Microsoft is finally attacking C and C++! Want to change dynasties with self-developed programming language!

76 years of iteration and update, programming language world, who’s up and down?

Out of more than 600 programming languages, there may be only a few mainstream programming languages in the subjective impression of developers, such as Java, C, C++, C#, Python, etc., and the reason why they can become mainstream is that the software development ecology must be an integral part of it.

Take C#, one of the most common programming languages. As a type-safe, object-oriented programming language, C# can run well in the.net framework runtime environment.

As its advantages gradually emerged, Microsoft, as one of the most important promoters behind it, comprehensively applied it in database, Web services, games, mobile applications, server applications and other scenarios, thus attracting countless developers to join its ecological construction.

In addition, Microsoft has been an important driver of the ecological development of C++ and C programming languages.

It remains to be seen whether Microsoft will now have a positive impact on the ecosystem of Rust, another programming language, and a similar one, Verona, Microsoft’s latest development.

Remember a Quora thread asking “What programming language did Windows 10 use?” **

Axel Rietschin, a Kernel engineer at Microsoft, responded to this question in April

Windows 10 has the same code base as Windows 8.x, 7, Vista, XP, 2000 and NT, with each generation significantly refactoring from its predecessors and adding a host of new features, improved performance and hardware support, as well as security improvements while maintaining very high forward compatibility.

Among them, such as ntoskrnl. Exe kernel is mostly written in C, and most of the content running in kernel mode is also written in C, including file system, network and driver programs. It also includes some C++ code, and the closer you get to user mode and the closer you get to new source code, the less C you use, and the more C++ you use.

In addition,.net BCL and related libraries and frameworks are often written in C#, but they are just a drop in the ocean of C with a few C++ islands. They are from different departments and the code is not in the Windows source tree.

Windows, the world’s dominant desktop operating system, has a complex internal architecture and uses more than one programming language.

Now, in addition to C, C++, C# and other mainstream programming languages, Microsoft has announced that it is exploring the use of Rust, a common, compiled programming language developed by Mozilla, as an alternative to C, C++, and other languages.

At the same time, Microsoft is working ona new programming language similar to Rust, Verona, but the two strategies have only one goal in mind: to harden Windows 10’s security.

Why does Microsoft use Rust instead of C and C++?

The reason why you want to make a big move to improve and improve safety is that you have fallen in this place.

In fact, it is. As previously reported on the Microsoft blog, the Microsoft Security Response Center (MSRC) has categorized all Microsoft security vulnerability reports since 2004 and found that approximately 70% of all Microsoft annual patches were for memory security vulnerabilities.

Upon further investigation, we found that these vulnerabilities were caused by developers inadvertently inserting content corruption errors into their C and C++ code.

About 70% of the CVE vulnerabilities Microsoft fixes each year are memory security issues

With this in mind, Microsoft began its search for a more secure programming language.

At the beginning of its exploration, Microsoft knew that several languages, such as C#, could be used to some extent to protect against memory corruption.

Unfortunately, a programming language like C++ is necessary in some cases because it has advantages in speed, memory, and disk space. Besides, C++ can also predict execution.

The question is whether the two can be combined, that is, whether you can use.net, C# and other languages to keep all memory safe, plus the efficiency of C++.

Taken together, Rust, long known for its “security, concurrency, utility” design, may be the best choice to meet these criteria. Like C and C++, Rust has a minimal optional “runtime”.

In addition, its standard library relies on LIBC, but the standard library is also optional, so it is possible to run on platforms without an operating system.

Microsoft’s deep research into security – Verona language

However, there is no secure operating system, and certainly no flawless programming language. While building on Rust to improve Windows system security, MSRC also found that the language lacked first-class interoperability with C++, as well as interoperability with existing Microsoft tools.

According to ZDNet, Microsoft researcher Matthew Parkinson revealed in a recent talk that Microsoft is working on Verona, a new programming language similar to Rust.

As before, Microsoft aims to use Verona to develop low-level Windows components to improve Windows 10 security.

“Memory security” is one of the terms used by coding frameworks to help protect memory space from abuse by malware. With The Verona project, Microsoft hopes to push security efforts to shut down this attack vehicle. Previously, many industry insiders said that Microsoft’s Project Vernoa plan may be a useless experiment.

However, in a recent talk, Microsoft researcher Matthew Parkinson shared his company’s work on MemGC (Memory Garbage Collector) and the latest developments in Verona.

MemGC stands for the memory garbage collector on Internet Explorer and Edge browsers that addresses vulnerabilities in standard browser functionality called the Document Object Model (DOM).

Matthew Parkinson said, “We built a garbage collector (GC) for the DOM.

Developers can find ways to use memory management in THE DOM engine in IE for free. Then, Microsoft introduced MemGC, which is a conservative GC for DOM. It takes this very specific vulnerability style and essentially eliminates it as an attack vehicle.”

Beyond that, Matthew Parkinson has been working on a question that may resonate with customers of his products: “How do we build the most secure products? How to deal with legacy issues? Instead of thinking about just throwing away what we already have, we’re thinking about what we can build into a more secure system.”

With this belief in mind, Parkinson said, “If you want to isolate and streamline parts of the code that are left behind so that attackers can’t exploit it, what innovations in language design are there?”

This is Microsoft’s latest “security infrastructure programming”, Verona, which will soon be “open source”.

The project is currently supported by C# project manager Mads Torgensen and Microsoft Research Cambridge Research software engineer Juliana Franco.

For Microsoft, the current challenge is to address a wide range of “applications,” from C# for desktop applications to C or C# for Exchange, ASP.NET, Azure and device drivers, to underlying Windows components such as memory management and startup loaders, And The Windows Kernel Hardware Abstraction Layer (HAL).

“Performing memory management is really difficult,” Matthew Parkinson said. If there are any concurrent mutations, then temporary memory security is very difficult.”

In addition, Matthew Parkinson describes Verona’s design approach, “Verona’s ownership model is based ona group of objects rather than a single object ownership model as Rust does.

In C ++, the developer can get a pointer, and it’s object-based, and it’s almost every object. However, this is different from my thinking about data and syntax. I think of data structures as collections of objects, and collections of objects as life cycles.

“So by getting ownership through the level of ownership of objects, we can get closer to the level of abstraction that people are using, which allows us to build data structures without going out of bounds of security.”

What do you think of Verona?

It remains to be seen whether Verona will be a breakthrough for Windows security. At the same time, many netizens have also lamented:

It must be Rust that is not good enough and would rather write it than participate in the development to make Rust better.

It was Microsoft Research that released the news, not Microsoft. Just as Microsoft Security designed the COM library for Rust. And the research institute is more inclined to the research nature, it may just be engaged in experimental use;

C# is a notoriously sweet language. MS will not tolerate the syntax of Rust.

What do you think? Feel free to share your thoughts in the comments below.

If you want to learn about programming – Programming club [click here]!

** Involves: **C language, C++, Windows programming, network programming, QT interface development, Linux programming, game programming, hacking and so on……

An active, high-powered, high-level programming learning hall for programmers; The introduction of programming is only a side, the improvement of thinking is valuable!

Microsoft is finally attacking C and C++! Want to change dynasties with self-developed programming language!

Why does Microsoft use Rust instead of C and C++?

Microsoft’s deep research into security – Verona language

What do you think of Verona?

Related Posts

Before we start deep learning, let’s talk about math.

Impala + Kudu experience

I want to talk a little bit about the events of malicious code injected by the author of faker.js and colors.js