of a function, then you have to leave the semicolon OFF

Actually, I like that. Have you ever used a GCC statement expressions? Useful, but yuck.

Re:

[Phillip2]

I think you didn't read enough, as both of these are wrong.

Rust does indeed use semi-colons at the end of the line to distinguish between a statement and an expression. I thought this was pretty odd at first, but it actually works quite naturalistically. For instance, it's not uncommon to have a function which consists of a single match expression, and all of the arms of the match expression are single line expressions also. Consider this example:

https://doc.rust-lang.org/src/... [rust-lang.org]

Rust also has code blocks, a

Re:

[Tom]

Someone literally wrote a long explanation of that seven years ago:

http://lucumr.pocoo.org/2012/1... [pocoo.org]

Re:

[Tough Love]

it's not as if Rust is any easier to grok than C or C++

After all these years I still have trouble declaring arrays of functions, let alone recalling where the #'s go in a macro string expansion. How about you?

Re:

[Tom]

Neither of those are low level, by any means. ASM is low level. If you know almost 20 languages, you should've known that from the get-go.

None of the kernels in any popular operating system are written in assembler. C is widely considered a low-level language despite your personal feelings.

I can write secure C code, on my own.

You probably can. But 90% of the students in my class couldn't avoid simple buffer overflows and didn't include proper or only incomplete input validation. The tens of thousands of similar problems in commercial software are clear proof that this isn't limited to students.

Rust's approach of allowing unsafe code, but only when you explicitly enable it, and b

Re:

[drinkypoo]

I take it rather as a sign of Microsoft's continuing decline. They keep switching languages and APIs these days, a big part of their original popularity was their continuity. Too many changes is much of what killed wince.

Re: Hmmm...

[reanjr]

They're trying a shotgun approach to get behind a popular language they can control, so they can attract developers to Windows. They don't know which one will break out, so they're seeing what will stick. TypeScript is the same thing. When MS saw what poor support Node.js had on Windows, they became scared they would lose the JS devs to Linux/Mac. They don't want to be left out. And they definitely don't want CS grads all working on languages which treat Windows as a second class citizen.

Re:

[Tough Love]

I take it rather as a sign of Microsoft's continuing decline. They keep switching languages and APIs these days

Next stop is Linux on the desktop!

As I always said...

[BAReFO0t]

MS has some great researchers and engineers.

It's just that their management and corporate culture is the spawn of Satan.

EEE

[Forty Two Tenfold]

Microsoft: Look, there's this good programming language that seems to facilitate making stable and secure software. Let's see if we can bastardize it like we did with Java and later with C#.

Re:

[Gravis Zero]

Whoa there. Let's not go crazy. Rust may qualify as being neat but it's not "good". The jarring syntax and toxic community are really Rust's primary problems.

Re:

[Anonymous Coward]

... and toxic community are really Rust's primary problems.

Bastard

Insert Microsoft FUD © ..

[notdecnet]

Gravis Zero [slashdot.org]: ‘Whoa there. Let's not go crazy. Rust may qualify as being neat but it's not "good". The jarring syntax and toxic community are really Rust's primary problems’

Haa .. is there some kind of manual [youtube.com] you people work out of. Imagine what would happen if the computers on board the Axiom [imdb.com] ran Microsoft Rust ©.

Re:

[Phillip2]

I find this hard to understand. The community is quite nice. People are helpful, no one has been rude, abrupt or dismissive of my questions. Even trivial things, like the absence of nutter on slashdot who first posts ASCII swastikas, help to make it feel like a nicer place.

It's quite far from my definition of toxic.

The syntax is okay; I find the unpaired single quotes and trailing commas a bit weird, and who ever decided 100 characters line length was a good idea will regret it as they age. But, there are w

Re:

[jfdavis668]

Jarring syntax? What is so jarring about it?

Re:

[Tom]

Exactly my thoughts. Not-Invented-Here syndrom hard at work.

These fuckers. They really have to spoil everything good.

Re:

[Lonng_Time_Lurker]

It's unclear they are doing anything to Rust, at least to me - only the title mentions that, the summary / article only really talks about:

"Parkinson said Microsoft is rewriting some "targeted" components in Rust".

Re:

[coofercat]

I too have to wonder what advantage there is in forking Rust to make their own version of it (besides commercial)?

Is the Rust core team so entrenched that they won't listen to good ideas posed by devs from Microsoft? I have no idea, but unless it's absolutely a non-starter, it doesn't warrant a fork.

Am I too jumping the gun and seeing "E-E-E" here? Yet another language by Microsoft that's (a) not as good as it needs to be and (b) only works on Microsoft systems? On this occasion they're talking about open s

C#

[labnet]

What’s wrong with C#. For win apps it’s a beautiful language. What does rust offer over C#?

Re:

[Forty Two Tenfold]

What’s wrong with C#. For win apps it’s a beautiful language.

Exactly. Get it?

What does rust offer over C#?

I don't know. Ask Microsoft.

