Linux royalty backs adoption of Rust for kernel code

Comments

• FarceOfWill@infosec.pub ⁨11⁩ ⁨hours⁩ ago

  Despite my drive-by shitposts in the rest of this thread I want to make a serious point here.

  There’s a large part of software engineering that thinks languages are chosen based on the problem, as a tool for a job.

  They aren’t. They’re chosen based on the team, on how well the team knows and can use the tool. On how many people can be hired with the knowledge of the tool to work immediately.

  Sometimes, even if the team knows C well, there can be a problem so different it’s worth using another tool. say python for some testing scripts on a C project.

  But rust and C are too similar for this to apply. If you want rust to be used for the kernel you have to push for it to be more well known and used, so more Devs come into teams already knowing it well. Anyone agreeing to work on a team using rust is making a career decision that will be stay on their CV forver and you need them to feel good about this, that it will give them more opportunity in future.

  It’ll take 20+ years because that’s how long legacy code is often maintained for and we already have 20+ years of future legacy code for C teams to deal with. We’re all making more future legacy C code than future legacy rust code too.

  I’m trapped in C++ so I’m doomed but good luck C and Rust coders.

  source

  • polle@feddit.org ⁨4⁩ ⁨hours⁩ ago

    “Iam trapped in c++”, lol

    source
  • barsoap@lemm.ee ⁨4⁩ ⁨hours⁩ ago

    Unsafe Rust may be similar to C, though even though there’s wibbles like the borrow checker still running, you still get more guarantees about the code than with C. Safe Rust can, on occasion, look more like Haskell than C.

    Are they both systems languages? Yes of course otherwise we wouldn’t be talking about using them in the kernel. Makes no sense to extend the possible comparison candidates to include Prolog, arbitrarily making look C and Rust more similar by introducing a far-off comparison point.

    source

    • sugar_in_your_tea@sh.itjust.works ⁨1⁩ ⁨hour⁩ ago

      Unsafe Rust may be similar to C

      It’s really not. I’d much rather use C than unsafe Rust…

      The best part about Rust is you can isolate your memory safety problems to the unsafe bits, whereas with C, you have to constantly deal with it.

      source
• gravitas_deficiency@sh.itjust.works ⁨22⁩ ⁨hours⁩ ago

  I’ve gotten into the most hilariously circular debates with rust opponents on this point. Their arguments tend to come down to “just don’t write bad code”.

  The team is only as strong as the weakest link. The release is only as good as the least talented dev. Tools that raise the entire foundation are objectively good. Even better are tools that outright prohibit you from even writing entire categories of bugs. Rust is that tool.

  And yeah I know it’s not perfect, and it shouldn’t be treated as a panacea. But its advantages should be lauded, not derided because some contributors like to maintain the walled garden of knowledge as if it were a secret spellbook.

  source

  • tabular@lemmy.world ⁨21⁩ ⁨hours⁩ ago

    • Humans write code
    • Humans make mistakes ∴ Humans write bad code

    source

    • sundrei@lemmy.sdf.org ⁨20⁩ ⁨hours⁩ ago

      But some beautiful day in the future, bad code will write badder code.

      source
    • catloaf@lemm.ee ⁨20⁩ ⁨hours⁩ ago

      And that’s why I don’t work in software development!

      source
  • sugar_in_your_tea@sh.itjust.works ⁨21⁩ ⁨hours⁩ ago

    I don’t know about you, but I prefer provably correct code over “just trust me bro.”

    There’s an analogy I like here. A manager at a trucking company was hiring a new driver, and he asked each of them how close they could get to the edge on a mountain pass. The first said, “I can get within a wheel’s width.” The second said, “I can drive on the edge, with part of the tire hanging off.” And the third said, “I stay as far away as I can.” The third applicant got the job, because why take the risk?

    That’s how I feel about C/C++. Why use them if Rust can do the job? You get a lot more safety features without sacrificing performance, what’s not to like?

    source

    • riodoro1@lemmy.world ⁨9⁩ ⁨hours⁩ ago

      Because people already know C/C++.

      source

      • -> View More Comments
    • WalnutLum@lemmy.ml ⁨9⁩ ⁨hours⁩ ago

      Did somebody say “provably correct”?

      Haskell has entered the chat

      source
    • gravitas_deficiency@sh.itjust.works ⁨18⁩ ⁨hours⁩ ago

      That’s kind the entirety of my point: if Rust is a tool that can make expressing algorithms safer and less prone to error - and it can, in a logically provable sense - then what the fuck ground do you have to push back on?

      source

      • -> View More Comments
  • Lost_My_Mind@lemmy.world ⁨21⁩ ⁨hours⁩ ago

    Their arguments tend to come down to “just don’t write bad code”.

    Oooooh, that’s a good stratagy! Write that down! Write that down!

    source
• mariusafa@lemmy.sdf.org ⁨4⁩ ⁨hours⁩ ago

  Rust lacks a language standard. Without that is meaningless programming something with pieces that may change in the future (like what happened with Python) is not a good idea in my opinion.

  source

  • scratchee@feddit.uk ⁨4⁩ ⁨hours⁩ ago

    Technically, the kernel doesn’t compile with pure standard C, they require strict aliasing to be disabled, so that alone doesn’t seem particularly crucial.

    Not saying that standards aren’t useful, but they’re not some dividing line separating the true languages from the joke languages, they’re just a useful document that earns a language a few “good language” points, but those points can be earned other ways too.

    For example, rust has pretty good versioning, so even if the devs did totall wreck the language in the next version, it’d maintain compatibility with older code just fine, which sort of invalidates your point, unless you’re worried that the devs turn malicious

    source
• LedgeDrop@lemm.ee ⁨11⁩ ⁨hours⁩ ago

  In my mind, introducing Rust would only make sense if:

  1. There was a serious lack of current kernel developers (which I don’t think there is)
  2. New hardware and tech was evolving at a rate that the Linux Kernel could not keep up (again, I don’t think this is am issue)
  3. The end goal is to migrate the entire Kernel to Rust.

  Regarding point 3, having both C and Rust really only makes sense as a transition phase (measured in years) - as it would require kernel developers to be savvy in both C and Rust, or would force developers to stay within whatever domains were implemented in C or Rust.

  source

  • LPThinker@lemmy.world ⁨5⁩ ⁨hours⁩ ago

    1. There was a serious lack of current kernel developers (which I don’t think there is)

    Maybe not at the moment, but my understanding is that the pool of qualified C programmers is shrinking rapidly, because the old guard is all ageing out and there simply are not enough intermediate developers coding in C at the level that Kernel development requires.

    Having a larger (and growing) pool of upcoming developers interested in systems programming and software excellence is one of the explicit stated reasons that Linus et al. considered Rust in the first place.

    source
  • WalnutLum@lemmy.ml ⁨9⁩ ⁨hours⁩ ago

    it would require kernel developers to be savvy in both C and Rust

    From my experience knowing how both C and rust works makes you a better developer in both languages.

    source

    • bilb@lem.monster ⁨5⁩ ⁨hours⁩ ago

      Learning Rust made me a better C# programmer.

      source
    • LedgeDrop@lemm.ee ⁨7⁩ ⁨hours⁩ ago

      Oh absolutely, but you could argue the same for learning lisp or mastering any functional programming language (list comprehensions, etc). It will improve your design patterns when you go back to an object oriented language with some elements of functional programming.

      source

      • -> View More Comments
  • gedhrel@lemmy.world ⁨10⁩ ⁨hours⁩ ago

    What’s in your mind does not coincide with the professional experience of Greg KH. You shoyld read what he had to say on the subject.

    source

    • LedgeDrop@lemm.ee ⁨7⁩ ⁨hours⁩ ago

      What?!? Actually, read the article? What is this, Reddit? /s

      Seriously, though - let me spin the question around: what, in your mind, overlaps with what Greg said?

      (plus, OP was just interested in people opinions - not whether they align/contradict with Greg, Linus, etc)

      source

      • -> View More Comments
• Zachariah@lemmy.world ⁨22⁩ ⁨hours⁩ ago

  Just fork it, do a complete rewrite in Rust, and call it “Runix”

  source

  • RonnieB@lemmy.world ⁨21⁩ ⁨hours⁩ ago

    The one thing stopping large scale adoption of linux is definitely the lack of options.

    source

    • Zachariah@lemmy.world ⁨21⁩ ⁨hours⁩ ago

      ikr

      source
    • Lost_My_Mind@lemmy.world ⁨21⁩ ⁨hours⁩ ago

      I just want WindowsXP without security risks. If Linux could make a WindowsXP clone, that works with exe files, and works exactly like WindowsXP, except handles modern standards, I would jizz all over the place.

