Microsoft to replace all C/C++ code with Rust

36 pointsposted 12 hours ago
by ape4
(thurrott.com)

41 Comments

wavemode

8 hours ago

Title is "Microsoft to replace all C/C++ with Rust"

Meanwhile the content of the post is merely that an engineer who works for a team within Microsoft's AI division wrote on LinkedIn "my goal is to eliminate every line of C and C++ from Microsoft". (He believes that he can get AI agents to accomplish this.)

Not quite the same as an official plan announced by the CTO or something. Bit misleading title.

scrubs

6 hours ago

This guy is daydreaming to be done by 2030. May as well throw in super conductors at room temp and 1 atm pressure too.

pjmlp

5 hours ago

Given that research projects like Drawbridge end up in products like WSL 1.0, and SQL Server on Linux, many of his dreams come true.

pjmlp

5 hours ago

That guy is relatively high on Microsoft, anyone that is using WSL, has to thank his Microsoft Research department for OS research.

https://www.microsoft.com/en-us/research/people/galenh/proje...

wavemode

5 hours ago

My point is not about the person or their accomplishments. My point is that "Microsoft to replace all C/C++ code with Rust" is a misleading title when it's actually just a stated goal of someone working on an aspirational research project.

pjmlp

3 hours ago

Well, it is kind of in line with company official communication anyway, so this goal is currently a business target,

> Decades of vulnerabilities have proven how difficult it is to prevent memory-corrupting bugs when using C/C++. While garbage-collected languages like C# or Java have proven more resilient to these issues, there are scenarios where they cannot be used. For such cases, we’re betting on Rust as the alternative to C/C++. Rust is a modern language designed to compete with the performance C/C++, but with memory safety and thread safety guarantees built into the language. While we are not able to rewrite everything in Rust overnight, we’ve already adopted Rust in some of the most critical components of Azure’s infrastructure. We expect our adoption of Rust to expand substantially over time.

-- https://azure.microsoft.com/en-us/blog/microsoft-azure-secur...

> And, in alignment with the Secure Future Initiative, we are adopting safer programming languages, gradually moving functionality from C++ implementation to Rust.

-- https://blogs.windows.com/windowsexperience/2024/11/19/windo...

> We will accelerate and automate threat modeling, deploy CodeQL for code analysis to 100 percent of commercial products, and continue to expand Microsoft’s use of memory safe languages (such as C#, Python, Java, and Rust), building security in at the language level and eliminating whole classes of traditional software vulnerability.

-- https://www.microsoft.com/en-us/security/blog/2023/11/02/ann...

So naturally, there are many people that besides AI KPIs, now have to match their SFI KPIs at Redmond, including Mark Russinovich.

"Mark Russinovich, Microsoft Azure CTO tells Rust Nation UK 2025 why Azure is moving to Rust from C++"

https://www.youtube.com/watch?v=SmUprpjCWjM

"Microsoft is Getting Rusty: A Review of Successes and Challenges - Mark Russinovich"

https://www.youtube.com/watch?v=1VgptLwP588

Naturally aiming at 2030 for the amount of existing C++ code is crazy, and there are groups within Microsoft, especially DirectX and Windows that most likely won't let go of their toys.

evil-olive

12 hours ago

> “My goal is to eliminate every line of C and C++ from Microsoft by 2030,” Microsoft Distinguished Engineer Galen Hunt writes in a post on LinkedIn.

from the LinkedIn post [0]:

> I have an open position in my team for a IC5 Principal Software Engineer. The position is in-person in Redmond.

> My goal is to eliminate every line of C and C++ from Microsoft by 2030.

so perhaps a more accurate title would be "one guy at Microsoft, in a LinkedIn job posting, says it's his goal to replace all C/C++ code with Rust"

0: https://www.linkedin.com/posts/galenh_principal-software-eng...

ghandi25

10 hours ago

Instead of wasting time on this, I’d hope they’d transition to a Linux core.

gucci-on-fleek

7 hours ago

Why? I'm a pretty dedicated Linux user, but I'd argue that Windows NT is a far better technical architecture than GNU/Linux, it's just the Win32 and shell stuff that sucks. But in this hypothetical transition, Win32 and the shell would be one of the only things that Microsoft keeps, which seems like the worst of both worlds to me.

