Hacker News new | past | comments | ask | show | jobs | submit login
Microsoft's Safe Systems Programming Languages Effort (Rust) (microsoft.com)
52 points by Leace 2 days ago | hide | past | web | favorite | 17 comments

Good intro to the benefits of Rust for a broad audience, but one important omission: the Use-After-Free and Double-Free protection he mentioned is provided by compile-time static analysis, but Rust also does runtime bounds checks to prevent classic stack smashing (with minimal performance overhead).

That may not seem like a big deal for the x86_64 world where modern mitigations largely make shellcode a thing of the past (hence heap exploitation, ROP/JOP, etc) but it is a BIG DEAL for embedded microcontrollers that lack OS/HW memory protection - an area where #![no_std] Rust shines.

As a security researcher and not a developer, let me be very frank: you should STRONGLY consider Rust in place of C or C++. But know that release profile builds don't do integer overflow checking, so don't get cocky :P

Just to add to that: Integer overflows in release builds can be turned on, and even when they are off, at very least they are not UBs. More info in http://huonw.github.io/blog/2016/04/myths-and-legends-about-....

Thanks for pointing that out and linking through to a great resource!

He mentions this book as “the book” on Rust.


I think it’s also available for free online. Here? https://doc.rust-lang.org/book/

Yep. Although in my opinion Programming Rust [0] is better even though dated. The word goes that the 2nd edition will be out by the end of the year.

[0]: https://www.amazon.com/Programming-Rust-Fast-Systems-Develop...

I read v1 of The Book and then Programming Rust, and I found the latter to be better suited to the way I absorb things.

Both are great and I still refer to The Book (and Programming Rust) from time to time.

I'd be really keen to pick up v2 of Programming Rust.

One thing I like about C as a systems programming language is that it is easy for every other language to bind to it. I’m fine with C++ if the external interface is extern “C”, but that is often not the case. I don’t know how easy it is for other languages to bind to Rust. It would be nice if a language could automatically generate Swig definition files or something similar. However one is going to run into language semantics and impedance mismatches with richer languages. The simplicity of “C” makes a nice bind target. Although I have yet to see a thorough binding to Win32, so I suspect the preprocessor makes this difficult.

Check out TerraFX[1], created and maintained by Tanner Gooding, owner of System.Numerics in .NET Core. He uses another project he maintains called ClangSharp[2] to scan Windows SDK header files and generate blittable, marshalling-free C# bindings. There are many things in C header files that are not easily bound, such as macros; we do a lot of manual or partially-automated work to account for those.

TerraFX is greater than just Windows bindings[3] but it is certainly useful for even just that. I've contributed a lot of bindings recently for some low-level Windows headers. Contributions are welcome!

[1] https://github.com/terrafx/terrafx

[2] https://github.com/microsoft/clangsharp

[3] https://github.com/terrafx/terrafx.interop.windows

Defination of systems programming language is really contradicting. Go was sold as systems programming language in beginning.

Kubernetes is written in Go; I would consider that a "systems" project. I think of "systems" as "software whose purpose is to underpin other software", excluding same-language libraries and frameworks. This rough definition does a good job of covering most of the things people mean when they say "systems programming".

Kubernetes is an application that manages virtual machine configurations. While it's a system in the sense of a collection of parts that work together, it is not a system in the sense of the original meaning of systems programming.

That tended to mean a language designed to compile down to processor instruction sets the way C, C++, or now, Rust do.

Go was intended to replace C++ and C for many of the things that Google programmers did, but it wasn't intended to aim at "bare metal" if I recall Rob Pike's design talks correctly.

That's not a systems language, that's a native language. There's a lot of overlap but they're unrelated concepts. Also, Go does compile to native processor code.

That sounds like a pretty useless definition and needlessly confusing, because systems programming have always meant something closer to the metal. System as in Operating System. Sounds like Go people decided to repurpose the term for whatever reason.

If Kubernetes were written in JavaScript would you call it a systems programming language as well?

It wouldn't be written in JavaScript because JavaScript wouldn't serve a systems use-case very effectively. That's exactly my point.

Assuming Microsoft isn't talking about solely using Rust in Windows The Operating System and Linux The Operating System, they agree with my definition.

Kubernetes could have been written in Typescript, for instance. Pulumi is for writing infrastructure as code in Typescript. Is Javascript a systems language, them?

Keyword being "closer" to the operating system, of course it doesn't mean just syscalls and Assembly. If you define "system" in "systems programming" in this broad sense of "something that other things call" you dilute the meaning of the term. Any program becomes "systems programming" then.

I'm sure that most people didn't use the term in this sense before Go's creators did and till this day I see only the Go community re-purposing the expression. I'd be happy to be proven wrong, though.

go is not system programming language because they have GC.


Every now and then this misconception is found on HN.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact