Column We all know that the Rust language has become much more popular. According to Slashdata’s tally, Rust users have nearly tripled in the past 24 months.
Mark Russinovich, CTO of Microsoft Azure, tweeted that “It’s time to stop starting any new project in C/C++ and use Rust for scenarios where a non-GC language is required. For safety and reliability. The industry should declare these languages obsolete.”
These are fighting words!
What caused this? As stated here, it’s not really a desire to start another endless war of programming languages - see vi vs. EMACS, tabs vs. spaces, and Java vs. Python. No, I think what triggered his comment was that Linus Torvalds gave his blessing to integrate Rust code into the Linux kernel, starting with Linux 6.1.
If the developers of the Linux kernel, the programmers of the most successful C project of all time, embrace Rust, why not the author of Windows Sysinternal Tools?
Notice that Russinovich is not suggesting that we destroy everything already written in C or C++ and rewrite it in Rust in our spare time. Far from there. As he tweeted after challenging the industry to say goodbye to C and C++: “There’s a tremendous amount of C/C++ that will be maintained and evolved for decades (or more). Last night I coded a feature for Handle, adding to the approximately 85,000 lines of Sysinternals C/C++ code I’ve written. That said, I will favor Rust for new tools.”
He is right, of course. When I started programming, everyone said that COBOL was a thing of the past. Forty years later, COBOL is alive and well, and its programmers are still making money. So the!
Languages never die. They just stop being sexy.
That said, there are excellent reasons to retire C and C++ in favor of Rust. First, Rust was designed with performance and security in mind. The C family stands for speed and more speed. Security came far behind.
Certainly, you can safely write in C or C++. For example, you can use a more secure language variant such as SEI CERT C or use more secure guidelines for working with a language such as C++ Core Guidelines. And, as Bjarne Stroustrup, the creator of C++ said The register recently: “We can now guarantee perfect type and memory safety in ISO C++.
Indeed, you can still write perfectly safe C and C++ code. It’s just never, ever been easy. Both languages make it far too easy to make memory errors. They include invalid access to heap and stack memory; memory leaks; incompatible memory allocation and deallocation; and an uninitialized memory access. And these are just the common mistakes I’ve made! As Naveen Gv, an Intel technical consulting engineer, said: “Memory errors occur very frequently in C and C++ applications, and… can be difficult to reproduce, difficult to debug, and potentially expensive to fix as well. “
Both languages are “insecure for memory”. They give developers precise control over their application’s memory, but with great power comes great potential for problems. A snowball error in memory can lead to an avalanche of errors.
These are not just theoretical errors. They happen all the time. In 2019, Microsoft admitted that 70% of its Common Vulnerabilities and Exposures (CVE) security issues were caused by developers making memory corruption errors in their C and C++ code.
As much as I like to poke fun at Microsoft’s security, this problem is far from unique to Microsoft. Google developers found the same percentage of memory issues in its Chromium/Chrome web browser code. I’m sure it’s so bad in just about anything written in C or C++.
Rust, on the other hand, is a memory-safe language. Of course, you can still make security mistakes with it. You can in any language. But, and this is the most important part, it’s much harder to make the kind of simple memory errors that mess up C and C++ applications.
That’s why, years before Rust hit the headlines, Google and Microsoft both started considering replacing C and C++ with Rust. Now, Linux also adopts Rust.
Besides security, Rust has the advantage of making it easier to write concurrent programs. Rust was written for a world with containers and the cloud, while C was written for 16-bit DEC PDP-11 minicomputers. Now, C and C++ are very flexible, but we’re a long way from single-processor/single-core computers!
That said, Rust will not replace its big brothers tomorrow. It will take years, even decades, but it will happen. We’ve ignored security for generations, but now that our entire economy depends on secure technology, we can’t afford to be so cavalier with our programs. ®
#time #retire #Rust #programs
