SoylentNews is people
SoylentNews
Arthur T Knackerbracket has processed the following story:
Mark Russinovich, the chief technology office (CTO) of Microsoft Azure, says developers should avoid using C or C++ programming languages in new projects and instead use Rust because of security and reliability concerns.
Rust, which hit version 1.0 in 2020 and was born at Mozilla, is now being used within the Android Open Source Project (AOSP), at Meta, at Amazon Web Services, at Microsoft for parts of Windows and Azure, in the Linux kernel, and in many other places.
Engineers value its "memory safety guarantees", which reduce the need to manually manage a program's memory and, in turn, cut the risk of memory-related security flaws burdening big projects written in "memory unsafe" C or C++, which includes Chrome, Android, the Linux kernel, and Windows.
Microsoft drove home this point in 2019 after revealing 70% of its patches in the past 12 years were fixes for memory safety bugs due largely to Windows being written mostly in C and C++. Google's Chrome team weighed in with its own findings in 2020, revealing that 70% of all serious security bugs in the Chrome codebase were memory management and safety bugs. It's written mostly in C++.
"Unless something odd happens, it [Rust] will make it into 6.1," wrote Torvalds, seemingly ending a long-running debate over Rust becoming a second language to C for the Linux kernel.
The Azure CTO's only qualifier about using Rust is that it was preferable over C and C+ for new projects that require a non-garbage-collected (GC) language. GC engines handle memory management. Google's Go is a garbage-collection language, while the Rust project promotes that Rust is not. AWS engineers like Rust over Go because of the efficiencies it offers without GC.
"Speaking of languages, it's time to halt starting any new projects in C/C++ and use Rust for those scenarios where a non-GC language is required. For the sake of security and reliability. the industry should declare those languages as deprecated," Russinovich wrote.
Rust is a promising replacement for C and C++, particularly for systems-level programming, infrastructure projects, embedded software development, and more – but not everywhere and not in all projects.
[...] Rust shouldn't be viewed as a silver bullet for all the bad habits developers practice when coding in C or C++.
Bob Rudis, a cybersecurity researcher for GreyNoise Intelligence, who was formerly with Rapid7, noted developers can carry across the same bad security habits to Rust.
"As others have said, you can write "safely" in C or C++, but it's much harder, no matter what dialect you use than it is in Rust. Mind you, you can still foul up security in Rust, but it does avoid a lot of old memory problems."
(Score: 3, Insightful) by istartedi on Saturday September 24 2022, @05:24PM
For a long time C lagged FORTRAN in performance due to pointer aliasing assumptions. The "restrict" keyword was added to compensate for this. Now C can (in theory) match the performance of any FORTRAN program.
Question to the C standards committee and/or compiler developers: Can type qualifiers that support Rust's "ownership" and "borrowing" model be added to C? Perhaps some other mechanism is more appropriate, but type qualifiers were the first to come to mind. The "mut" keyword is already covered of course, except that everything in C is "mut" by default and qualified as "const" as desired.
Assuming that the standards are ever taken in this direction, going through a large codebase of C or C++ and bringing them up to snuff vs. a complete re-write in Rust would be the big decision for developers.
It sounds like those who draft C and C++ standards should take this as a wake-up call. They're resting on an unimaginably huge base of code; but if they don't do something, it sounds like the clock might be starting to tick on their relevance. It'll take decades though. Look how much COBOL is still out there. LOL, MUMPS still lives and C is no MUMPS.
Appended to the end of comments you post. Max: 120 chars.
(Score: 3, Interesting) by Mojibake Tengu on Saturday September 24 2022, @06:02PM (3 children)
Fundamental situation with Rust is, it is now heavily dependent on LLVM infrastructure only, core stuff like LLVM assembler or IR engine.
And (nearly) everything in LVVM infrastructure is written in C++.
So, by gladly renouncement of C++ for Rust, you'll get Baron Munchhausen effect...
Current attempts to port Rust on GNU infrastructure means it will become dependent on C instead... I can't determine which one is better. Or worse.
Some time ago, I tried to write "portable" code by hand directly in LLVM IR and it worked, both on AMD64 and ARM. No need for another programming language frontend at all. Anyone can do that. Later I implemented some funny language just by a simple AWK script producing IR code.
So I urge everyone: If you are capable enough of thinking, make your own language! Let's have the real fun...
Respect Authorities. Know your social status. Woke responsibly.
