Home > News content

Microsoft explains why Rust is the best choice for system programming

via:博客园     time:2019/7/23 20:34:15     readed:188

Last week, MSRC (Microsoft Security Response Center)Revealed plans to embrace RustThen they expanded the topic into a series, further explaining the need to use a secure system programming language and the reasons for choosing Rust.

In the latest article in the series, Ryan Levick, MSRC's chief cloud development advocate, explains why they think the Rust programming language is currently the best choice in the industry, not least because it can write system-level programs in a memory-safe manner. .

“First, there are already many excellent memory security languages ​​that are widely used inside and outside Microsoft, including .NET languages ​​(like C# or F#) and other languages ​​(such as Swift, Go, and Python). We encourage people who currently use C or C++ to take into account any of these languages. But now I’m talking about security.systemThe need for programming languages ​​that require the speed and predictable performance that C, C++, and Rust can provide. Languages ​​that implement memory security through garbage collection are not ideal for system programming because their uptime can lead to unpredictable performance and unnecessary costs. ”


Performance and control

Levick pointed out that it's best to think about things that can't be abandoned from C and C++ —— performance and control to understand more clearly why Rust is a good choice. Like C and C++, Rust has a minimal optional "runtime" Rust's standard library also relies on libc, but the standard library is also optional, so it is possible to run on a platform without an operating system.

Still like C and C++, Rust provides fine-grained control over when programmers allocate memory and allocate memory, giving programmers a clear idea of ​​how exactly the program will execute each time it runs. What does this mean for performance in terms of raw speed, control, and predictability? That is, “Rust, C, and C++ can be thought of in similar terms”.


The difference between Rust and C and C++ is its strong security. To some extent, Rust is completely memory safe. As mentioned in the previous article, about 70% of Microsoft's security issues are memory security issues. If these software is written in Rust, then 70% of the security issues probably don't exist.

In system programming, sometimes programmers must perform operations that cannot be statically verified as safe. Rust provides programmers with the tools to wrap these operations in a secure abstraction, which means that things that were downgraded to code comments or conventions can be statically enforced by the Rust compiler.

More than just performance and safety

Rust's initial interest in MSRC was due to the above performance and security features. But its charm doesn't stop there. There are already other Microsoft teams that have started using Rust for the following reasons:

  • According to Microsoft's internal investigation, the main reason for adopting it is "correctness" (correctness) & mdash;—“If it compiles, then it works”.
  • Rust statically enforces many of the program's properties, far beyond memory security, and includes null pointer security and data contention security (ie, there is no asynchronous access to a block of memory from two or more threads).
  • Rust's rich type system makes it possible to write expressive programs. The concept of enumeration with related data and a powerful feature system further reinforces Rust's goal of making the program as error-free as possible. The existing community of Rust is of great benefit to the language. Although Rust is still a young language, it has a healthy ecosystem that promotes the development of the open source community and supports production users.

Levick said there is enough reason to believe that Rust will have a bright future, “although it is too early to adopt Rust on a large scale, the early adoption of Rust is usually very positive and positive”. They believe that Rust will change the rules of the game when writing secure system software. Rust provides the performance and control needed to write the underlying system while enabling software developers to write more robust and secure programs.

However, MSRC discovered some issues when researching Rust, including how to standardize Rust's use of unsafe supersets, lack of first-class interoperability with C++, and interoperability with existing Microsoft tools. Sex.

This really challenges Microsoft's adoption of Rust, but MSRC is still looking forward to it: “We are excited about these possibilities. While there are still many questions about how Rust fits into the entire Microsoft project, we encourage others to join and seriously consider the language to meet their system programming needs. ”

China IT News APP

Download China IT News APP

Please rate this news

The average score will be displayed after you score.

Post comment

Do not see clearly? Click for a new code.

User comments