"First of all, there are already many excellent memory security languages in theMicrosoftWidely used inside and outside, including. Net languages (such as C # or F #) and other languages (such as Swift,Go and Python). We encourage people who currently use C or C to take any of these languages into account. But now we're talking about security.systemProgramming language requirements, such workload requires C, C and Rust can provide speed and predictable performance. Languages that achieve memory security through garbage collection are not ideal for system programming because their running time can lead to unpredictable performance and unnecessary costs. "
Performance and control
Levick points out that it's best to think about what you can't give up from C and C-performance and control-to understand more clearly why Rust is a good choice. Like C and C, Rust has one of the smallest optional "runtimes". Rust's standard library also relies on libc, but the standard library is optional, so it is possible to run on a platform without an operating system.
Like C and C, Rust provides precise control over when and how much memory is allocated to programmers, allowing programmers to know very clearly how the program is executed each time it runs. What does this mean for performance in terms of original speed, control, and predictability? That is, "Rust,C and C can think in similar terms."
The difference between Rust and C and C lies in its strong security, and to some extent, Rust is entirely memory-safe. As mentioned in the previous article, about 70%of Microsoft's security problems are memory security. If the software is written in Rust, then 70%of the security problem is likely not to exist.
In system programming, sometimes programmers have to perform operations that cannot be statically verified as safe. Rust provides programmers with tools to encapsulate these operations in security abstractions, which means that things that have been downgraded to code comments or conventions can be statically enforced by the Rust compiler.
Not just performance and security
Rust first attracted MSRC's interest because of the above performance and security features. But its charm goes beyond that. Other Microsoft teams have begun to adopt Rust for the following reasons:
According to Microsoft's internal survey, the main reason for adopting it is "correctness" - if it compiles, then it works.
Rust statically enforces many properties of the program, which go far beyond memory security, including null pointer security and data contention security (i.e., there is no synchronous access to a piece of memory from two or more threads).
Rust's rich type system makes it possible to write expressive programs. Concepts such as enumeration of relevant data and powerful trait systems further reinforce Rust's goal of making the program as error-free as possible.
Rust's existing community is of great benefit to the language. Although Rust is still a young language, it has a healthy ecosystem that promotes strong open source communities and supports production users.
Levick said there was good reason to believe that Rust would have a bright future. "Although it's too early to adopt Rust on a large scale, early adoption of Rust is usually very positive and positive." They believe that Rust will change the rules of the game when it writes secure system software. Rust provides the performance and control needed to write the underlying system, while enabling software developers to write more robust and secure programs.
However, when MSRC studied Rust, it found a number of problems, including how to standardize the use of Rust's "unsafe" (unsafe) superset, the lack of first-class interoperability with C, and interoperability with existing Microsoft tools. This does challenge Microsoft's adoption of Rust, but MSRC is looking forward to it: "We are excited about these possibilities." While there are still a lot of questions about how Rust adapts to the entire Microsoft project, we encourage others to join us and seriously consider the language to meet their system programming needs. "