Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 18 submissions in the queue.

It's Time to Stop Using C and C++ for New Projects, Says Microsoft Azure CTO

posted by janrinok on Friday September 23 2022, @11:35PM   Printer-friendly
from the leaks-are-for-kids dept.

Arthur T Knackerbracket has processed the following story:

Mark Russinovich, the chief technology office (CTO) of Microsoft Azure, says developers should avoid using C or C++ programming languages in new projects and instead use Rust because of security and reliability concerns.

Rust, which hit version 1.0 in 2020 and was born at Mozilla, is now being used within the Android Open Source Project (AOSP), at Meta, at Amazon Web Services, at Microsoft for parts of Windows and Azure, in the Linux kernel, and in many other places. 

Engineers value its "memory safety guarantees", which reduce the need to manually manage a program's memory and, in turn, cut the risk of memory-related security flaws burdening big projects written in "memory unsafe" C or C++, which includes Chrome, Android, the Linux kernel, and Windows. 

Microsoft drove home this point in 2019 after revealing 70% of its patches in the past 12 years were fixes for memory safety bugs due largely to Windows being written mostly in C and C++. Google's Chrome team weighed in with its own findings in 2020, revealing that 70% of all serious security bugs in the Chrome codebase were memory management and safety bugs. It's written mostly in C++.     

"Unless something odd happens, it [Rust] will make it into 6.1," wrote Torvalds, seemingly ending a long-running debate over Rust becoming a second language to C for the Linux kernel. 

The Azure CTO's only qualifier about using Rust is that it was preferable over C and C+ for new projects that require a non-garbage-collected (GC) language. GC engines handle memory management. Google's Go is a garbage-collection language, while the Rust project promotes that Rust is not. AWS engineers like Rust over Go because of the efficiencies it offers without GC.

"Speaking of languages, it's time to halt starting any new projects in C/C++ and use Rust for those scenarios where a non-GC language is required. For the sake of security and reliability. the industry should declare those languages as deprecated," Russinovich wrote. 

Rust is a promising replacement for C and C++, particularly for systems-level programming, infrastructure projects, embedded software development, and more – but not everywhere and not in all projects.  

[...] Rust shouldn't be viewed as a silver bullet for all the bad habits developers practice when coding in C or C++. 

Bob Rudis, a cybersecurity researcher for GreyNoise Intelligence, who was formerly with Rapid7, noted developers can carry across the same bad security habits to Rust.

"As others have said, you can write "safely" in C or C++, but it's much harder, no matter what dialect you use than it is in Rust. Mind you, you can still foul up security in Rust, but it does avoid a lot of old memory problems."

Original Submission

 
This discussion was created by janrinok (52) for logged-in users only, but now has been archived. No new comments can be posted.
It's Time to Stop Using C and C++ for New Projects, Says Microsoft Azure CTO | Log In/Create an Account | Top | 115 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 4, Informative) by rpnx on Saturday September 24 2022, @04:09PM (3 children)

    by rpnx (13892) on Saturday September 24 2022, @04:09PM (#1273413) Journal

    Disagree. Bounds checking is unneeded when your loop looks like:

    for (auto & x: container)

    Or

    for (auto it = c.begin(); it != c.end(); it++)
    {
    ...
    }

    And you can also just use std::vector::at if you're unsure about safety or compile the standard library with bounds checking even if you want.

    C++ can be compiled in hardened mode with containers having bounds checking, that's up to the implementation.

    But there is a huge difference between a skilled programmer and skilled C++ Programmer in terms of making mistakes in C++. C++ is not friendly to generalists.

