Title is "Microsoft to replace all C/C++ with Rust"
Meanwhile the content of the post is merely that an engineer who works for a team within Microsoft's AI division wrote on LinkedIn "my goal is to eliminate every line of C and C++ from Microsoft". (He believes that he can get AI agents to accomplish this.)
Not quite the same as an official plan announced by the CTO or something. Bit misleading title.
My point is not about the person or their accomplishments. My point is that "Microsoft to replace all C/C++ code with Rust" is a misleading title when it's actually just a stated goal of someone working on an aspirational research project.
Well, it is kind of in line with company official communication anyway, so this goal is currently a business target,
> Decades of vulnerabilities have proven how difficult it is to prevent memory-corrupting bugs when using C/C++. While garbage-collected languages like C# or Java have proven more resilient to these issues, there are scenarios where they cannot be used. For such cases, we’re betting on Rust as the alternative to C/C++. Rust is a modern language designed to compete with the performance C/C++, but with memory safety and thread safety guarantees built into the language. While we are not able to rewrite everything in Rust overnight, we’ve already adopted Rust in some of the most critical components of Azure’s infrastructure. We expect our adoption of Rust to expand substantially over time.
> And, in alignment with the Secure Future Initiative, we are adopting safer programming languages, gradually moving functionality from C++ implementation to Rust.
> We will accelerate and automate threat modeling, deploy CodeQL for code analysis to 100 percent of commercial products, and continue to expand Microsoft’s use of memory safe languages (such as C#, Python, Java, and Rust), building security in at the language level and eliminating whole classes of traditional software vulnerability.
Naturally aiming at 2030 for the amount of existing C++ code is crazy, and there are groups within Microsoft, especially DirectX and Windows that most likely won't let go of their toys.
I can't tell what your point is at this point, I'm going to be honest. Everything you're linking to, I'm aware of. But you've still presented no evidence for the claim that Microsoft is "to replace all C/C++ code with Rust".
If the title was "Microsoft to expand use of Rust" then OK. If it was "Microsoft to develop all new projects in Rust rather than C++", that would be an unsubstantiated claim when you're talking about the company as a whole rather than just Azure or some other segment, but it would at least be a bit closer to the truth than the current HN title.
Are you a sponsor of this guy after all? Getting paid to respond to all web comments regarding it? It's quite weird why you have been responding to all these posts with all the passion.
With that said... I work at Microsoft on Windows OS, and the main point that was mentioned is indeed true: this is a claim of this engineer only and his team, and it just seems to be a plan totally misaligned with Windows OS vision of how things should be in 10 years. We won't get rid of C++ code anytime soon, the goal is to keep in hybrid state, not to get rid of things. This is unfeasible to do in mature products given all Windows OS processes to ship code.
I wish, I just happen to be more aware of what is happening at Microsoft Research than the regular HNer, thus I clarify with passion.
A little money wouldn't do any harm, though.
And since you are here, some of us dislike the C++ vs .NET narrative from the Windows team, Windows 7 .NET bindings being dropped, refusal for .NET DirectX Bindings like Apple and Google do with their 3D APIs, the way UWP tooling went down the drain, and would welcome an improvement on the state of affairs.
Does the kernel team only use Rust for new code? I heard that Mark once said that no new C/C++ code is allowed but wondering if it's for everything or just part of the codebase.
Galen has achieved an amazing amount over the years, both in MS research and at MS. Do you have a real reason to believe he won't achieve this or just want to character assassinate him with no evidence
(We went to the same university, ive never worked with him and actually worked at a competitor for about twenty years, but know plenty of folks who have worked with him and am fairly familiar with his work and research)
TBF this does reek of professional corporate egoism circumventing "if it ain't broke don't fix it" practicalities. Personally I'm quite fearful of how many more things it'll break.
Why? I'm a pretty dedicated Linux user, but I'd argue that Windows NT is a far better technical architecture than GNU/Linux, it's just the Win32 and shell stuff that sucks. But in this hypothetical transition, Win32 and the shell would be one of the only things that Microsoft keeps, which seems like the worst of both worlds to me.
If we're talking hypotheticals, I'd much rather Microsoft open source the NT kernel and low-level subsystems (like ntdll.dll). Open sourcing all of Windows would be even better, but that seems nearly impossible to me.
1. Unix has “everything is a file”, which is great, but it also means that you spend lots of time converting structured data to/from strings. Windows NT instead has “everything is an object”, which has the same benefits of “everything is a file”, plus the additional benefit of all the data being structured and typed. (Of course, Windows has a far worse UI for interacting with objects than Unix does for files, but the UI isn't what we're talking about here).
