Rust was never designed to replace or interface with C. Despite its safety benefits, i think it was too early and probably a bad idea to make it into the Kernel. Despite the ego flames, all the dev conflicts prove that. But I guess that monster (the kernel) is too big to fall. #rust #kernel
Conversation
Notices
-
Embed this notice
pancake :verified: (pancake@infosec.exchange)'s status on Saturday, 08-Feb-2025 06:19:05 JST pancake :verified:
-
Embed this notice
Wolf480pl (wolf480pl@mstdn.io)'s status on Saturday, 08-Feb-2025 06:19:03 JST Wolf480pl
@hunger @pancake
And I think a big part of the problem is that the R4L people keep telling those maintainers "you won't have to learn Rust, we will fix the bindings for you", but they cannot say this credibly.Because they can't guarantee that Linus will pull changes that break Rust-enabled builds.
Haelwenn /элвэн/ :triskell: likes this. -
Embed this notice
Wolf480pl (wolf480pl@mstdn.io)'s status on Saturday, 08-Feb-2025 06:19:04 JST Wolf480pl
@hunger @pancake
I think this one is particularly difficult because it potentially requires maintainers to learn something new. And not just a small thing, but an entire programming language. -
Embed this notice
Tobias Hunger (hunger@fosstodon.org)'s status on Saturday, 08-Feb-2025 06:19:05 JST Tobias Hunger
@pancake To me this looks more like a community feud over the project direction than a statement about Rust. I feel *any* big change that effects several sub systems will run into exactly the same problem,
-
Embed this notice
Wolf480pl (wolf480pl@mstdn.io)'s status on Sunday, 09-Feb-2025 06:13:20 JST Wolf480pl
@pancake @argv_minus_one @hunger
And yeah these things don't come out of nowhere.
If C had less UB and was better at building abstraction layers, maybe there would be more young people wanting to write kernels in it.
If Rust had a simpler type system, and a solid spec from day one, maybe existing kernel maintainers would've liked it more.
But those are things you'd have to change 10 years ago.
Haelwenn /элвэн/ :triskell: likes this. -
Embed this notice
Wolf480pl (wolf480pl@mstdn.io)'s status on Sunday, 09-Feb-2025 06:13:21 JST Wolf480pl
@pancake @argv_minus_one @hunger
What I mean by that this is you're asking the wrong question.The advantages of Rust that matter are:
- there is a large demographic of relatively young people interested in writing kernels who know and like Rustthe disadvantages that matter are:
- it is difficult to learn by existing Kernel maintainersofc the parts about moving target, complex type system, etc. don't help, but I think even without them there'd still be a problem
-
Embed this notice
pancake :verified: (pancake@infosec.exchange)'s status on Sunday, 09-Feb-2025 06:13:22 JST pancake :verified:
@argv_minus_one @wolf480pl @hunger imho the weak points or rust are:
- complex language
- moving and evolving target
- only one compiler exists
- heavy cpu and memory requirements
- added tech debt as custom wraps need to be handcrafted all the timeGccrs is unfinished but i want to assume it solves some of these problems, what about the others? im trying to be constructive and not get into a flame. Im not a rust or a kernel dev, despite i wrote drivers, kernel patches and wrote some rust too, so im probably not seeing the whole picture.
PD: I would love this thread can become into a constructive discussion.
-
Embed this notice
Wolf480pl (wolf480pl@mstdn.io)'s status on Sunday, 09-Feb-2025 06:13:22 JST Wolf480pl
@pancake @argv_minus_one @hunger
- not status quo -
Embed this notice
argv minus one (argv_minus_one@mastodon.sdf.org)'s status on Sunday, 09-Feb-2025 06:13:23 JST argv minus one
Yep. As far as I know, no language other than C and C++ has this many ridiculously obscure ways to cause UB.
Most languages, including but by no means limited to Rust, try pretty hard to not give you any way to cause UB without some sort of incantation. Java made a big deal of “no UB” back in the '90s.
Rust's innovation, rather, was “no UB” while still using pointers and still letting you control memory management (stack, heap, reference counting, etc).
-
Embed this notice
Wolf480pl (wolf480pl@mstdn.io)'s status on Sunday, 09-Feb-2025 06:13:24 JST Wolf480pl
@argv_minus_one @hunger @pancake
(unless you use -fwrapv / -ftrapv, IIRC kernel uses one of those by default, but yeah it's extra effort to make it not a foot-nuke) -
Embed this notice
Wolf480pl (wolf480pl@mstdn.io)'s status on Sunday, 09-Feb-2025 06:13:25 JST Wolf480pl
@argv_minus_one @hunger @pancake
even when you're 60 years old? -
Embed this notice
Tobias Hunger (hunger@fosstodon.org)'s status on Sunday, 09-Feb-2025 06:13:25 JST Tobias Hunger
@wolf480pl @argv_minus_one @pancake The question is how a project can stay relevant, when catering to the old guys only. You need an influx of young people, and they tend to not do C too much anymore.
-
Embed this notice
argv minus one (argv_minus_one@mastodon.sdf.org)'s status on Sunday, 09-Feb-2025 06:13:25 JST argv minus one
I'm in my 40s and I don't do C any more either.
C has a metric crapton of cases of undefined behavior, and although you could get away with a lot of shenanigans when I was young and compilers were dumb, they *will* blow up in your face if you try them with a modern optimizing compiler.
Fun fact: signed integer overflow is UB in C, and yes, modern compilers *will* optimize based on the assumption that signed integer arithmetic will never overflow. If it does, 💣.
-
Embed this notice
argv minus one (argv_minus_one@mastodon.sdf.org)'s status on Sunday, 09-Feb-2025 06:13:26 JST argv minus one
I should point out that knowing C gives you a huge head start on learning Rust. It's different, but you can see an underlying C-ness to it.
Most notably, references are really just pointers except the compiler can check whether they're still valid at any given point in the program. If you're a C programmer, you were already doing that pointer validity checking in your head, so this'll be far more familiar to you than to a JavaScript/Python/etc programmer.
-
Embed this notice