Microsoft to replace all C/C++ code with Rust

73 pointsposted 2 months ago
by ape4
(thurrott.com)

64 Comments

wavemode

2 months ago

Title is "Microsoft to replace all C/C++ with Rust"

Meanwhile the content of the post is merely that an engineer who works for a team within Microsoft's AI division wrote on LinkedIn "my goal is to eliminate every line of C and C++ from Microsoft". (He believes that he can get AI agents to accomplish this.)

Not quite the same as an official plan announced by the CTO or something. Bit misleading title.

pjmlp

2 months ago

That guy is relatively high on Microsoft, anyone that is using WSL, has to thank his Microsoft Research department for OS research.

https://www.microsoft.com/en-us/research/people/galenh/proje...

wavemode

2 months ago

My point is not about the person or their accomplishments. My point is that "Microsoft to replace all C/C++ code with Rust" is a misleading title when it's actually just a stated goal of someone working on an aspirational research project.

pjmlp

2 months ago

Well, it is kind of in line with company official communication anyway, so this goal is currently a business target,

> Decades of vulnerabilities have proven how difficult it is to prevent memory-corrupting bugs when using C/C++. While garbage-collected languages like C# or Java have proven more resilient to these issues, there are scenarios where they cannot be used. For such cases, we’re betting on Rust as the alternative to C/C++. Rust is a modern language designed to compete with the performance C/C++, but with memory safety and thread safety guarantees built into the language. While we are not able to rewrite everything in Rust overnight, we’ve already adopted Rust in some of the most critical components of Azure’s infrastructure. We expect our adoption of Rust to expand substantially over time.

-- https://azure.microsoft.com/en-us/blog/microsoft-azure-secur...

> And, in alignment with the Secure Future Initiative, we are adopting safer programming languages, gradually moving functionality from C++ implementation to Rust.

-- https://blogs.windows.com/windowsexperience/2024/11/19/windo...

> We will accelerate and automate threat modeling, deploy CodeQL for code analysis to 100 percent of commercial products, and continue to expand Microsoft’s use of memory safe languages (such as C#, Python, Java, and Rust), building security in at the language level and eliminating whole classes of traditional software vulnerability.

-- https://www.microsoft.com/en-us/security/blog/2023/11/02/ann...

So naturally, there are many people that besides AI KPIs, now have to match their SFI KPIs at Redmond, including Mark Russinovich.

"Mark Russinovich, Microsoft Azure CTO tells Rust Nation UK 2025 why Azure is moving to Rust from C++"

https://www.youtube.com/watch?v=SmUprpjCWjM

"Microsoft is Getting Rusty: A Review of Successes and Challenges - Mark Russinovich"

https://www.youtube.com/watch?v=1VgptLwP588

Naturally aiming at 2030 for the amount of existing C++ code is crazy, and there are groups within Microsoft, especially DirectX and Windows that most likely won't let go of their toys.

wavemode

a month ago

I can't tell what your point is at this point, I'm going to be honest. Everything you're linking to, I'm aware of. But you've still presented no evidence for the claim that Microsoft is "to replace all C/C++ code with Rust".

If the title was "Microsoft to expand use of Rust" then OK. If it was "Microsoft to develop all new projects in Rust rather than C++", that would be an unsubstantiated claim when you're talking about the company as a whole rather than just Azure or some other segment, but it would at least be a bit closer to the truth than the current HN title.

pjmlp

a month ago

If you were aware, then you would know about the projects where they rewrote C++ projects into Rust, some mentioned on the Rust Nation UK talk.

wavemode

a month ago

Yep, I'm aware of that too.

pjmlp

a month ago

Doesn't seem like from the previous comment.

anonysource

a month ago

Are you a sponsor of this guy after all? Getting paid to respond to all web comments regarding it? It's quite weird why you have been responding to all these posts with all the passion.

With that said... I work at Microsoft on Windows OS, and the main point that was mentioned is indeed true: this is a claim of this engineer only and his team, and it just seems to be a plan totally misaligned with Windows OS vision of how things should be in 10 years. We won't get rid of C++ code anytime soon, the goal is to keep in hybrid state, not to get rid of things. This is unfeasible to do in mature products given all Windows OS processes to ship code.

pjmlp

a month ago

I wish, I just happen to be more aware of what is happening at Microsoft Research than the regular HNer, thus I clarify with passion.

