Microsoft to explore Rust?

I dont know what to make of this announcement from Microsoft but on the surface it looks promising.
I am sure Microsoft wont want to repeat the Java-MS mistakes of some 20 years ago.
Microsoft, in theory, can add a lot of value to Rust.
As can AWS and Google and Facebook and Netflix too.

6 Likes

These quotes from the original blog post are quite direct:

One of the most promising newer systems programming languages that satisfy those requirements is the Rust programming language originally invented by Mozilla.

We are a response organization, but we also have a proactive role, and in a new blog series we will highlight Microsoft’s exploration of safer system programming languages, starting with Rust. Please do join us on our journey.

2 Likes

Seems to be making waves: currently #13 overall on HackerNews :smiley:

https://news.ycombinator.com/item?id=20468756

Also mentioned on The Register:

It would be really awesome if Microsoft would bet on the Rust Ecosystem.
The company has really been reinventing itself the last decade, and this kind of introspection gives me great hopes for the future.

Just imagine: "Windows 11, now 100% virus-proof because we RIIR'd!". (<- joke alert! Usual R.E.S.F. disclaimers apply :yum:)
Of course, we'll also need "Office 2050" to deal with the Visual Basic macro-viruses...

All joking aside, Microsoft is a giant. It would mean such a boost for the library ecosystem if Microsoft started doing stuff "Rust first" :sunny: :rainbow: :sunny:

I can already recommend the original blog: It's only a teaser that sets the stage (no Rust-in-depth yet, that's going to be the next chapter), but that teaser preaches exactly the Rust Argument.

This image basically says it all:


Thats's ALL microsofts security-relevant bugfixes (i.e. "bug with CVE").
The dark-blue part (70%) is the part that Rust would have outright prevented with it's memory safety guarantees. :star_struck:

ping @retep998 -> I predict your WinApi crate is going to be receiving some interest in the coming days :slight_smile: There's no way to say "Windows + Rust" without your excellent work!

7 Likes

Safe Rust could have prevented those. Some of that code would be certainly be unsafe though.

6 Likes

Here we go againg… unsafe doesn’t drop all guarantees. Most of those bugs would be prevented even in unsafe rust because even unsafe doesn’t let you to transmute & to &mut. And also doesn’t disable borrow checker. Unsafe rust isn’t “C with more fancy syntax”.

6 Likes

Yes, let’s please be REALLY CLEAR that this is a JOKE because Rust cannot possibly make the guarantee of being 100% virus-proof.

7 Likes

That’s not really true. Rust will happily compile code that turns an immutable borrow into a mutable borrow: https://play.rust-lang.org/?version=stable&mode=debug&edition=2018&gist=a5a518df54328e5eb544b799292cb397

2 Likes

btw, it’s awesome that MIRI catches this particular UB: https://play.rust-lang.org/?version=stable&mode=debug&edition=2018&gist=61e5c3aec1e0d08006a3bbfa9b516b8e

4 Likes

I’d say yes and no, unsafe Rust is most of the time safer than C but it can be more dangerous. The good thing is that you know where to look for when there is a problem.

Immutable to mutable reference:
see @AndrewGaspar’s example

Clippy and Miri catch it but the compiler doesn’t complain.

Borrow checker taking a nap:

unsafe fn into_static<'a, T>(input: &'a T) -> &'static T {
    &*(input as *const _)
}

You can also make out-of-bounds access, use after free,…

3 Likes

Jinx! :slight_smile:

1 Like

Oh definitely! I forgot about Poe’s Law there for a bit! :blush: Clarifying R.E.S.F. approved joke alert applied!

1 Like

FWIW, Microsoft is already using Rust in production.

2 Likes

More on this:

https://msrc-blog.microsoft.com/2019/07/18/we-need-a-safer-systems-programming-language/

I sure do hope Microsoft adopts Rust on a major scale.

This could carry Rust into a main-stream adoption sphere and firmly establish it as a credible C++ alternative for all future systems software development.
I have been waiting for a long time for this.