If we're talking hypotheticals, I'd much rather Microsoft open source the NT kernel and low-level subsystems (like ntdll.dll). Open sourcing all of Windows would be even better, but that seems nearly impossible to me.

scrubs

7 hours ago

"just the Win32 and shell stuff that sucks"

Well, it's way beyond sucks. But ok: is it even possible to run windows with just a command line ... no ui, no graphics, start menu, no file manager or is the ui too integrated into the OS?

gucci-on-fleek

6 hours ago

> is it even possible to run windows with just a command line

Docker supports Windows containers [0], but this requires a Windows host so it probably doesn't help you too much. Windows PE [1] does support a GUI, but it doesn't include any of the traditional shell components. Nano Server [2] is the closest to what you're talking about, but it's been deprecated.

> start menu, no file manager or is the ui too integrated into the OS

Windows Phone [3], Windows IoT [4], and Xbox are all NT-based, and none of them include a traditional file manager or shell, but they all do have GUIs.

[0]: https://hub.docker.com/r/microsoft/windows

[1]: https://en.wikipedia.org/wiki/Windows_Preinstallation_Enviro...

[2]: https://learn.microsoft.com/en-us/previous-versions/windows-...

[3]: https://en.wikipedia.org/wiki/Windows_Phone

[4]: https://en.wikipedia.org/wiki/Windows_IoT

hulitu

5 hours ago

> but I'd argue that Windows NT is a far better technical architecture than GNU/Linux

Why don't you use it ?

gucci-on-fleek

5 hours ago

1. Because it's not open source. This isn't purely an ideological thing, but that I tend to run into obscure bugs, so being able to look through the source and submit a patch is incredibly useful to me.

2. Because what I want doesn't exist. Windows NT has excellent technical foundations, but I really don't like using Win32 or any of the Windows shell stuff, but there's no way for regular consumers to use Windows NT without Win32. (WSL exists, but that still requires a full Windows installation)

3. The ecosystem. Linux tends to have much better support than Windows for the types of software that I use, and a hypothetical GNU/NT hybrid would have even worse than both Windows and Linux.

avaer

9 hours ago

It might actually happen. Either way there would be a gradual transition from C++ to Rust.

greatgib

9 hours ago

Launching big paper project like that so he can feel important... The why is irrelevant...

DannyBee

8 hours ago

Galen has achieved an amazing amount over the years, both in MS research and at MS. Do you have a real reason to believe he won't achieve this or just want to character assassinate him with no evidence

(We went to the same university, ive never worked with him and actually worked at a competitor for about twenty years, but know plenty of folks who have worked with him and am fairly familiar with his work and research)

oreally

6 hours ago

TBF this does reek of professional corporate egoism circumventing "if it ain't broke don't fix it" practicalities. Personally I'm quite fearful of how many more things it'll break.

feverzsj

4 hours ago

Last time I checked, he miserably failed the Azure Sphere after years developing with a massive team.

noodellaboss

8 hours ago

This is highly irresponsible for this Galen guy. If he wanted to change C to Rust, he should have gone to Mustafa or Pavan. Those 2 are currently the most intelligent people in Microsoft - very intelligent people, they got AI. Those 2 would have completed this work within a year.

digitalPhonix

4 hours ago

> Our North Star is ‘1 engineer, 1 month, 1 million lines of code.’

A guiding metric on lines of code. How could this possibly go wrong?

HelloNurse

4 hours ago

The important metric is how many tests need to be written to trust those lines of code (in one month, and more ludicrously by one engineer).

Maybe the plan is not testing because they think that Rust is "safe" and automatic translation is smarter than a typical Microsoft employee.

khaelenmore

3 hours ago

A sinking ship is becoming a sunken ship, I guess. With this rate of changes and "AI" in charge, I would be surprised if Windows will not finally turn into an unusable mess of bugs, memory leaks (no, Rust does not prevent them) and ruining the compatibility with all of the apps in process (the highlight of Windows, keeping people to still use it despite all MS effort to ruin the OS)

bluehex

10 hours ago

Anyone who's done some vibe coding can imagine what a mess a vibe coded operating system is going to be with current day tools. LLM agent coding is good at making small prototype web apps and the like but trying to apply it to significantly complex legacy software is a nightmare.

camdenreslink

10 hours ago

I'm not sure I'd feel comfortable making large changes to a complex legacy code base with just an LLM. But I think an LLM could be a big help to try to understand a complex legacy code base. As long as you are verifying what it is saying (which you would naturally kind of have to for that use case).

bluehex

10 hours ago

I absolutely agree with you. I think this quote in the article gave me the impression that they are talking more about vibe coding it at scale rather than llm assisted engineering.