A little money wouldn't do any harm, though.

And since you are here, some of us dislike the C++ vs .NET narrative from the Windows team, Windows 7 .NET bindings being dropped, refusal for .NET DirectX Bindings like Apple and Google do with their 3D APIs, the way UWP tooling went down the drain, and would welcome an improvement on the state of affairs.

markus_zhang

a month ago

Does the kernel team only use Rust for new code? I heard that Mark once said that no new C/C++ code is allowed but wondering if it's for everything or just part of the codebase.

scrubs

2 months ago

This guy is daydreaming to be done by 2030. May as well throw in super conductors at room temp and 1 atm pressure too.

Someone

a month ago

I don’t think he is daydreaming; he is selling a job opening.

If he said “by 2050” or “by 2100”, I bet he would get fewer applicants. I also think the applicants he would get would be of lower quality.

pjmlp

2 months ago

Given that research projects like Drawbridge end up in products like WSL 1.0, and SQL Server on Linux, many of his dreams come true.

evil-olive

2 months ago

> “My goal is to eliminate every line of C and C++ from Microsoft by 2030,” Microsoft Distinguished Engineer Galen Hunt writes in a post on LinkedIn.

from the LinkedIn post [0]:

> I have an open position in my team for a IC5 Principal Software Engineer. The position is in-person in Redmond.

> My goal is to eliminate every line of C and C++ from Microsoft by 2030.

so perhaps a more accurate title would be "one guy at Microsoft, in a LinkedIn job posting, says it's his goal to replace all C/C++ code with Rust"

0: https://www.linkedin.com/posts/galenh_principal-software-eng...

greatgib

2 months ago

Launching big paper project like that so he can feel important... The why is irrelevant...

DannyBee

2 months ago

Galen has achieved an amazing amount over the years, both in MS research and at MS. Do you have a real reason to believe he won't achieve this or just want to character assassinate him with no evidence

(We went to the same university, ive never worked with him and actually worked at a competitor for about twenty years, but know plenty of folks who have worked with him and am fairly familiar with his work and research)

oreally

2 months ago

TBF this does reek of professional corporate egoism circumventing "if it ain't broke don't fix it" practicalities. Personally I'm quite fearful of how many more things it'll break.

feverzsj

2 months ago

Last time I checked, he miserably failed the Azure Sphere after years developing with a massive team.

ghandi25

2 months ago

Instead of wasting time on this, I’d hope they’d transition to a Linux core.

gucci-on-fleek

2 months ago

Why? I'm a pretty dedicated Linux user, but I'd argue that Windows NT is a far better technical architecture than GNU/Linux, it's just the Win32 and shell stuff that sucks. But in this hypothetical transition, Win32 and the shell would be one of the only things that Microsoft keeps, which seems like the worst of both worlds to me.

If we're talking hypotheticals, I'd much rather Microsoft open source the NT kernel and low-level subsystems (like ntdll.dll). Open sourcing all of Windows would be even better, but that seems nearly impossible to me.

signa11

a month ago

> ... I'm a pretty dedicated Linux user, but I'd argue that Windows NT is a far better technical architecture than GNU/Linux ...

please do explain. thank you !

gucci-on-fleek

a month ago

A few examples:

1. Unix has “everything is a file”, which is great, but it also means that you spend lots of time converting structured data to/from strings. Windows NT instead has “everything is an object”, which has the same benefits of “everything is a file”, plus the additional benefit of all the data being structured and typed. (Of course, Windows has a far worse UI for interacting with objects than Unix does for files, but the UI isn't what we're talking about here).

2. NT cleanly separates the low-level NT APIs from the higher-level subsystems [0]. Win32 isn't special at all to NT, it's just another subsystem. WSL1 was implemented as a subsystem [1], and it could cleanly support most of the Linux syscalls without needing any hacks. Similarly, it implemented full Linux filesystem semantics on top of NTFS by using the builtin attribute and alternate stream support. Wine does the reverse on Linux, but it's not nearly as clean of an architecture as NT.

