avatarAaron 0928

Summary

Microsoft is integrating Rust into the Windows kernel to enhance security and performance by replacing legacy C++ code with memory-safe Rust code.

Abstract

Microsoft has embarked on a significant overhaul of its Windows operating system by rewriting core libraries with the Rust programming language. This initiative, which includes the introduction of Rust into the Windows kernel, aims to eliminate certain classes of bugs and improve memory safety. The move was announced by Azure CTO Mark Russinovich and follows a presentation by David Weston, where he detailed the official inclusion of Rust in the kernel. Two major projects, DWriteCore and Win32 GDI, have already been partially rewritten in Rust, totaling approximately 180,000 lines of code. The rewrite has shown not only security improvements but also performance gains, with the promise of making Windows more robust against vulnerabilities. Microsoft's adoption of Rust is seen as a significant endorsement for the language, potentially influencing its wider adoption in the industry.

Opinions

  • David Weston views the integration of Rust into the Windows kernel as a worthwhile project, addressing known security vulnerabilities and achieving remarkable performance improvements.
  • Microsoft's endorsement of Rust is cautious yet optimistic, recognizing the need for a strategic approach to protect existing native code while embracing Rust's memory safety benefits.
  • Open source software developer Armin Ronacher hopes that Microsoft's use of Rust will lead to better developer tool support, particularly in improving PDB support.
  • Samuel Colvin, a Python/Rust developer, praises Microsoft's forward-thinking decision to use Rust, considering it a smart choice for applications that prioritize performance and security.
  • The industry sentiment, including acknowledgment from Google, suggests a growing focus on memory-safe programming languages, with Rust being a favored choice for new projects.
  • There is an acknowledgment that while experienced Rust engineers may be scarce, the language's design makes it easier for engineers to write secure code compared to C/C++.

30 year old code killed! Microsoft rewrites Windows kernel with 180,000 lines of Rust

Rust’s disruption of C has already begun.

Microsoft is rewriting its core Windows libraries using the Rust programming language.May 11 — The latest Windows 11 Insider Preview release is the first to include the memory-safe programming language Rust, according to Azure Chief Technology Officer Mark Russinovich.

“If you’re on the Win11 Insider ring, you’ll get your first taste of Rust in the Windows kernel,” Russinovich tweeted last night.

In any case, this time it was quick: Microsoft only made its plans to replace parts of the Windows kernel with Rust code public in mid-April at the BlueHat IL 2023 security conference in Israel.

At that time, David “dwizzle” Weston, director of security for the Windows operating system, announced in a presentation that Rust would officially be in the Windows kernel.

“In the next few weeks or months, people will start using Rust in the kernel to boot Windows, which is pretty cool. The basic goal of this work is to convert some of the system’s C++ data types into Rust form.”

Rust has made its way into the Windows kernel

Microsoft’s focus is on “killing bug classes” and wants to take a more aggressive approach to securing more secure code. They hope to achieve this through memory-safe languages, CPU architecture changes, and a more secure subset of languages.

David Weston This talk focuses on memory safe languages. In the Windows kernel, the primary language is C. Because of MFC and COM, most of the code outside the kernel is C++, and even MSVC libc is actually written in C++ with extern “C” declarations. However, starting with Windows Vista, the kernel started to allow C++ code (VC++ got the /kernel flag).

Currently Microsoft has rewritten two main projects, DWriteCore and Win32 GDI, which contain some very old code. Win32 GDI was written in the late 80s and early 90s and was designed for the 286/386.

Microsoft first introduced Rust to DWriteCore, which is part of the Windows App SDK implementation of the Windows DWrite engine for text analysis, layout and rendering.

This work started in 2020 and DWriteCore currently contains about 152,000 lines of Rust code and 96,000 lines of C++ code.

The DWriteCore private API uses COM-like interfaces, and the public API is all COM, where C++ and Rust can be easily integrated.

According to reports, it took two developers a total of six months to complete the work, including writing the code and doing the corresponding tests. All these improvements are now open to software developers.

