Is it time to roll back C and C ++ for Rust in new programs? • Registry

Column We all know that the Rust language has become much more popular. According to Slashdat data, Rust users have nearly tripled in the last 24 months.

Mark Russinovich, chief technology officer of Microsoft Azure, tweeted that it was “time to make suspend starting new projects in C / C ++ and use Rust for those scenarios where a language other than GC is required. For the sake of safety and reliability. Industry should declare these languages ​​obsolete. ”

Their words of battle!

What prompted this? As noted here, this isn’t really a desire to start another endless war of programming languages ​​- see vi vs EMACS, tabs vs spaces, and Java vs Python. No, I think what triggered his comment was that Linus Torvalds gave his blessing to incorporate Rust code into the Linux kernel starting with Linux 6.1.

If the makers of the Linux kernel, the developers of the most successful C project of all time, endorse Rust, why not the author of Windows Sysinternal Tools?

Remember, Russinovich is not suggesting that in our spare time we destroy anything that has already been written in C or C ++ and turned into Rust. Far away from here. As he wrote on Twitter when he challenged the industry to say goodbye to C and C ++: “There is a huge amount of C / C ++ that will be maintained and evolved over the decades (or longer). Last night I coded a function for Handle, adding up to about 85,000 lines of Sysinternals C / C ++ code that I wrote. That said, I’ll be leaning towards Rust when it comes to new tools. ”

Of course she is right. When I started programming, everyone said COBOL was history. Forty years later, COBOL is alive and well, and its developers are still scooping up money. So there!

Languages ​​never die. They just stop being sexy.

That said, there are excellent reasons to retire C and C ++ in favor of Rust. First, Rust was designed with performance and security in mind. The C family is all about speed and greater speed. Safety came second.

True, you can safely write in C or C ++. For example, you can use a safer language variant such as SEI CERT C, or use safer guidelines when working with a language such as C ++ Core Guidelines. And, as Bjarne Stroustrup, the developer of C ++ said Register recently: “We can now achieve the guaranteed excellent type and memory security in ISO C ++.”

Indeed, you can always write perfectly secure code in C and C ++. It’s just never, ever been easy. Both languages ​​make it much easier to make memory errors. These include incorrect access to the heap and stack memory; memory leaks; mismatched memory allocation and deallocation; and uninitialized memory access. And these are just the usual mistakes I made! As Naveen Gv, Intel technical consulting engineer, put it: “Memory errors are very common in C and C ++ applications and… can be difficult to reproduce, difficult to debug, and potentially expensive to repair.”

Both languages ​​are “memory dangers”. They give programmers precise control over their application memory, but with great power it carries a huge potential for problems. One mishap of a memory snowball can lead to an avalanche of errors.

These are not just theoretical errors. They happen all the time. In 2019, Microsoft admitted that 70 percent of CVE (Common Vulnerabilities and Exposures) security problems were caused by developers making memory corruption errors in C and C ++ code.

While I like to laugh at Microsoft’s security, this issue is not unique to Microsoft. Google developers found the same percentage of memory problems in the code of the Chromium / Chrome web browser. I’m sure it’s that bad with almost anything written in C or C ++.

On the other hand, Rust is a memory safe language. Sure, you can still make security mistakes. You can in any language. But, and this is important, it’s much harder to make the simple memory errors that plague C and C ++ applications.

So, years before Rust started making headlines, both Google and Microsoft began considering replacing C and C ++ with Rust. Now Linux also includes Rust.

In addition to security, Rust has the advantage of making it easier to write concurrent programs. Rust was written for the container and cloud world, while C was written for the DEC PDP-11 16-bit minicomputer. Now both C and C ++ are very flexible, but we are far from single-processor / single-core computers!

That said, Rust is not going to replace his older brothers tomorrow. It will take years, even decades, but it will happen. We have ignored security for generations, but now that our entire economy is dependent on safe technology, we cannot afford to be so light-headed about our programs. ®

Leave a Reply