3. Linux runs far more code in the kernel than NT does [2]. While this is often good for performance, it's much worse for security and reliability since kernel bugs tend to have much worse consequences than user-mode bugs. Linux and Windows have been moving in opposite directions here, with Linux moving more graphics code into the kernel with KMS [3], while Windows is moving more graphics code into userspace with WDDM [4].

4. NT was designed with much better security than Unix. Every object has an associated security token that controls its access [5], and programs can freely reduce (but not increase) the privileges granted by each token, which is a much cleaner way to implement sandboxing compared to Linux's user namespaces, where programs need to create entirely new user and filesystem hierarchies from scratch instead of just restricting the current ones. (Despite this, it's much easier for programs to implement sandboxing on Linux than on Windows)

5. Further on the security idea, Unix's concept of a single "root" account that can do everything without any restrictions is mostly a terrible idea. With Windows, there aren't any accounts that have all privileges (ignoring LocalSystem), which means that exploiting a system component usually has less consequences than on Unix. Similarly, Windows has proper RBAC [6] via UAC, so when you “Run as Administrator”, you're still running it under your account, just with an elevated security token. "sudo" is somewhat similar, except that it runs programs as root, which leads to problems with permissions on files in your home directory.

As you can see, the general theme is most components of NT have much cleaner technical designs than their corresponding components in Linux, which NT then squanders behind atrocious interfaces, while Linux puts in tons of work to create great interfaces and new features on top of much worse technical foundations. (This same argument mostly applies to the BSDs too)

[0]: https://en.wikipedia.org/wiki/Architecture_of_Windows_NT#Use...

[1]: https://en.wikipedia.org/wiki/Windows_Subsystem_for_Linux#WS...

[2]: https://en.wikipedia.org/wiki/Architecture_of_Windows_NT#Ker...

[3]: https://en.wikipedia.org/wiki/Direct_Rendering_Manager#Kerne...

[4]: https://en.wikipedia.org/wiki/Windows_Display_Driver_Model

[5]: https://en.wikipedia.org/wiki/Object_Manager

[6]: https://en.wikipedia.org/wiki/Role-based_access_control

scrubs

2 months ago

"just the Win32 and shell stuff that sucks"

Well, it's way beyond sucks. But ok: is it even possible to run windows with just a command line ... no ui, no graphics, start menu, no file manager or is the ui too integrated into the OS?

gucci-on-fleek

2 months ago

> is it even possible to run windows with just a command line

Docker supports Windows containers [0], but this requires a Windows host so it probably doesn't help you too much. Windows PE [1] does support a GUI, but it doesn't include any of the traditional shell components. Nano Server [2] is the closest to what you're talking about, but it's been deprecated.

> start menu, no file manager or is the ui too integrated into the OS

Windows Phone [3], Windows IoT [4], and Xbox are all NT-based, and none of them include a traditional file manager or shell, but they all do have GUIs.

[0]: https://hub.docker.com/r/microsoft/windows

[1]: https://en.wikipedia.org/wiki/Windows_Preinstallation_Enviro...

[2]: https://learn.microsoft.com/en-us/previous-versions/windows-...

[3]: https://en.wikipedia.org/wiki/Windows_Phone

[4]: https://en.wikipedia.org/wiki/Windows_IoT

hulitu

2 months ago

> but I'd argue that Windows NT is a far better technical architecture than GNU/Linux

Why don't you use it ?

gucci-on-fleek

2 months ago

1. Because it's not open source. This isn't purely an ideological thing, but that I tend to run into obscure bugs, so being able to look through the source and submit a patch is incredibly useful to me.

2. Because what I want doesn't exist. Windows NT has excellent technical foundations, but I really don't like using Win32 or any of the Windows shell stuff, but there's no way for regular consumers to use Windows NT without Win32. (WSL exists, but that still requires a full Windows installation)

3. The ecosystem. Linux tends to have much better support than Windows for the types of software that I use, and a hypothetical GNU/NT hybrid would have even worse than both Windows and Linux.

avaer

2 months ago

It might actually happen. Either way there would be a gradual transition from C++ to Rust.

noodellaboss

2 months ago

This is highly irresponsible for this Galen guy. If he wanted to change C to Rust, he should have gone to Mustafa or Pavan. Those 2 are currently the most intelligent people in Microsoft - very intelligent people, they got AI. Those 2 would have completed this work within a year.

