English
中文
Deutsch
StartseiteArtikel

Wir müssen uns endgültig von C++ verabschieden. Microsoft startet die größte "Abbruchaktion" in der Codegeschichte: Windows und Azure werden in Rust neu geschrieben.

极客邦科技InfoQ2025-12-23 17:37
Microsoft plant, bis 2030 all seinen C/C++-Code durch Rust zu ersetzen.

Microsoft is driving forward a long - term project that could change the entire history of software development: By the end of 2030, the C and C++ code in its core codebase should be completely eliminated and switched to the programming language Rust. This goal not only concerns key infrastructures such as Windows and Azure but also means the systematic transformation of one of the world's largest commercial code inventories.

1  A Microsoft engineer posts that C/C++ should be completely phased out by 2030

This goal does not come from external speculations but is a strategic vision publicly stated by an internal core engineer at Microsoft.

Recently, Galen Hunt, a Distinguished Engineer at Microsoft, first clearly presented this ambitious project to the public in a job posting on LinkedIn.

According to his LinkedIn profile, Hunt has long been engaged in the research and development of system software and operating systems. His current research interest lies particularly in introducing large language models (LLMs) into the field of system software to solve long - standing complex engineering problems.

During his time at Microsoft, he founded and led the development team of Azure Sphere. Azure Sphere is an end - to - end security platform for the Internet of Things (IoT) and embedded devices, which is supposed to enable every device manufacturer to develop highly secure devices. The platform systematically covers the seven core features of highly secure devices defined by Microsoft and is thus an important infrastructure in Microsoft's security area.

Previously, he was a leading co - founder of the New Experiences and Technologies group (MSR NExT) at Microsoft Research and led the operating system technology group. Even earlier, he led the operating system and distributed systems research company at Microsoft Research in Redmond and was long - term involved in the forward - looking research of Microsoft's underlying system technologies.

An important research and development topic is the exploration of the boundaries and trade - offs between the hypervisor and the operating system kernel. Regarding this topic, he led the Drawbridge project to develop a new architecture for computing systems. Between 2012 and 2013, he implemented Drawbridge for a real - world service deployment on the Azure platform. This technology was also later used for the migration of Microsoft SQL Service to the Linux platform.

My goal is to eliminate every line of C and C++ code in the Microsoft codebase by 2030.

This sentence comes directly from Galen Hunt.

For a company with several decades of history, a codebase of hundreds of millions of lines, and a deep integration of C/C++ in operating systems, databases, compilers, virtualization, security, and cloud infrastructure, this is not an ordinary technological update but a revolutionary engineering achievement at the system, organizational, and toolchain levels. The full translation of the post is as follows:

Our team currently has an open position for a Chief Software Engineer (IC5) in Redmond, which must be filled on - site.

My goal is to eliminate all C and C++ code at Microsoft by 2030. Our strategy is to combine artificial intelligence and algorithms to rewrite Microsoft's largest codebase. Our core goal is that “one engineer can process 1 million lines of code in a month.”

To accomplish this unprecedented task, we have built a powerful code processing infrastructure: The algorithmic infrastructure can create scalable graphs on huge source code trees, while the AI processing infrastructure allows us to make large - scale code changes with AI agents. The core of this infrastructure is already being used in many areas, such as code understanding.

The sought - after Chief Software Engineer will help us improve this infrastructure and achieve the central goal of migrating Microsoft's core C/C++ systems to the programming language Rust. The position requires experience in developing system code in Rust (preferably at least 3 years of experience in Rust system programming). Applicants with experience in compiler, database, or operating system development are preferred. Although experience in compiler development is not mandatory, applicants should be willing to learn in this area.

Our team follows a growth mindset and consists of members with diverse backgrounds, comprehensive skills, and unique perspectives. We are willing to take risks, can work well together, and are always striving to create value for internal and external customers. In the ever - changing world of AI tools, we know that diversity and a growth mindset are the keys to success.

Our team belongs to the “Future of Scalable Software Development” project in the EngHorizons organization of Microsoft CoreAI. Our core mission is to help Microsoft and its customers eliminate technical debt on a large scale by building advanced capabilities. We work with internal customers and partners to develop leading tools and technologies and introduce these innovations in cooperation with other product teams at Microsoft and even across the industry.

In terms of organization, Hunt's team belongs to the Engineering Horizons department in the Microsoft CoreAI structure. The “Future of Scalable Software Development” project is not a traditional product development team but rather an organization that is future - oriented and promotes software development capabilities. Its goal is not only the migration of a single system but the creation of general capabilities that can be used throughout Microsoft and also by external customers.

2  Why the migration?

Actually, Hunt's public statement is also regarded as a continuation of earlier statements by Microsoft's executives. The first signal in this direction dates back to 2023. Already in 2023, Microsoft announced that it would rewrite parts of the Windows kernel in Rust.

David Weston, Vice President of Microsoft, announced at the Microsoft Blue Hat IL 2023 that Microsoft would precede Linux and rewrite parts of the Windows kernel in Rust.

“We are currently in the 'crawling, walking, and running' phase of using Rust in Windows,” Weston said at the Microsoft BlueHat IL 2023 conference. “We are developing one of the most complex engineering products in the world. But our goal is to improve security... Therefore, the outside world will probably see in the next weeks or months how Windows starts with Rust at its core. That's really great. Our fundamental goal is to convert some internal C++ data types into corresponding Rust data types.”