2. NT cleanly separates the low-level NT APIs from the higher-level subsystems [0]. Win32 isn't special at all to NT, it's just another subsystem. WSL1 was implemented as a subsystem [1], and it could cleanly support most of the Linux syscalls without needing any hacks. Similarly, it implemented full Linux filesystem semantics on top of NTFS by using the builtin attribute and alternate stream support. Wine does the reverse on Linux, but it's not nearly as clean of an architecture as NT.
3. Linux runs far more code in the kernel than NT does [2]. While this is often good for performance, it's much worse for security and reliability since kernel bugs tend to have much worse consequences than user-mode bugs. Linux and Windows have been moving in opposite directions here, with Linux moving more graphics code into the kernel with KMS [3], while Windows is moving more graphics code into userspace with WDDM [4].
4. NT was designed with much better security than Unix. Every object has an associated security token that controls its access [5], and programs can freely reduce (but not increase) the privileges granted by each token, which is a much cleaner way to implement sandboxing compared to Linux's user namespaces, where programs need to create entirely new user and filesystem hierarchies from scratch instead of just restricting the current ones. (Despite this, it's much easier for programs to implement sandboxing on Linux than on Windows)
5. Further on the security idea, Unix's concept of a single "root" account that can do everything without any restrictions is mostly a terrible idea. With Windows, there aren't any accounts that have all privileges (ignoring LocalSystem), which means that exploiting a system component usually has less consequences than on Unix. Similarly, Windows has proper RBAC [6] via UAC, so when you “Run as Administrator”, you're still running it under your account, just with an elevated security token. "sudo" is somewhat similar, except that it runs programs as root, which leads to problems with permissions on files in your home directory.
As you can see, the general theme is most components of NT have much cleaner technical designs than their corresponding components in Linux, which NT then squanders behind atrocious interfaces, while Linux puts in tons of work to create great interfaces and new features on top of much worse technical foundations. (This same argument mostly applies to the BSDs too)
Well, it's way beyond sucks. But ok: is it even possible to run windows with just a command line ... no ui, no graphics, start menu, no file manager or is the ui too integrated into the OS?
> is it even possible to run windows with just a command line
Docker supports Windows containers [0], but this requires a Windows host so it probably doesn't help you too much. Windows PE [1] does support a GUI, but it doesn't include any of the traditional shell components. Nano Server [2] is the closest to what you're talking about, but it's been deprecated.
> start menu, no file manager or is the ui too integrated into the OS
Windows Phone [3], Windows IoT [4], and Xbox are all NT-based, and none of them include a traditional file manager or shell, but they all do have GUIs.
1. Because it's not open source. This isn't purely an ideological thing, but that I tend to run into obscure bugs, so being able to look through the source and submit a patch is incredibly useful to me.
2. Because what I want doesn't exist. Windows NT has excellent technical foundations, but I really don't like using Win32 or any of the Windows shell stuff, but there's no way for regular consumers to use Windows NT without Win32. (WSL exists, but that still requires a full Windows installation)
3. The ecosystem. Linux tends to have much better support than Windows for the types of software that I use, and a hypothetical GNU/NT hybrid would have even worse than both Windows and Linux.
This is highly irresponsible for this Galen guy. If he wanted to change C to Rust, he should have gone to Mustafa or Pavan. Those 2 are currently the most intelligent people in Microsoft - very intelligent people, they got AI. Those 2 would have completed this work within a year.
Anyone who's done some vibe coding can imagine what a mess a vibe coded operating system is going to be with current day tools. LLM agent coding is good at making small prototype web apps and the like but trying to apply it to significantly complex legacy software is a nightmare.
I'm not sure I'd feel comfortable making large changes to a complex legacy code base with just an LLM. But I think an LLM could be a big help to try to understand a complex legacy code base. As long as you are verifying what it is saying (which you would naturally kind of have to for that use case).
I absolutely agree with you.
I think this quote in the article gave me the impression that they are talking more about vibe coding it at scale rather than llm assisted engineering.
"Our strategy is to combine AI and Algorithms to rewrite Microsoft’s largest codebases. Our North Star is ‘1 engineer, 1 month, 1 million lines of code.’"
I think, given the level of jank we see in W11, we are already feeling the effects of vibe coded OS stuff. Sure right now it's surface layer stuff that mostly breaks things like your start menu or file explorer, you know, basic stuff no one will notice, once you bring this digital cancer into the OS's core functionality all hell will break loose.
Delusional rockstar engineers might really have this kind of opinion of their LLMs and their colleagues.