I do wonder if Google and AWS are interested in Rust on a major scale, they also have an awful lot of C++ in their software stack.

3 Likes

Good point (although that repo's build badge says it's failing.., which doesn't inspire immediate confidence on how critical they treat it...)
Let's also not forget that Visual Studio Code's search is powered by ripgrep.

Still, these kinds of usage are still very.. conservative.. Small aspects or experiments, not going anywhere near the "crown jewels".

I'm dreaming of something like "here is the officially supported Rust kernel binding, please write your next printer driver or network stack in Rust", or "we got sick of all the exploits in our font-handling, so we rewrote that core part of Windows with Rust"

Firefox Quantum shows that these kinds of gradual, but impactful, oxidations are doable, if you really go all-in.

That is the kind of things I'm hoping Microsoft will realise too.
Such a vote of confidence by such an influential player would firmly catapult rust into the "majority" section of the innovation adoption curve".
The need for this has been on my mind ever since this particular "imagine Rust failed" scenario embedded itself in my brain's fear-cortex. :fearful:

Yes, it is possible. But you have to do all of it very much explicit. You may also literally put inline assembly in Rust, but it doesn't make rust "Asm with some fancy features".

All big companies that I know of which adopted Rust, did so for new projects or rewrites of crufty components in existing projects.

In Google's case, for example, Rust is used in the Fuschia R&D (among many other languages). I assume that the way this R&D will pan out will, at least in part, determine the wider future of Rust in this company.

Firecracker was developed at Amazon Web Services to accelerate the speed and efficiency of services like AWS Lambda and AWS Fargate. Firecracker is open sourced under Apache version 2.0.

3 Likes

This made me want to take a step back and look at the timeline of "company uses Rust in production"-related milestones I could remember off the top of my head:

May 2015 - Rust 1.0
Jul 2016 - Firefox's first Rust code in production
Sep 2016 - the "ripgrep is faster than..." blog post
Mar 2017 - VSCode adopts ripgrep for search
Aug 2017 - Firefox ships Stylo
Oct 2017 - Chucklefish uses Rust and does an AMA (and yes, I'm aware they no longer use Rust for staffing reasons)
Feb 2019 - npm rewrites authorization service in Rust
May 2019 - Firefox ships WebRender MVP
July 2019 - Microsoft strongly implies interest in oxidizing Windows

My mind is just blown by how far Rust has come in so little time. :heart_eyes:

We've been stable for just over four years and "are they actually going to rewrite the Windows kernel in Rust?" is officially not even a crazy question to ask now (even if that probably is slightly overhyping this blog post).

5 Likes

That would have been a great place for it, but they already re-wrote that part in one of their other safe languages.

1 Like

part 3 of the blog

part 3 of the series FYI

Interesting comment:

While researching Rust, we found some issues that gave and continue to give us pause. Some of these concerns include how to regulate the usage of the “unsafe” superset of Rust at scale, lack of first-class interoperability with C++, and interoperability with existing Microsoft tooling. We’ll be blogging about many of these in the future as they do pose challenges for adoption at the scale of Microsoft, and we want to involve the Rust and wider software communities in helping us find solutions that work for everyone.

But we’re excited about the possibilities. While there are many questions still left to figure out about how Rust fits into the overall Microsoft engineering story, we encourage others to join us in taking a serious look at the language for their systems programming needs.

I agree that C++ library-ecosystem-interop is critical for Rust future adoption if it is to become C++ replacement (a question: is plain ANSI C ecosystem interop from Rust good at present time?).

Let me mention Kotlin as an example. Kotlin JVM offers 100% Java JVM ecosystem interop, which allows very easily to code in Kotlin and re-use all existing Java JAR libraries.
It also allows Java coders to call Kotlin JAR libraries.

I realize Rust is very different to Kotlin but the success of the language today is about peaceful/easy coexistence with the dominant ecosystem.
For Kolin JVM this is Java world.
For Rust is must be C++ and C world.

2 Likes