Microsoft's Safe Systems Programming Languages Effort (Rust) (opens in new tab)

(mybuild.microsoft.com)

53 pointsLeace5y ago17 comments

17 comments

Good intro to the benefits of Rust for a broad audience, but one important omission: the Use-After-Free and Double-Free protection he mentioned is provided by compile-time static analysis, but Rust also does runtime bounds checks to prevent classic stack smashing (with minimal performance overhead).

That may not seem like a big deal for the x86_64 world where modern mitigations largely make shellcode a thing of the past (hence heap exploitation, ROP/JOP, etc) but it is a BIG DEAL for embedded microcontrollers that lack OS/HW memory protection - an area where #![no_std] Rust shines.

As a security researcher and not a developer, let me be very frank: you should STRONGLY consider Rust in place of C or C++. But know that release profile builds don't do integer overflow checking, so don't get cocky :P

dpc_pw5y ago

Just to add to that: Integer overflows in release builds can be turned on, and even when they are off, at very least they are not UBs. More info in http://huonw.github.io/blog/2016/04/myths-and-legends-about-....

server_bot5y ago

Thanks for pointing that out and linking through to a great resource!

melling5y ago

He mentions this book as “the book” on Rust.

https://www.amazon.com/Rust-Programming-Language-Steve-Klabn...

I think it’s also available for free online. Here? https://doc.rust-lang.org/book/

Boulth5y ago

Yep. Although in my opinion Programming Rust [0] is better even though dated. The word goes that the 2nd edition will be out by the end of the year.

[0]: https://www.amazon.com/Programming-Rust-Fast-Systems-Develop...

hobos_delight5y ago

I read v1 of The Book and then Programming Rust, and I found the latter to be better suited to the way I absorb things.

Both are great and I still refer to The Book (and Programming Rust) from time to time.

I'd be really keen to pick up v2 of Programming Rust.

jbritton5y ago

One thing I like about C as a systems programming language is that it is easy for every other language to bind to it. I’m fine with C++ if the external interface is extern “C”, but that is often not the case. I don’t know how easy it is for other languages to bind to Rust. It would be nice if a language could automatically generate Swig definition files or something similar. However one is going to run into language semantics and impedance mismatches with richer languages. The simplicity of “C” makes a nice bind target. Although I have yet to see a thorough binding to Win32, so I suspect the preprocessor makes this difficult.

nathanaldensr5y ago

Check out TerraFX[1], created and maintained by Tanner Gooding, owner of System.Numerics in .NET Core. He uses another project he maintains called ClangSharp[2] to scan Windows SDK header files and generate blittable, marshalling-free C# bindings. There are many things in C header files that are not easily bound, such as macros; we do a lot of manual or partially-automated work to account for those.

TerraFX is greater than just Windows bindings[3] but it is certainly useful for even just that. I've contributed a lot of bindings recently for some low-level Windows headers. Contributions are welcome!

[1] https://github.com/terrafx/terrafx

[2] https://github.com/microsoft/clangsharp

[3] https://github.com/terrafx/terrafx.interop.windows

akmittal5y ago

Defination of systems programming language is really contradicting. Go was sold as systems programming language in beginning.

_bxg15y ago

Kubernetes is written in Go; I would consider that a "systems" project. I think of "systems" as "software whose purpose is to underpin other software", excluding same-language libraries and frameworks. This rough definition does a good job of covering most of the things people mean when they say "systems programming".

doliveira5y ago

That sounds like a pretty useless definition and needlessly confusing, because systems programming have always meant something closer to the metal. System as in Operating System. Sounds like Go people decided to repurpose the term for whatever reason.

If Kubernetes were written in JavaScript would you call it a systems programming language as well?

_bxg15y ago

It wouldn't be written in JavaScript because JavaScript wouldn't serve a systems use-case very effectively. That's exactly my point.

Assuming Microsoft isn't talking about solely using Rust in Windows The Operating System and Linux The Operating System, they agree with my definition.

1 more reply

slowmovintarget5y ago

Kubernetes is an application that manages virtual machine configurations. While it's a system in the sense of a collection of parts that work together, it is not a system in the sense of the original meaning of systems programming.

That tended to mean a language designed to compile down to processor instruction sets the way C, C++, or now, Rust do.

Go was intended to replace C++ and C for many of the things that Google programmers did, but it wasn't intended to aim at "bare metal" if I recall Rob Pike's design talks correctly.

_bxg15y ago

That's not a systems language, that's a native language. There's a lot of overlap but they're unrelated concepts. Also, Go does compile to native processor code.

degurechaff5y ago

go is not system programming language because they have GC.

thda5y ago

https://en.wikipedia.org/wiki/Oberon_(operating_system)

Every now and then this misconception is found on HN.

j / k navigate · click thread line to collapse

17 comments

server_bot5y ago

dpc_pw5y ago

server_bot5y ago

Thanks for pointing that out and linking through to a great resource!

melling5y ago

He mentions this book as “the book” on Rust.

https://www.amazon.com/Rust-Programming-Language-Steve-Klabn...

I think it’s also available for free online. Here? https://doc.rust-lang.org/book/

Boulth5y ago

Yep. Although in my opinion Programming Rust [0] is better even though dated. The word goes that the 2nd edition will be out by the end of the year.

[0]: https://www.amazon.com/Programming-Rust-Fast-Systems-Develop...

hobos_delight5y ago

I read v1 of The Book and then Programming Rust, and I found the latter to be better suited to the way I absorb things.

Both are great and I still refer to The Book (and Programming Rust) from time to time.

I'd be really keen to pick up v2 of Programming Rust.

jbritton5y ago

nathanaldensr5y ago

[1] https://github.com/terrafx/terrafx

[2] https://github.com/microsoft/clangsharp

[3] https://github.com/terrafx/terrafx.interop.windows

akmittal5y ago

Defination of systems programming language is really contradicting. Go was sold as systems programming language in beginning.

_bxg15y ago

doliveira5y ago

If Kubernetes were written in JavaScript would you call it a systems programming language as well?

_bxg15y ago

It wouldn't be written in JavaScript because JavaScript wouldn't serve a systems use-case very effectively. That's exactly my point.

Assuming Microsoft isn't talking about solely using Rust in Windows The Operating System and Linux The Operating System, they agree with my definition.

1 more reply

slowmovintarget5y ago

That tended to mean a language designed to compile down to processor instruction sets the way C, C++, or now, Rust do.

Go was intended to replace C++ and C for many of the things that Google programmers did, but it wasn't intended to aim at "bare metal" if I recall Rob Pike's design talks correctly.

_bxg15y ago

That's not a systems language, that's a native language. There's a lot of overlap but they're unrelated concepts. Also, Go does compile to native processor code.

degurechaff5y ago

go is not system programming language because they have GC.

thda5y ago

https://en.wikipedia.org/wiki/Oberon_(operating_system)

Every now and then this misconception is found on HN.

j / k navigate · click thread line to collapse