Microsoft can't just throw away older Windows code, but the company's Project Verona aims to make older low-level components in Windows 10 more secure by integrating Mozilla-developed Rust.
The company recently revealed that its trials with Rust over C and C++ to remove insecure code from Windows had hit its targets. But why did Microsoft do this?
The company has partially explained its security-related motives for experimenting with Rust, but hasn't gone into much detail about the broader reasons for its move.
SEE: How to build a successful developer career (free PDF)
All Windows users know that on the second Tuesday every month, Microsoft releases patches to address security flaws in Windows. Microsoft recently revealed that the vast majority of bugs being discovered these days are memory safety flaws, which is also why Microsoft is looking at Rust to improve the situation. Rust was designed to allow developers to code without having to worry about this class of bug.
'Memory safety' is the term for coding frameworks that help protect memory space from being abused by malware. Project Verona at Microsoft is meant to progress the company's work here to close off this attack vector.
Microsoft's Project Verona could turn out to be just an experiment that leads nowhere, but the company has progressed far enough to have detailed some of its ideas through the UK-based non-profit Knowledge Transfer Network.
Matthew Parkinson, a Microsoft researcher from the Cambridge Computer Lab in the UK who's dedicated to "investigating memory management for managed programming languages", gave a talk last week focusing on what the company is doing to address these memory issues.
In the talk, Parkinson discussed the work Microsoft has done with MemGC, which is short for Memory Garbage Collector, for Internet Explorer (IE) and Edge.
MemGC addressed vulnerabilities in the standard browser feature known as a Document Object Model (DOM), a representation of the data used by browsers to interpret web pages. Google's elite Project Zero hackers were impressed with Microsoft's MemGC after canvassing major browsers.
"We built a garbage collector (GC) for the DOM. That big bulge in use-after-free was basically people finding ways of exploiting memory management in the DOM engine in IE," said Parkinson, referring to a graph that illustrates the prominence of memory safety bugs.
"And then [Microsoft] introduced MemGC, which is a conservative GC for the DOM. It was very targeted at this particular style of vulnerability and then basically eradicated that as an attack vector."
The other class of bugs Microsoft is working on to address relates to uninitialized memory in a way that also doesn't kill performance.
Parkinson delved into a problem that might resonate with customers of its products. "How can we build the safest stuff going forward? So we still have to deal with the legacy. We can't just throw away what we have, but what can we build now in safer systems."
Parkinson said Microsoft is rewriting some "targeted" components in Rust. His talk focused on language design and compartmentalization.
"If we want compartments, and to carve up the legacy bits of our code so [attackers'] exploit code can't get out, what do we need in the language design that can help with that?"
This is Project Verona and Parkinson said it was the first time he'd discussed the project, which will be made open source "soon". It is a new language for what Microsoft is calling "safe infrastructure programming".
The project is being supported by C# project manager Mads Torgensen and Microsoft Research Cambridge research software engineer Juliana Franco.
SEE: Microsoft: We want you to learn Python programming language for free
The challenge for Microsoft is dealing with the "application spectrum", which spans from C# for desktop apps through to C and C# for Exchange, ASP.NET, Azure, and device drivers, to deep Windows components like memory management and boot loaders and the Windows kernel hardware abstraction layer (HAL).
"It's really hard to do memory management. Temporal memory safety is very difficult if you have arbitrary concurrent mutation," said Parkinson.
"The ownership model in Verona is based on groups of objects, not like in Rust where it's based on a single object. In C++ you get pointers and it's based on objects and it's pretty much per object. But that isn't how I think about data and grammar. I think about a data structure as a collection of objects. And that collection of objects as a lifetime.
"So by taking ownership at the level of ownership of objects, then we get much closer to the level of abstraction that people are using and it gives us the ability to build data structures without going outside of safety."
More on programming languagesMicrosoft's Rust experiments are going well, but some features are missing
Tech jobs: Python programming language and AWS skills demand has exploded
Programming language Python 2's end looms, so why will many miss the deadline?
Google: As Go programming language turns 10, here are the big names using it
Python programming language creator retires, saying: 'It's been an amazing ride'
Programming languages: How Instagram's taming a multimillion-line Python monsterSalesforce: Why we ditched Python for Google's Go language in Einstein Analytics
Python-inspired Nim: Version 1.0 of the programming language launches
Google: Take our free Kotlin programming language courses to build Android apps
Microsoft: We want you to learn Python programming language for freeGoogle: Dart 2.5 programming language SDK will 'supercharge' developers
Raspberry Pi gets MIT's Scratch 3 programming language for RaspbianJulia programming language: Users reveal what they love and hate the most about itIs Julia fastest-growing new programming language? Stats chart rapid rise in 2018
Python vs R for data science: Professor rates programming language rivalsProgramming languages: Python predicted to overtake C and Java in next 4 years Netflix: Python programming language is behind every film you stream
JPMorgan's Athena has 35 million lines of Python code, and won't be updated to Python 3 in time TechRepublic
Mozilla's radical open-source move helped rewrite rules of tech CNET