Senior Microsoft exec says Windows 11 kernel will soon be booting with Rust inside

[Ionising_Radiation]

GDI, DWrite, some syscalls have been rewritten in Rust. This is exciting news. 

 

https://www.neowin.net/news/senior-microsoft-exec-says-windows-11-kernel-will-soon-be-booting-with-rust-inside/


 

[Etern4l]

Why is this exciting exactly? What will be tne benefits, and downsides? Not according to the exec, but in practice. Time will tell. 

[Sandy Bridge]

This is exciting.

 

I am not a Rustacean, only having read about half of The Book and unsuccessfully attempted to port one of my old applications to Rust.  But my understanding is one of the big benefits of Rust is improved memory safety.  In C and C++, it's all too easy to reason incorrectly and not bounds check or double free or something of that sort, resulting in bugs such as buffer overflows that are one of the leading causes of security holes in software in general, including but certainly not limited to Windows.  As more of Windows is converted to Rust, its security should improve.

 

Put another way, C and C++ have a bit of a reputation of being "footguns" - they make it easy to shoot yourself in the foot.  Even experienced developers may make mistakes, and put a developer who doesn't have a solid understanding of pointers on a C or C++ project, and they are going to make mistakes.  When those aren't caught before release, they eventually wind up being covered by Patch Tuesday.

 

The downsides of Rust?  One of the main ways it improves memory safety is with its "borrow checker" concept that is unique to Rust (at least among major languages), and tends to take some time to wrap one's head around even as an experienced developer in other languages.  An incomplete understanding of the "borrow checker" concept is why my port of an old application to Rust failed; if I'd ported it to C++ I probably would have had security flaws, whereas in Rust I didn't, but it simply didn't work, giving some error about the borrow checker not being happy even though I thought based on reading The Book that it would be, and I didn't invest the time to figure out why.  I've talked with some other developers who picked up Rust on the side and also gave up around the same place; when I attended a Rust talk a few years ago the speaker (who is a well-known Rustacean) admitted that "borrow checking" took a bigger chunk of Rust's "unique features to learn" budget than they had expected.  So, Microsoft will have to invest more in training.

 

At least as of a few years ago, Rust also was really slow to compile, like an order of magnitude or two slower than C++.  Once it is compiled, its speed is comparable to C++, but that compilation process is slower, so Microsoft may need more big iron to compile Windows than they have before.  I'm sure this has improved somewhat since I looked at it, but how much is an open question.

 

I actually wound up writing a bunch of C code for fun the month after I failed to pick up Rust.  Yes, it felt dirty writing all that C after dabbling with oh-so-pure Rust.  And I likely committed some pointer crimes in the process.