bluehex

2 months ago

Anyone who's done some vibe coding can imagine what a mess a vibe coded operating system is going to be with current day tools. LLM agent coding is good at making small prototype web apps and the like but trying to apply it to significantly complex legacy software is a nightmare.

camdenreslink

2 months ago

I'm not sure I'd feel comfortable making large changes to a complex legacy code base with just an LLM. But I think an LLM could be a big help to try to understand a complex legacy code base. As long as you are verifying what it is saying (which you would naturally kind of have to for that use case).

bluehex

2 months ago

I absolutely agree with you. I think this quote in the article gave me the impression that they are talking more about vibe coding it at scale rather than llm assisted engineering.

  "Our strategy is to combine AI and Algorithms to rewrite Microsoft’s largest codebases. Our North Star is ‘1 engineer, 1 month, 1 million lines of code.’"

Grimblewald

2 months ago

I think, given the level of jank we see in W11, we are already feeling the effects of vibe coded OS stuff. Sure right now it's surface layer stuff that mostly breaks things like your start menu or file explorer, you know, basic stuff no one will notice, once you bring this digital cancer into the OS's core functionality all hell will break loose.

digitalPhonix

2 months ago

> Our North Star is ‘1 engineer, 1 month, 1 million lines of code.’

A guiding metric on lines of code. How could this possibly go wrong?

HelloNurse

2 months ago

The important metric is how many tests need to be written to trust those lines of code (in one month, and more ludicrously by one engineer).

Maybe the plan is not testing because they think that Rust is "safe" and automatic translation is smarter than a typical Microsoft employee.

blibble

a month ago

> automatic translation is smarter than a typical Microsoft employee.

not really a high bar is it...

HelloNurse

a month ago

Delusional rockstar engineers might really have this kind of opinion of their LLMs and their colleagues.

With less sarcasm, how bad is Microsoft as a workplace? The source of this kind of naively arrogant proclamation can be anything from a single rotten apple, to a critical mass of unchecked idiots in the same business unit, to normal for the company culture, to a top-down mandate.

johndoe0815

2 months ago

"“My goal is to eliminate every line of C and C++ from Microsoft by 2030,” Microsoft Distinguished Engineer Galen Hunt writes in a post on LinkedIn. “Our strategy is to combine AI and Algorithms to rewrite Microsoft’s largest codebases"

What can go wrong? Yikes...

locknitpicker

2 months ago

> What can go wrong? Yikes..

The post is clearly aimed at self-promotion. The guy is basically referring to mundane things like using transpilers to generate Rust from C. Those have been around for a few years now, such as C2Rust[1]. At best, this sort of project is looking for corporate backing to politically handle this sort of migration.

At this point this sort of stunt is hardly technical, and instead it's something between a publicity stunt and managing technical debt.

[1] https://c2rust.com/

LeFantome

2 months ago

I think it would be more interesting to more creatively rewrite functions or even modules around tests.

C2Rust is not going to be very idiomatic.

locknitpicker

2 months ago

> C2Rust is not going to be very idiomatic.

That's irrelevant when discussing migrating large volumes of code. The hard part is migrating the project to another tech stack and setup proper test coversge. After that point, nice-to-haves such as idiomatic code is treated as mundane maintenance work.

avaer

2 months ago

As off the wall as this kind of thinking is, I actually agree this is probably what Microsoft has to embrace, and this isn't even going far enough.

Anyone who has experience with LLMs knows that strong typing, static validation, and testing is how you get the most out of codegen. The kind of thing Rust is for. I can think of ways to do this gradually, that would actually work.

It's something that would take years to see effects in a C++ codebase but I think the alternative of sticking with C++ is a dead end.

Somewhat relevant: I chuckled at this (quite accurate) 2 hour overview of the unfixable problems with C++: https://www.youtube.com/watch?v=7fGB-hjc2Gc.

Unreliable source: I worked at Microsoft (on C++) many years ago and I've been writing C++ on/off for ~15 years.

LeFantome

2 months ago

Rust could work really well with AI.