At that time, he showed example code that clarified some reasons for the programming language switch: Rust code is easier to write and understand than the current C++ code. It is also safer and more reliable: For those who are not familiar with Rust, it is a modern C - like programming language that is appreciated by developers because it enforces the creation of safe and native code without the additional costs of managed code.

According to Weston, Microsoft has already rewritten 36,000 lines of code in the Windows kernel in Rust. In addition, it has rewritten 152,000 lines of code in the DirectWrite Core library in Rust, and the performance is excellent, with no degradation compared to the old C++ code. He also noted that “there is now a system call in the Windows kernel that is written in Rust.” A system call (or system call) is, simply put, the way applications in user mode interact with internal functions of the kernel.

In addition to Weston, Mark Russinovich, CTO of Microsoft Azure and technology academician, has publicly stated that the use of C and C++ for new kernel development should be stopped. He said that all new kernel codes for Windows and Azure should be written in Rust in the future. Microsoft uses large language models to accelerate the automated transition from C and C++ to Rust to improve system security and software maintainability.

Over time, Russinovich's statement pointed more towards a direction, while Hunt's job posting and the description of the infrastructure indicate that this project has now entered the phase of practical implementation.

The post does not elaborate on why Microsoft chooses Rust as the target language for migration. But given the technological trends of the past few years, the reason is not hard to understand.

Microsoft has repeatedly pointed out in several security reports that most highly dangerous security vulnerabilities are due to memory security problems, which is a structural problem of C/C++.

For example, Matt Miller, a Microsoft engineer, revealed at a security conference in 2019 that in the past 12 years, about 70% of the security vulnerabilities fixed by security updates each year were due to memory security problems.

“Memory security” means that an application accesses the operating system's memory in a correct and proper way. A “memory security error,” on the other hand, is a behavior where software accidentally or intentionally accesses outside the allocated memory area.

Technicians who often deal with security reports often come across the following terms: buffer overflow, race conditions, page faults, null pointers, stack overflow, heap overflow/damage, use - after - free, or double - free – all of these are different forms of memory security errors.

The reason for this high proportion of security vulnerabilities is that the Windows system, which is mainly written in C/C++, is based on a “memory - unsafe” programming language. Although these languages give developers the ability to precisely control the memory, any small oversight in memory management can lead to serious security vulnerabilities. Attackers often use these vulnerabilities to execute remote code or increase their access privileges. Currently, memory security vulnerabilities are the main attack surface for hackers, with use - after - free and heap damage being particularly popular.

Rust systematically reduces the risk of memory errors and data conflicts at the language level through its ownership model and compile - time checks. This has direct and measurable security advantages for operating systems, cloud infrastructures, and virtualization platforms.

Even more importantly, Microsoft has to deal with a huge legacy system that has been developed over several decades. In this context, the advantages of Rust in terms of the type system, the consistency of the toolchain, and the long - term maintenance costs are regarded as an important way to solve the problem of technological debt. The fact that Hunt's team repeatedly mentions the “scaled elimination of technological debt” in the post is a direct result of this consideration.

Of course, there are also real challenges to this goal. C/C++ is very deeply rooted in Microsoft's core systems, and there are problems such as performance limitations, ABI compatibility, and a complex third - party ecosystem. The validation of correctness, regression testing, and risk control in the automated conversion are also difficult engineering problems that cannot be ignored.

Nevertheless, Microsoft has made this goal public and tied it to a specific time limit.

In software development, this approach already sends a strong signal: With the deep integration of artificial intelligence and system development, legacy codebases that have long been considered “untouchable” are now back in the area of scalable management. If the vision outlined by Galen Hunt is actually realized, this will not only be a successful example of a language migration but also a remarkable event for the deep integration of AI in system - level software development.

The year 2030 has not yet come, but the change around code, tools, and engineering paradigms has already begun at Microsoft.

3  Are all “memory security problems” the fault of C++?

The technological community has strongly reacted to Microsoft's decision to completely break away from C/C++.

Two years ago, Mark Russinovich, the chief technician of Microsoft Azure, publicly called for “stopping the use of C/C++ in new projects.” His statements at that time triggered fierce protests from C++ enthusiasts, many of them from the financial services industry.

“C++ itself is okay, it's just that many people who use it (and other languages) can't actually program,” said an enthusiast.

“I admit that it takes good developers to write good C++ code, and it's probably much easier to find developers who can write good Rust code. But it is quite possible to write extremely stable, highly abstract, well - maintainable...

该文观点仅代表作者本人,36氪平台仅提供信息存储空间服务。

Für Presseanfragen, Content-Kooperationen, Geschäftliche Zusammenarbeit oder zur Gewinnung globaler Partner im Ökosystem, können Sie uns über folgenden Kontakte erreichen: E-Mail an mohaiying@36kr.com.
Partner:startuprad.io

(eu.36kr.com) ist ein branchenspezifisches Medium, das sich auf internationale Märkte konzentriert und Unternehmen bei ihren grenzüberschreitenden Aktivitäten mit umfassender Beratung und professionellen Dienstleistungen unterstützt.

© 2024 36kr.com. All rights reserved.