Re: C#

[ArmoredDragon]

My guess is better performance, which is a very high priority for low level os stuff. Rust is pretty close to C in performance afaik, while c# definitely isn't. C# is largely built around .net, which has a lot of powerful features that can save you a lot of time as a developer for business applications, but it's a poor choice for anything low level.

fixed indents, blockchain and AI

[thesjaakspoiler]

no new programming language will last with them.

Embrace, Extend, ...

[BAReFO0t]

... Extinguish.

Instead of just contributing to Rust to get the features you need in ...

Aaah, Microsoft ... we know you all too well.

Re:

[neaorin]

1. It's still very much a research project, they're not yet committed to use it in production. There's no point in trying to push for new features in Rust which nobody might use.

2. Project Verona will soon be open sourced. That's actually written in TFA, which basically killed any chances of you coming across that bit of info.

Re:

[AmiMoJo]

That's now how open source software works. If you want to make massive experimental changes to something you fork it first. If your work turns out to be good and compatible with the mainline project it gets folded back in, if you go your separate ways.

Can you imagine the shitstorm if Microsoft had started submitting experimental code that changed the fundamental way Rust works as patches to the main source tree? You only create branches if you intend for them to be merged at some point, in cases like this f

Re:

[Briareos]

... Extinguish.

Instead of just contributing to Rust to get the features you need in ...

Aaah, Microsoft ... we know you all too well.

Any you know what? In the case of Rust, I'll make an exception and hope it gets buried sooner than later...

:$/7(56&277$1'-$1($867(1

[faizo]

1RWORQJDJRLWZDVSRSXODUWRUHDGWKHGHYHORSPHQWRIWKHQRYHOIURPWKHHLJKWHHQWKFHQWXU\WR-DQH $XVWHQDQGEH\RQGDVLWVHOIDNLQGRIQDUUDWLYH2QWKLVWKHRU\WKHQRYHOVWDUWVRXWDVDUDWKHUFUXGH NLQGRIOLWHUDU\IRUPZKLFKFDQKDQGOHSORW)LHOGLQJRUSV\FKRORJ\5LFKDUGVRQEXWQRWERWKDWWKH WKHWLPHRI [ofwpinoy1tv.net]

Leading Nowhere?

[Cmdln Daco]

Microsoft's Project Verona could turn out to be just an experiment that leads nowhere

Is Google involved, then?

Microsoft fights malware with PR ..

[notdecnet]

Microsoft fights malware with quasi technical sounding waffle and Public Relations.If this programming language is based on Rust then it's not now. Rather than try and make the code secure, why not make a MMU that can truly isolate process memory. That way when a bug slips through the hackers can't exploit it.

What in the world does this mean? Waffle?

[trevc]

"So by taking ownership at the level of ownership of objects, then we get much closer to the level of abstraction that people are using and it gives us the ability to build data structures without going outside of safety"

Re: What in the world does this mean? Waffle?

[Way Smarter Than You]

Nothing. It means nothing. It is just a word hash salad of noise just like it looks like.

Rust?

[nospam007]

At least add some aluminum dust, then you'd have something fiery.

Misrepresenting the actual talk

[Misagon]

The ZDNet article is jumping to conclusions, as if this is something that Microsoft is going to roll out soon. That is not the case.
From the actual referenced talks and papers this seems like stuff that are still deep in the research phase, by people doing basic research.
Project Verona is not based on Rust. It is just inspired by some of the same idea for programming language design that had once inspired Rust ... and there are a bazillion papers and languages that are too.

Microsoft has for a long time done

Wow Microsoft and Secure

[oldgraybeard]

in the same sentence. Almost coughed up my morning coffee.
Will wonders never cease! Maybe now that they can spell it, they can do it? Go Microsoft! this time!

Just my 2 cents ;)

Microsoft continues to surprise me

[Phprincess]

This is some incredibly interesting use of some incredibly interesting technology. Not what I expect from Microsoft at all. I'm not sure if I can get used to their kinder, gentler selves when it comes to this kind of stuff.

Emvrace, Extend, and Extinguish?

[Vlijmen Fileer]

Back to old habits?

Rust was designed in the first place to be a safe(r) alternative to existing performance programming languages. Why would MS choose to try to security improve on Rust, of all languages? And why would they choose to make some MS-owned, probably faux-open source variant of Rust, rather than working together with the community that now develops Rust?

Oh, wait, I think I see. Rust was created and is being developed as a Mozilla project. Still can't have a strong, independent browser produc

Plain old C will live on regardless

[Rick Schumann]

Real programmers don't need 'Rust' or anything else Microsoft has a hand in, to write 'secure' code. All it takes is actual talent and actual know-how. Wonder why it is we seem to be so short of that today?

Re:

[fleabay]

Do you have any idea how many talented and experienced programmers have written insecure code?
Aso, What's up with the quotes around 'Rust' and 'secure'? Did bad old 'Microsoft' trigger you?

Moores Law vs Microsoft

[lordofshadows]

While Moore's law is slowing, we shouldn't be so quick to innovate better ways to slow down your CPU