    A few universal trends among C++ haters:

    • Like to say C/C++ as if they are similar.
    • Say C++ is slow/overhead/bloated without benchmarking it.
    • Say C++ is bloated because they benchmark their own well written C vs their own crappy C++
    • Don't understand how iterators work.
    • Don't understand how template partial specializations work
    • Don't understand how RAII and exceptions work, often turn exceptions off, or make manual calls into destructors causing double free because they don't understand the basics of the C++ Object Model.
    • Don't know how to rethrow exceptions or how delegate initialization works.
    • Don't understand how to use/write STL style algorithms.
    • Say that C++ leads to bounds checking errors, despite many styles/design patterns like reference and value oriented programming nearly eliminating these issues
    • Pass around std::shared_ptr or std::unique_ptr or other object ownership through function arguments instead of through object-owners.
    • Complain about the previous design having extra branches in C++ vs C despite it being a moronically stupid design pattern.
    • Act surprised when I write a C++ version of their algorithms that is faster than the C version and contains less boiler plate.

    This was a non-exaustive list of the trends of C++ haters. To summarize, all the people that hate C++ I have met do not understand it and are totally C++-incompetent. That doesn't mean they are incompetent as a programmer, but C++ is a complex language and you cannot expect to pick it up without a substantial learning investment. C++ doesn't excel at microbenchmarks, it tends to beat C on more complex algorithms because you can afford to express much more complex algorithm ideas in C++ than C in the same time span of writing code. But it does allow micro optimizations, however they rarely affect the performance significantly.

    Truth is that C++ vectorization support can make massive gains for performance. C doesn't really have vectorization types, afaik it's all language extensions and inline assembly/compiler intrinsics, whereas C++ has it built in to the standard library. Sometimes -O2 will catch your intent and vectorize stuff anyway, sometimes it wont. C+assembly can compete with C++, but pure standard C with no non-standard extensions/assembly cannot beat C++ in most cases. At least that's what I observe for complex algorithms.

    Starting Score:    1  point
    Moderation   +3  
       Interesting=1, Informative=2, Total=3
    Extra 'Informative' Modifier   0  
    Total Score:   4  

  • (Score: 3, Insightful) by coolgopher on Sunday September 25 2022, @03:18AM (2 children)

    by coolgopher (1157) on Sunday September 25 2022, @03:18AM (#1273505)

    The one very legitimate argument C++ "haters" do have is that of language complexity. There is no denying that it is quite possibly the most complex/subtle programming language available. As someone who writes in C++ professionally on and off, even I have to admit to not having a solid grasp of things like the implications of move semantics or exactly when I can get ADL to work for me. That still doesn't stop it from being an incredibly powerful tool, and the best one for many tasks.

    • (Score: 2, Insightful) by loki on Monday September 26 2022, @12:52AM (1 child)

      by loki (3649) on Monday September 26 2022, @12:52AM (#1273666)

      A huge problem with C++ is that it was bolted on top of C for compatibility, yet C++ tries to replicate and replace everything in C at the same time.
      Thus, whereas C has char*, C++ has char* and std:string.
      C has FILE*, but C++ has FILE* and istream, ostream, and fstream.
      C has printf, but C++ has printf and .
      C has *, but C++ has * and &.
      C has [], but C++ has [] and std::vector.
      C has struct, but C++ has struct and class.
      C has malloc, but C++ has malloc and new.
      C has free, but C++ has free and delete and delete[].
      C has macros, C++ has macros and templates.
      C++ tries to deprecate and replace all the features of C, yet fails in various ways to do so.
      Design-wise, C++ is a mess.

      • (Score: 2) by acid andy on Monday September 26 2022, @03:07AM

        by acid andy (1683) on Monday September 26 2022, @03:07AM (#1273679) Homepage Journal

        I'll grant you that it's not as clean and pure as designing another language independently may be, but backwards-compatibility is rarely very pretty yet it remains an extremely useful thing to have.

        I certainly wouldn't call it a huge problem. You just have to know which features are C and which are C++ and when best to use them, which isn't difficult to learn. I mean, hopefully you didn't spend too many minutes putting together that post, which is already much of the way there to providing a cheat sheet of what's what.

        --
        If a cat has kittens, does a rat have rittens, a bat bittens and a mat mittens?