  "Our strategy is to combine AI and Algorithms to rewrite Microsoft’s largest codebases. Our North Star is ‘1 engineer, 1 month, 1 million lines of code.’"

Grimblewald

9 hours ago

I think, given the level of jank we see in W11, we are already feeling the effects of vibe coded OS stuff. Sure right now it's surface layer stuff that mostly breaks things like your start menu or file explorer, you know, basic stuff no one will notice, once you bring this digital cancer into the OS's core functionality all hell will break loose.

akamaka

8 hours ago

Great to know that all of the existing bugs in Microsoft’s code will be faithfully translated into Rust using LLMs.

avaer

9 hours ago

As off the wall as this kind of thinking is, I actually agree this is probably what Microsoft has to embrace, and this isn't even going far enough.

Anyone who has experience with LLMs knows that strong typing, static validation, and testing is how you get the most out of codegen. The kind of thing Rust is for. I can think of ways to do this gradually, that would actually work.

It's something that would take years to see effects in a C++ codebase but I think the alternative of sticking with C++ is a dead end.

Somewhat relevant: I chuckled at this (quite accurate) 2 hour overview of the unfixable problems with C++: https://www.youtube.com/watch?v=7fGB-hjc2Gc.

Unreliable source: I worked at Microsoft (on C++) many years ago and I've been writing C++ on/off for ~15 years.

LeFantome

8 hours ago

Rust could work really well with AI.

“If it compiles, it is probably correct” is a major aid if you do not actually understand what the code is doing. AI and the compiler could be powerful partners.

jtchang

11 hours ago

Fundamentally is there anything you can't write in rust and must write in C? With AI languages should mostly be transposable even though right now they are not.

t-writescode

10 hours ago

Why rewrite something with multiple decades of validation and bugs-now-depended-upon-features?

Word and Excel almost certainly have 30 year old C++ code that #must-not-be-touched, bugs and all.

canucker2016

8 hours ago

So they're going to port Microsoft Edge web browser to Rust?

Are they going to upstream their changes to the Google Chrome-codebase?

HackerThemAll

9 hours ago

Security. I know it's boring for most, but important for those who need to handle cybersecurity issues.

jiggawatts

8 hours ago

Some of the “algorithms” libraries in C++ are very difficult to express in safe Rust and might require proc macros.

Most anything related to “intrusive linked lists” is difficult or outright impossible in safe Rust, but is commonly used in operating system code.

LeFantome

8 hours ago

To be fair, one of the main reasons linked lists are used is that more advanced data structures are too hard at the OS level with C.

johndoe0815

12 hours ago

"“My goal is to eliminate every line of C and C++ from Microsoft by 2030,” Microsoft Distinguished Engineer Galen Hunt writes in a post on LinkedIn. “Our strategy is to combine AI and Algorithms to rewrite Microsoft’s largest codebases"

What can go wrong? Yikes...

locknitpicker

8 hours ago

> What can go wrong? Yikes..

The post is clearly aimed at self-promotion. The guy is basically referring to mundane things like using transpilers to generate Rust from C. Those have been around for a few years now, such as C2Rust[1]. At best, this sort of project is looking for corporate backing to politically handle this sort of migration.

At this point this sort of stunt is hardly technical, and instead it's something between a publicity stunt and managing technical debt.

[1] https://c2rust.com/

LeFantome

8 hours ago

I think it would be more interesting to more creatively rewrite functions or even modules around tests.

C2Rust is not going to be very idiomatic.

locknitpicker

7 hours ago

> C2Rust is not going to be very idiomatic.

That's irrelevant when discussing migrating large volumes of code. The hard part is migrating the project to another tech stack and setup proper test coversge. After that point, nice-to-haves such as idiomatic code is treated as mundane maintenance work.