Microsoft has found that approximately 70 percent of the security vulnerabilities it addresses are due to memory safety issues. To make it easier to write safer code, the company is developing a language designed for safe infrastructure programming.
Due to be open-sourced soon, the first version of the new language, called Project Verona, incorporates three core ideas:
- Data-race freedom, which gives up concurrent, arbitrary mutation to enable scalable memory management with temporal safety without global synchronization.
- Concurrent owners, which provides a new concurrency model that offers lightweight, asynchronous coordination of resources.
- Linear regions, with the ownership model based on groups of objects. This differs from the memory-safe Rust language, which is based on a single object, Microsoft explained. In Verona, there are memory management strategies per region. Also featured is compartmentalization for legacy components.
Verona explores compartmentalization at the language design level. With Verona, there are threads that can access regions. Any region can be accessed by only one thread. There is a linear entry point into a region, and regions can be nested within other regions. A shared immutable region can maintain items not being mutated.
Further, pervasive sandboxing is used to run untrusted legacy code. Sandboxed libraries can be embedded in a Verona program.
Project Verona includes a production-quality runtime and a prototype interpreter and type-checker. Plans call for a compiler and open sourcing to GitHub to enable collaboration.
As part of its memory safety efforts, Microsoft has been exploring the use of Rust for building new components and rewriting legacy components. Microsoft has pointed out that systems software has been the domain of languages like C and C++, which were not inherently designed for safety.