David Weston says this is a very worthwhile project because the field is known for its security vulnerabilities, and the performance gains from the rewrite are amazing! In addition to the expected security improvements, the use of OTLS (OpenType Library Services) is said to improve the performance of Shaping (replacement) glyphs by 5% to 15%.

In addition, Microsoft’s Windows Graphics Device Interface (Win32 GDI) is also being ported to Rust and now has 36,000 lines of Rust code. weston emphasizes that Rust is not only easier to write but also easier to understand than C++. The latest version of Windows 11 starts with this version of Rust, but although it has passed all GDI tests, the Rust interface is still disabled by a feature flag.

Weston says, “There is actually a SysCall in the Windows kernel today, and it’s implemented in Rust.”

But Microsoft’s endorsement of Rust isn’t a no-brainer, Weston explains, “I’m afraid we won’t be completely rewriting Windows with Rust anytime soon, and while we all love Rust, we still need to have a sound strategy in place first, including protecting more of our native code.”

But it’s important to acknowledge that Microsoft’s endorsement, support, and code contributions are making Rust stronger, and that’s a good thing for the open source community as a whole.

Microsoft’s move is very exciting

Microsoft began showing interest in Rust a few years ago as a good way to catch and eliminate memory security vulnerabilities before the product was officially released. Since 2006, the Windows development team has fixed a large number of CVE-listed security vulnerabilities, about 70% of which are memory security related.

The Rust toolchain has worked to prevent developers from building and releasing code with security flaws, thereby reducing the likelihood of malicious hackers attacking software weaknesses. In short, Rust’s focus on memory security and related protections has effectively reduced the number of serious bugs contained in code.

Industry giants such as Google have also publicly embraced the Rust language.

With the industry’s increased focus on memory-safe programming, Microsoft has also shown enthusiasm in exploring Rust. Last September, Microsoft issued an informal mandate for Microsoft Azure CTO Mark Russinovich to use Rust, not C/C++, for new software projects.

Now that Rust has made its way into the Windows kernel, and Weston says Microsoft Windows will continue to move forward with this work, Rust will soon be widely available.

In an email interview, open source software developer Armin Ronacher, who leads the Python Flask project and is a security engineer at Sentry, noted that Microsoft’s favor is important for the Rust language.

“Specifically, I hope that Microsoft will reuse the existing compiler to bring better PDB (program database) support. Current Windows doesn’t keep up with other DWARF (Debugging Using Attribute Record Format) based platforms in terms of developer tool support.”

Samuel Colvin, founder of Pydantic and Python/Rust developer, also said, “I’m impressed by this forward thinking from Microsoft, but it makes sense. I believe Microsoft was pressured by engineers to embrace Rust. At this point, if the goal is to build an application that emphasizes performance or is more bottom-line, then Rust is certainly a smart choice.”

Colvin also mentioned that while there may not be a lot of good Rust engineers on the market, he still thinks it’s easier to find good Rust engineers than it is to find good C/C++ engineers.

“There aren’t many people with a lot of Rust development experience, but many engineers are willing to give it a try and learn. After all, writing secure code is no easy task in itself, and in Rust at least it’s relatively less difficult.”

Colvin concludes, “For those of us developers who rely on Rust, Microsoft’s decision to use and support Rust is really exciting.”

Rust
Rust Programming Language
Programming Languages
Programming
Microsoft
Recommended from ReadMedium
avatarTari Ibaba
This new IDE just destroyed VS Code and Copilot without even trying

Wow I never thought the day I stop using VS Code would come so soon…

5 min read
avatarBen Weidig
Why Everyone Talks About Zig

What’s All the Hype About?

16 min read
avatarThe Secret Developer
What’s Wrong With Musk!🤯

At this point, how many times do we have to learn the same lesson?

3 min read
avatarLORY
My Interviewer Asked Me About Fibonacci, but He Didn’t Like My Answer

Bro, Forget this team and interview another one.

5 min read
avatarAlberto Romero
DeepSeek Is Chinese But Its AI Models Are From Another Planet

OpenAI and the US are in deep trouble

13 min read
avatarShalitha Suranga
Myths That Most Programmers Still Believe

Debunking these myths guides you to becoming an experienced, reliable, senior programmer

9 min read