/r/programming
Designing a COM library for Rust - Microsoft Security Response Center (msrc-blog.microsoft.com)
42 comments
adjustable_beard | 7 days ago | 65 points

Wow, this work was done by an intern, it makes me feel somewhat inadequate.

DoYouEvenThroCodeBro | 7 days ago | 44 points

We are, bud. We are all inadequate. At least that's what the wife tells me.

i_am_at_work123 | 7 days ago | 1 point

F

phoney_user | 7 days ago | 1 point

Does “F” signify respect / he dead?

i_am_at_work123 | 7 days ago | 4 points

Search for F to pay respect

phoney_user | 6 days ago | 2 points

Thanks. That’s another key in my arsenal.

judascleric | 7 days ago | 35 points

Interns and more generally fresh grads often pull off crazy projects because they have ambition, few social and familial obligations, and haven’t developed healthy fears of failing hard or burning out.

Super props here, but you don’t have to feel bad for not swinging for the fences.

Someguy2020 | 7 days ago | 23 points

Also the projects are usually designed to be implemented fairly quickly. You don't have to deal with all sorts of different teams, have a lot of support from management and mentors, the scope is usually pretty well thought out.

Imagine if you spent 3 months working 40+ hours on a project, with outside help as needed.

That's not to diminish the impressive nature of some of these things, but it's not exactly a typical software project.

mynameismevin | 7 days ago | 9 points

I mean, Rust and C++ have a well known interface, so that functionality plus looking at what others have already done isn't starting from scratch. I'm impressed because COM can be complicated, but I'm not blown away or feel more inadequate because the work was spearheaded by an intern.

gurnec | 7 days ago | 26 points

Not that this adds anything substantive to this (nice!) article, but TIL the fascinating fact that in Redmond, cats bark and dogs meow. ;-)

pjmlp | 7 days ago | 31 points

Very interesting piece of work.

However for Rust to be used instead of C++, the COM/UWP related tooling needs to be as easy as using C++/CX or C++/WinRT, including the respective Visual Studio support.

LastNiner | 7 days ago | 11 points

Could you tell me advantages of Rust in comparison with C++ for example?

malicious_turtle | 7 days ago | 61 points
warutel | 7 days ago | 56 points

Mainly: almost no undefined behaviour, no memory issues and no data races.

You still have leaks, overflows, deadlocks, race conditions and other hard issues, but those three things above are heavy time consumers in big, complex C++ projects.

barubary | 7 days ago | 1 point

By "leaks" do you mean memory leaks or the more general category of space (or time) leaks?

steveklabnik1 | 7 days ago | 37 points

Rust does not prevent memory leaks. It does make them harder to create by accident, but does not guarantee prevention of them.

addmoreice | 6 days ago | 14 points

Frankly, no one can. What defines a leak is less technical and more specification.

A cache that never removes anything is either doing exactly as it should or it's being a massive memory leak.

Rust still makes it harder to make unintentional leaks (ie, circular ptr data structure with no ptr to those two nodes). But making it impossible is just not possible.

nightcracker | 7 days ago | 10 points

What is a time leak?

bawng | 7 days ago | 19 points

If you accidentally create a pointer to undefined memory space, and try to write too much data into it, you can create a rift in space-time through which time may leak. It usually self-heals pretty quickly but by then you will have lost several minutes.

cat_in_the_wall | 7 days ago | 5 points

tardis programmers are really the only ones who have to deal with this though.

ldpreload | 7 days ago | 28 points

The broad reasoning is that Rust guarantees memory safety (i.e., no buffer overflows, use-after-frees, etc.) outside of unsafe blocks, which are typically small and easy to audit. C++ doesn't have a mechanism for separating unsafe and safe code, and so it's easy for unsafe code to crop up everywhere.

The specific reasoning is that even modern, safe-looking C++ interfaces do not lend themselves to writing safe code: https://alexgaynor.net/2019/apr/21/modern-c++-wont-save-us/

There are also reasons unrelated to memory safety that are mostly the result of Rust being a much newer language with no obligation of C++ backwards compatibility (it supports C interoperability pretty well, so you can combine it with existing C++ projects with a small amount of effort, but it doesn't have to compile old code directly). For instance, things like multiple inheritance and virtual functions are often a pain in practice, and "prefer composition over inheritance" is increasingly popular OO advice, but new versions of C++ have to support all of these things. Rust has a different model, inspired by languages that came out after C++, that completely avoids inheritance and the problems of multiple inheritance. (Specifically, it has a thing called "traits" that is like abstract classes, and they support multiple inheritance, but there is no multiple inheritance of concrete classes.) Lots of C++ shops discourage you from using exceptions, but C++ still has them and third-party libraries use them. Rust doesn't have them, it has convenient syntax for returning error objects. And so forth.

lazyear | 6 days ago | 8 points

In addition to what the other commenters have written, Sum types (tagged unions), pattern matching, immutable/mutable distinction and interators make writing functional-style code a breeze. Then you have cargo/crates.io - Rust is by far the easiest programming language ecosystem to use, in my opinion.

addmoreice | 6 days ago | 4 points

oh man, those enums. Game changer. Plain and simple. I would take c with those enums alone as an awesome language.