With less sarcasm, how bad is Microsoft as a workplace? The source of this kind of naively arrogant proclamation can be anything from a single rotten apple, to a critical mass of unchecked idiots in the same business unit, to normal for the company culture, to a top-down mandate.
"“My goal is to eliminate every line of C and C++ from Microsoft by 2030,” Microsoft Distinguished Engineer Galen Hunt writes in a post on LinkedIn. “Our strategy is to combine AI and Algorithms to rewrite Microsoft’s largest codebases"
The post is clearly aimed at self-promotion. The guy is basically referring to mundane things like using transpilers to generate Rust from C. Those have been around for a few years now, such as C2Rust[1]. At best, this sort of project is looking for corporate backing to politically handle this sort of migration.
At this point this sort of stunt is hardly technical, and instead it's something between a publicity stunt and managing technical debt.
That's irrelevant when discussing migrating large volumes of code. The hard part is migrating the project to another tech stack and setup proper test coversge. After that point, nice-to-haves such as idiomatic code is treated as mundane maintenance work.
As off the wall as this kind of thinking is, I actually agree this is probably what Microsoft has to embrace, and this isn't even going far enough.
Anyone who has experience with LLMs knows that strong typing, static validation, and testing is how you get the most out of codegen. The kind of thing Rust is for. I can think of ways to do this gradually, that would actually work.
It's something that would take years to see effects in a C++ codebase but I think the alternative of sticking with C++ is a dead end.
“If it compiles, it is probably correct” is a major aid if you do not actually understand what the code is doing. AI and the compiler could be powerful partners.
My personal goal was to replace all of Microsoft in my life. I mostly achieved this 30 years ago with the help of a C program. Now I only have to use Microsoft products when other people I collaborate with insist on using them. So if Rust with the help of AI wll kill Microsoft with this project, this would make me very happy and I certainly will look at this language much more favorably.
A sinking ship is becoming a sunken ship, I guess. With this rate of changes and "AI" in charge, I would be surprised if Windows will not finally turn into an unusable mess of bugs, memory leaks (no, Rust does not prevent them) and ruining the compatibility with all of the apps in process (the highlight of Windows, keeping people to still use it despite all MS effort to ruin the OS)
> Our North Star is ‘1 engineer, 1 month, 1 million lines of code.’
How do they intend to accomplish this? Assuming 40 hour work weeks (160 hours/month), and even assuming a developer would spend their entire 8 hour work day solely reviewing generated Rust code, that would still be ~104 lines of code per minute. At that point what value does the engineer they're hiring even have if they'd just be scrolling through the code and giving it a cursory glance?
> Update:
It appears my post generated far more attention than I intended... with a lot of speculative reading between the lines.
> Just to clarify... Windows is *NOT* being rewritten in Rust with AI.
> My team’s project is a research project. We are building tech to make migration from language to language possible. The intent of my post was to find like-minded engineers to join us on the next stage of this multi-year endeavor—not to set a new strategy for Windows 11+ or to imply that Rust is an endpoint.
Fundamentally is there anything you can't write in rust and must write in C? With AI languages should mostly be transposable even though right now they are not.
Intrusive linked lists have performance and robustness benefits for kernel programming, chiefly that they don't require any dynamic memory allocation and can play nice with scenarios where not all memory might be "paged in", and the paging system itself needs data structures to track memory statues. Linked lists for this type of use also have consistently low latency, which can matter a lot in some scenarios such as network packet processing. I.e.: loading a struct into L1 cache also loads its member pointers to the next struct, saving an additional step looking it up in some external data structure.
In one of the comments he talked about concurrency safety. As someone who has just touched the lock implementations in a toy OS -- xv6, I found concurrency issues to be extremely easy to flare up and very hard to debug. Does Rush provide something lock-related that is similar to memory safety?
If this was a real project, they’d start from scratch and design the OS using Rust idioms.
But it’s nothing more than marketing drivel. The goal is for clueless C-level folks to say “if MS can do this with their AI, surely we can take care of our problems using a few copilot subscriptions and a large layoff!”
A million lines of code per engineer per month, they say.
What a dreadfully bad use of excellent technology!
LLMs could help the review all that code, and help their programmers find problematic C or C++ code that could be fixed, or perhaps replaced with Rust.
What they are proposing is mindless foolishness. AI slop on an industrial scale
Meanwhile the content of the post is merely that an engineer who works for a team within Microsoft's AI division wrote on LinkedIn "my goal is to eliminate every line of C and C++ from Microsoft". (He believes that he can get AI agents to accomplish this.)
Not quite the same as an official plan announced by the CTO or something. Bit misleading title.