Microsoft has explained why it’s pursuing ‘safe systems programming’ through efforts like its experimental Rust-inspired Project Verona language and its exploration of the Rust programming language for Windows code written in C++.
The short answer is that Microsoft is trying to eliminate memory-related bugs in software written in languages like C++, according to Microsoft Rust expert Ryan Levick. These bugs cost a lot to fix and make up a large share of Patch Tuesday hassles. Levick has now offered more insights into Microsoft’s efforts behind safe systems programming.
Systems programming includes coding for platforms like Windows, Xbox, and Azure, as opposed to programming applications that run on them.
Key systems programming languages include C++, Google-backed Go, and Mozilla-created Rust, but Rust and Go are ‘memory-safe’ languages while C++ is not. Other languages are memory safe, such as Swift and Kotlin, but they aren’t for systems programming.
The thing for Microsoft is that it writes a lot of its platform software in C++ and sometimes still in C. While it works hard to address memory issues, the company says it has “reached a wall”.
“We can’t really do much more than we already have. It’s becoming harder and harder and more and more costly to address these issues over time,” says Levick, who joined Microsoft via its acquisition of Wanderlist, which has become Microsoft To Do. He gave a rundown of Microsoft’s safe systems programming efforts in a session at Build 2020 this week.
Levick has been working with the Microsoft Security Response Center, the group at Microsoft that deals with security bugs across all its platforms, from Windows to Azure.
As he explains, the whole software industry is turning out more code than ever and more code means more bugs, which demands a new approach.
“That software by and large is getting safer and better, but people are writing so much more software that getting a little bit safer and better isn’t enough,” he said.
“Over time, the number of bugs we introduce in the software – and this isn’t just the Microsoft software thing, this is the software industry as a whole – it’s increasing.
“One particularly interesting part about that we found at Microsoft is that 70% of our very serious, mission-critical bugs that happen in our software deal with memory safety and incorrect usage of memory.”
One piece of Microsoft’s answer to memory-related bugs is Project Verona, a new safe infrastructure programming language being developed by Microsoft Research, which takes cues from Rust and is being supported by Microsoft’s lead maintainer of the C# programming language, Mads Torgersen.
Levick says Project Verona is “completely memory safe” but that Microsoft still isn’t sure what the project will become.
“We don’t want to constrain it down to being production-ready today because that’s not the point. So we need to look out to the industry to see what the best alternative to C++ is. And it turns out that language is a language called Rust.”
“We’re looking to adopt that language to make our system software at Microsoft more safe and reliable.”
“When you’re programming in Rust you don’t have to worry about a whole host of issues that you do have to worry about.” That’s attractive, because in theory, Microsoft could get rid of 70% of its most serious bugs, which are also expensive to fix.
The other project Microsoft turned to Rust for is Krustlet, a ‘kubelet’ from the Azure team that lets developers run multiple WebAssembly modules (Wasm) in Kubernetes, the Google-backed open-source tool for managing Docker containers.
While Rust has a steep learning curve, the Azure team behind Krustlet preferred Rust over Go because Rust was able to pick up bugs that Go could not.