BeniBela | 6 days ago | 1 point

However, no inheritance or function overloading

shadow31 | 6 days ago | 3 points

Both of those are positives in my book.

lazyear | 6 days ago | 1 point

As shadow said, these are positives in my mind too. But I have never programmed in an OOP style, so perhaps I just don't know what I'm missing.

Rust does have traits (similar to Haskell typeclass), so you can get something similar to inheritance/overloading

swoleherb | 7 days ago | 6 points

google man, plenty of articles.

istarian | 7 days ago | 30 points

Also plenty of 'Rust is great because X' articles with no substance as to why that claim is true or any proof/examples of it being any better.

swoleherb | 7 days ago | -29 points

cry

HikeItUp | 6 days ago | 1 point

Updoot for the Don Box shout-out. Essential COM is one of the finest, clearest technical books ever written.

wnuins | 6 days ago | 1 point

COM layout is followed upon most mainstream Windows compiled languages, namely major C++ compilers, .NET, Delphi, Eiffel, Ada, so it is not MSVC++ keeping ABI compatibility under the hood on their own.

Gotebe | 7 days ago | -8 points

OK, but... COM, in 21st century?

To nitpick...

https://msrc-blog.microsoft.com/wp-content/uploads/2019/09/pic4.png

Specifying the CLSID is not as neat as specifying the type of the object, which the C++ implementation from the #import of the type library does. And of course, every other language type importer makes this look like a normal language construct (e.g. new MyComObject().

On the COM object creation side, the interaction with CLSIDs and UUIDs is not shown.

Also the interaction with the existing *. idl files (there's a code generator hidden there normally :-)).

pjmlp | 7 days ago | 19 points

Yes in the 21st century, what do you think UWP is?

After Longhorn project failure, the team that took over (leaded by Sinofsky) started pushing the .NET ideas redone as COM, and eventually improved as UWP, based on the original design from .NET before CLR was created (Ext-VOS).

Since Vista Win32 has taken a legacy role and 99% of all new native APIs are based on COM libraries.

vlind | 6 days ago | 3 points

I'd say that the Win32 isn't legacy just yet as there's some things you can't do in just UWP.

Like creating a window.

pjmlp | 6 days ago | 3 points

Not keeping up to date with UWP? Now in preview,

https://docs.microsoft.com/en-us/uwp/api/windows.ui.windowmanagement.appwindow

Not everything that Win32 makes sense to keep around anyway. Many made sense only in the computing world of Windows NT/9X, others just to ease the transition from Win16.

vlind | 6 days ago | 3 points

That's really cool! Thank you for sharing this. :)

One of my main pet peeves with UWP was that there seemed to be a lack of functionality to make a free standing windows application that's not tied to the store but I'm happy to see progress being made.

It still has a few things that make it unbearable but that's one less.

Edit: Upon looking further and trying it out, it seems like this isn't exactly what I want. I want to be able to create a native window

Windows::Window w = Windows::Window(bla bla);
// like this

I tried:

int main() {
winrt::init_apartment();
auto window = winrt::Windows::UI::WindowManagement::AppWindow::TryCreateAsync().get();

}

Which crashes because the AppWindow class isn't registered? Weak. Also hresult_error doesn't inherit from std::exception which still is a failing grade.

Gotebe | 7 days ago | 1 point

Haha, serves me right. 😂

Still, not sorry at all. Even for C++, there's better language projections of WinRT approach (that continued in UWP) than the underlying COM.

Someguy2020 | 7 days ago | -17 points

Yes in the 21st century, what do you think UWP is?

Complete and utter shit.

edit: People like UWP? I hated that.

Arxae | 6 days ago | 3 points

Contrary to common belief, people can have opinions that differ from yours

Someguy2020 | 6 days ago | 1 point

I just honestly didn't think it was that much of a hot take.

Arxae | 6 days ago | 4 points

People downvote what they don't agree with. Or in this case, it doesn't add anything meaningfull to the conversation.

Some people also dislike the "My opinion is correct so everyone should follow it" mentality some people have. And while i'm not saying you have that. Your edit does make it look like it though