On Monday, Russinovich urged the tech industry to leave C / C ++ behind. “Speaking of languages, it’s time to stop starting new projects in C / C ++ and use Rust for those scenarios where a non-[garbage collected] a language is required, “he said.” For reasons of safety and reliability, the industry should declare these languages as deprecated. ”
Speaking of languages, it's time to halt starting any new projects in C/C++ and use Rust for those scenarios where a non-GC language is required. For the sake of security and reliability. the industry should declare those languages as deprecated.
— Mark Russinovich (@markrussinovich) September 19, 2022
Russinovich’s dismissal of C / C ++ comes when Linus Torvalds, the creator of Linux, has confirmed that the Rust code – barring unforeseen circumstances – will appear in version 6.1 of the Linux kernel, a long-awaited milestone. The Linux kernel is written in C with some assemblies and some glue-sprayed scripts.
Rust, designed as a hobby by Graydon Hoare, began taking shape in Mozilla in 2006 and debuted publicly in 2010. It began attracting serious attention as an alternative to C / C ++ in 2015 with the release of Rust 1.0.
Since then, Rust has been the most loved programming language in the annual StackOverflow Survey for seven consecutive years, despite its reputation for being difficult to learn, and has been integrated into the projects of leading technology companies.
Apple, Amazon, Google, Meta, and Microsoft, among many others, use Rust in some way or in production. Cloudflare recently talked about Pingora, its new HTTP proxy built using Rust, which has improved performance and reduced CPU and memory usage.
Rust seems less prone to potential memory corruption bugs and this makes the software less vulnerable. Microsoft has been talking about downloading C / C ++ and exploring Rust since at least 2019 and has developed its own cloud-oriented memory-safe programming language called Project Verona. So Russinovich’s call to deprecate C / C ++ is not unprecedented.
According to Microsoft, about 70% of CVEs it has patched since 2006 are due to memory security issues. Eliminating these bugs would greatly improve the security of the software while reducing the cost of fixing vulnerabilities.
The register he asked Microsoft if Russinovich’s recommendation is being adopted at the corporate level. Redmond declined to comment.
Rust alone does not guarantee the security of the software. It provides defense against memory security bugs but does not eliminate other classes of vulnerabilities.
As the language documentation explains, “Rust contains both a secure and an insecure programming language.” Developers may choose to write Unsafe Rust for certain tasks and may inadvertently create insecure code. And Rust doesn’t address attack vectors that go beyond the scope of audio software design such as social engineering. However, it has qualities that recommend it.
“Rust continues to grow in popularity for its safety, speed and reliability and it is encouraging to see this support from such prominent leaders in this field,” said Rebecca Rumbul, executive director and CEO of the Rust Foundation, in an e- mail to The register. “We hope that this kind of support will ultimately lead to investments in Rust’s infrastructure and the talented Rust community, so that Rust can continue to be safe, secure and sustainable for the future.”
The register asked Bjarne Stroustrup, creator of C ++, to comment. We will update this story when we have news. ®
Updated to add
Stroustrup has returned to us, defending the language he invented.
“It’s not unusual for people, especially executives, to fall in love with new and bright things that promise to make their lives easier,” he told us.
“Furthermore, supporting something new is much more exciting than addressing the known problems of older and more well-known tools. Unfortunately, it usually takes many years and great effort for new languages to match mature languages in their broad areas of application. enthusiasts rarely see it and tend to be rather one-sided in their comments. ”
“Security is obviously of paramount importance in many contexts, so I have been working for years to increase security in C ++,” continued the creator of the language.
Now we can get guaranteed perfect type and memory safety in ISO C ++. That is, each object is used according to the type with which it was defined
“Now we can get guaranteed perfect type and memory security in ISO C ++. That is, each object is used according to the type it was defined with. This implies that we eliminate the use of dangling pointers, catch range errors and we eliminate data runs. Note that every “secure” language, including Rust, has loopholes that allow insecure code. ”
Referring to this document, of which he is a co-author, Stroustrup said: “The basic idea of the Fundamental Guidelines is to define a set of rules to be followed to ensure safety, and then apply them with a static analysis. The rules are necessary. because arbitrary C or C ++ code cannot be proven safe.
“The code is the ISO C ++ standard, and people who don’t feel the need for security or can’t yet update their code simply can’t run a parser. Partial implementations of those analyzers are available in Microsoft Visual Studio and Clang Tidy and elsewhere. ”
“These are obviously work in progress,” he added, “but so are the various attempts to match the flexibility and performance of C ++ at scale in real-world applications. Billions of lines of C ++ are available today.
“Replacing them – or just making them safe (for a variety of definitions of ‘safe’) – is a huge task. It is essential to do it gradually, otherwise the vast mass of unsafe C and old-fashioned C ++ code will remain ‘forever.’ Evolutionary approaches often succeed where revolutions fail at great cost. “