(Score: 2) by RamiK on Saturday September 24 2022, @08:08PM
https://github.com/bytecodealliance/wasmtime [github.com]
+
https://github.com/bjorn3/rustc_codegen_cranelift [github.com]
=
Self-hosted rustc
compiling...
(Score: 0) by Anonymous Coward on Sunday September 25 2022, @03:27AM (1 child)
If you want to have fun, check out the Rockstar [codewithrockstar.com] language :)
(Score: 3, Funny) by sgleysti on Sunday September 25 2022, @07:56PM
Apparently, Rockstar has multishredding instead of multithreading.
(Score: 1) by GloomMower on Saturday September 24 2022, @08:04PM (2 children)
I've found the lack of GUI toolkits for rust disapointing. Maybe I've only seen articles about pure rust toolkits and I just need to look at bindings.
(Score: 2) by Mojibake Tengu on Saturday September 24 2022, @10:01PM (1 child)
There is a next generation terminal written in Rust out there:
https://www.warp.dev/ [warp.dev]
It feels almost GUI. Reminds of ancient TCL/Tk.
Respect Authorities. Know your social status. Woke responsibly.
(Score: 2) by sgleysti on Sunday September 25 2022, @08:06PM
That's really cool. I'm a big fan of text. Tasteful integration of more GUI-type elements with a mostly text-based interface is a great idea.
(Score: 2) by MIRV888 on Sunday September 25 2022, @04:08AM (4 children)
I can't pretend to understand everything you all said, but I get the principle of it.
C / C++ says 'go left'. It sends 'go left' to the AST compiler
AST compiles optimizes this into a processed syntax tree.
This is handed off to the hardware-architecture specific code generator backend,
Which finally makes whatever output 'go left.'
So does the hardware-architecture specific code generator backend reside on the hardware / equipment or is this just another library which is specific to say a GE 3 phase motor with a 5928793274 controller board 'go left'?
(Score: 3, Informative) by Rich on Sunday September 25 2022, @10:17AM (2 children)
The processor specific code generator is always some sort of library (or rather component) belonging to the compiler. That's independent from the 3-phase motor. But there is a driver for the motor, which is also a library or a component. For a dumb motor, it will be a library compiled on the host that controls the PWM timers for the sinusoidal phases directly. For a smart motor (and that's implied with the controller board), it's still a library, but that only sends a command (e.g. something like "G91 G1 X-5") to the board. Then there's another library or component compiled for the processor on the controller board that controls the PWM. The closest to "belonging to the hardware" would be if that smart controller board software is put into a ROM and plugged in.
(Score: 2) by MIRV888 on Wednesday September 28 2022, @07:03PM (1 child)
So bad code / motor commands could make say... a centrifuge, destroy itself but running erratically?
(Score: 2) by Rich on Wednesday September 28 2022, @07:39PM
Yes. Have a look on YouTube for "CNC crash" for more "ouch" moments than one can endure :). For centrifugal widgets, the failure modes probably depend on the specifics. I think hi-spin washing machines (1600 rpm+) have active compensation. I'd assume a washing kitchen would be wrecked if the firmware spun up a bit past the safe limit (iirc quadratic energy accumulation with linear rotation increase) and then killed the active balancing. While your ordinary third-world uranium centrifuge probably is dynamically weighted in hardware, much like a car wheel. That'll simply come apart if a command is issued to spin up beyond the design speed for which it has been balanced.
To stay on topic: The latter has little to do with compiler safeguards for object code, but more with convincing Microsoft to make their Autorun feature too awkward to disable and then sneaking in an autorunnable USB stick...
(Score: 3, Informative) by coolgopher on Wednesday September 28 2022, @12:36AM
One thing which often does people's head in when first learning about compilers, is that a compiler's output is not directives to make hardware do things. A compiler's output is a bunch of instructions, which when used issue directives to make hardware do things. To use a kitchen analogy, the compiler is a person writing down a baker's instructions as a recipe. At any time, someone can then use that recipe to make the cake. The baker is the programmer, the recipe is the binary/application/program, and the cake is what we all want when we run the program.
So in this case, if the C code effectively says "go left" (presumably by invoking a higher abstraction library), the compiler might end up generating a recipe saying "load speed into motor params register; load 1 into motor direction register; set bit 1 in motor control register". The act of compiling has not made to motor do anything, but following the produced register will make it turn left at whatever speed.
(Score: 2) by MIRV888 on Wednesday September 28 2022, @07:13PM
Thanks again you guys and gals for giving some understanding to someone who is way outside their area of expertise.