Microsoft is experimenting with replacing some of its less-secure C++ code with Rust, its more safety-conscious programming counterpart, and the experience has been a mostly positive mixed bag for the software firm.
In a talk given by Microsoft engineers Ryan Levick and Sebastian Fernandez at RustFest Barcelona, they shared some of their experiences with rewriting some of the tech firm’s codebases. Known for its performance, efficiency, and flexibility, the C++ language has been used extensively to build software infrastructure and resource-constrained applications. Unfortunately, it is also prone to security vulnerabilities that can be exploited by bad actors – leaving organizations with a hefty price tag for system clean-up.
"C and C++ are extremely great at writing low-level systems. They use very little resources on the machines,” Levick and Fernandez shared. “They are, in fact, really the basis on which we create our systems today, but the issue with that, of course, is that they are very, very unsafe, and, when they were developed, did not really have safety in mind.”
Levick and Fernandez point out that conservative estimates for addressing issues uncovered in the field cost Microsoft $150,000. This figure can climb quickly when an organization becomes the target of an attack – such as when the British national health care system was subject to a ransomware attack that cost upwards of $4 billion to fix.
Conversely, Rust is a memory-safe, thread-safe language with well-developed concurrency capabilities. It’s designed for fast, low-resource, cross-platform solutions and is being used for applications by tech firms like Dropbox, Firefox, and Cloudflare. Microsoft is in the trial stage and, according to Levick and Fernandez, Rust allows them to write "performant security-critical components safely." This claim is still waiting to be proved, however, but they are hopeful about the outcome.
One of the biggest challenges for Microsoft is that it’s not possible to rewrite everything from the ground up using Rust. Alternatively, Rust code must coexist with other software, and their mingling might not always be harmonious. One hurdle facing Microsoft occurs when using the LLVM, the Rust Compiler, due to its provision of substandard Windows support. Another problem arises with Cargo - the Rust build tool – as it currently cannot manage Microsoft’s whole build system and must be integrated with its existing infrastructure.
The workforce is another consideration that’s come up for Microsoft. Developers with C++ experience come to Rust with ease as there is common syntax ground between the two languages. On the other hand, programmers with different skillsets can struggle initially with Rust’s complexity.
"The good news about this is that before when we've introduced Rust to seasoned C++ programmers, they generally are able to get it rather quickly because it kind of just formalizes things that they already had in their head. When people are coming from other backgrounds, it might be a little more difficult, but while the learning curve is quite steep, generally, people get through it, and once they are through that learning curve, they are quite productive."
While Rust is a relatively young language, initial impressions from Microsoft engineers are positive. Adam Birch, a software engineer for the MS Hyper-V team, wrote about using Rust: "[It] has been a really great experience. I look forward to seeing more developers at Microsoft working with the language and working with the wider community on making the language an even better fit for some of the things we do here at Microsoft."