“If it compiles, it is probably correct” is a major aid if you do not actually understand what the code is doing. AI and the compiler could be powerful partners.

uecker

a month ago

My personal goal was to replace all of Microsoft in my life. I mostly achieved this 30 years ago with the help of a C program. Now I only have to use Microsoft products when other people I collaborate with insist on using them. So if Rust with the help of AI wll kill Microsoft with this project, this would make me very happy and I certainly will look at this language much more favorably.

khaelenmore

2 months ago

A sinking ship is becoming a sunken ship, I guess. With this rate of changes and "AI" in charge, I would be surprised if Windows will not finally turn into an unusable mess of bugs, memory leaks (no, Rust does not prevent them) and ruining the compatibility with all of the apps in process (the highlight of Windows, keeping people to still use it despite all MS effort to ruin the OS)

ndiddy

a month ago

> Our North Star is ‘1 engineer, 1 month, 1 million lines of code.’

How do they intend to accomplish this? Assuming 40 hour work weeks (160 hours/month), and even assuming a developer would spend their entire 8 hour work day solely reviewing generated Rust code, that would still be ~104 lines of code per minute. At that point what value does the engineer they're hiring even have if they'd just be scrolling through the code and giving it a cursory glance?

ChrisArchitect

a month ago

LinkedIn poster updated the post:

> Update: It appears my post generated far more attention than I intended... with a lot of speculative reading between the lines.

> Just to clarify... Windows is *NOT* being rewritten in Rust with AI.

> My team’s project is a research project. We are building tech to make migration from language to language possible. The intent of my post was to find like-minded engineers to join us on the next stage of this multi-year endeavor—not to set a new strategy for Windows 11+ or to imply that Rust is an endpoint.

akamaka

2 months ago

Great to know that all of the existing bugs in Microsoft’s code will be faithfully translated into Rust using LLMs.

jtchang

2 months ago

Fundamentally is there anything you can't write in rust and must write in C? With AI languages should mostly be transposable even though right now they are not.

t-writescode

2 months ago

Why rewrite something with multiple decades of validation and bugs-now-depended-upon-features?

Word and Excel almost certainly have 30 year old C++ code that #must-not-be-touched, bugs and all.

canucker2016

2 months ago

So they're going to port Microsoft Edge web browser to Rust?

Are they going to upstream their changes to the Google Chrome-codebase?

HackerThemAll

2 months ago

Security. I know it's boring for most, but important for those who need to handle cybersecurity issues.

jiggawatts

2 months ago

Some of the “algorithms” libraries in C++ are very difficult to express in safe Rust and might require proc macros.

Most anything related to “intrusive linked lists” is difficult or outright impossible in safe Rust, but is commonly used in operating system code.

LeFantome

2 months ago

To be fair, one of the main reasons linked lists are used is that more advanced data structures are too hard at the OS level with C.

jiggawatts

a month ago

Intrusive linked lists have performance and robustness benefits for kernel programming, chiefly that they don't require any dynamic memory allocation and can play nice with scenarios where not all memory might be "paged in", and the paging system itself needs data structures to track memory statues. Linked lists for this type of use also have consistently low latency, which can matter a lot in some scenarios such as network packet processing. I.e.: loading a struct into L1 cache also loads its member pointers to the next struct, saving an additional step looking it up in some external data structure.

markus_zhang

a month ago

In one of the comments he talked about concurrency safety. As someone who has just touched the lock implementations in a toy OS -- xv6, I found concurrency issues to be extremely easy to flare up and very hard to debug. Does Rush provide something lock-related that is similar to memory safety?

Rochus

a month ago

No wonder Herb Sutter left Microsoft.

stockresearcher

a month ago

If this was a real project, they’d start from scratch and design the OS using Rust idioms.

But it’s nothing more than marketing drivel. The goal is for clueless C-level folks to say “if MS can do this with their AI, surely we can take care of our problems using a few copilot subscriptions and a large layoff!”

worik

a month ago

this is a really bad idea.

A million lines of code per engineer per month, they say.

What a dreadfully bad use of excellent technology!

LLMs could help the review all that code, and help their programmers find problematic C or C++ code that could be fixed, or perhaps replaced with Rust.

What they are proposing is mindless foolishness. AI slop on an industrial scale

Rust is good. Rust is not magic