      Yeah. I’m leaving it in as motivation for linux developers. If they don’t want to hear about my jizz spraying like a firehose, they should made LindowsXP.

      SEE??? I EVEN GAVE YOU A GREAT BRAND NAME!

      source

      • -> View More Comments
  • JeremyHuntQW12@lemmy.world ⁨18⁩ ⁨hours⁩ ago

    Theres heaps of stuff that is under-developed or mssing, but they prefer to rewrite working code in Rust, because ideology.

    We are witnessing the death of Linux here, no less, replacing a working kernal with an still undefined language that everyone will have forgotten in 5 years.

    source
• Buffalox@lemmy.world ⁨22⁩ ⁨hours⁩ ago

  That does NOT sound like a good idea.

  We’ve turned our development model into a well-oiled engineering marvel,

  Exactly, and I’m pretty sure one of the reasons is that it’s remained on C, and NOT switched to C++, as has been often suggested.

  The second they make it a mixed code base, that’s the same second quality will deteriorate.

  source

  • sugar_in_your_tea@sh.itjust.works ⁨1⁩ ⁨hour⁩ ago

    It’s not like Linux compiles down to one binary or anything, most of it is linked together over a pre-determined API. Anything that can satisfy that API (and ABI) can drop in. There are some “magic” bindings, but they still conform to that API.

    Read the rest of Greg KH’s thread, here’s the last half of that paragraph:

    Adding another language really shouldn’t be a problem, we’ve handled much worse things in the past and we shouldn’t give up now on wanting to ensure that our project succeeds for the next 20+ years. We’ve got to keep pushing forward when confronted with new good ideas, and embrace the people offering to join us in actually doing the work to help make sure that we all succeed together.

    And earlier:

    Rust also gives us the ability to define our in-kernel apis in ways that make them almost impossible to get wrong when using them. We have way too many difficult/tricky apis that require way too much maintainer review just to “ensure that you got this right” that is a combination of both how our apis have evolved over the years (how many different ways can you use a ‘struct cdev’ in a safe way?) and how C doesn’t allow us to express apis in a way that makes them easier/safer to use. Forcing us maintainers of these apis to rethink them is a GOOD thing, as it is causing us to clean them up for EVERYONE, C users included already, making Linux better overall.

    Those are solid arguments. As long as the APIs are well designed and documented, a mixed codebase is fine, and you get most of the benefits of Rust where it’s used.

    source
  • farcaster@lemmy.world ⁨22⁩ ⁨hours⁩ ago

    Moving from C to C++ would also not solve any real problem. C++ of course adds OOP which I think can be nice (not everyone agrees with this!) but it also adds an insane amount of language complexity and instability. Mentally reasoning about C code is hard, reasoning about C++ code is nearly impossible.

    Rust however brings a novel solution to classes of problems like ownership and mutability with the borrow checker. It’s now accepted to be a great tool for writing high performance code while preventing a substantial amount of common, but often subtle, bugs from slipping through. It’s not arbitrarily the first non-C code to be accepted in the kernel. And it’s used in other operating systems like Android and Windows already.

    source

    • sugar_in_your_tea@sh.itjust.works ⁨21⁩ ⁨hours⁩ ago

      In general, for me, Rust > C > C++.

      I’ve heard people say that C is like a loaded and cocked revolved, and if you’re not careful, you could blow your foot off, whereas C++ is like a loaded and cocked sawed-off shotgun, and if you’re not careful, you could blow your leg off.

      source

      • -> View More Comments
    • brucethemoose@lemmy.world ⁨21⁩ ⁨hours⁩ ago

      Mostly this ^.

      There’s just not really demand for C++ in the kernel; that’s not the case with Rust.

      source
    • mesamunefire@lemmy.world ⁨21⁩ ⁨hours⁩ ago

      I think it would also bring in more developers. So more changes would eventually make its way into the kernel.

      source
  • WalnutLum@lemmy.ml ⁨9⁩ ⁨hours⁩ ago

    Seems like Linus isn’t onboard with this.

    To the contrary:

    lemmy.ml/post/26272942

    source
  • darklamer@lemmy.dbzer0.com ⁨19⁩ ⁨hours⁩ ago

    The second they make it a mixed code base, that’s the same second quality will deteriorate.

    I envy your confidence!

    source

    • Buffalox@lemmy.world ⁨11⁩ ⁨hours⁩ ago

      Maybe I’m wrong, but as I read the article, Linus isn’t convinced this is a good idea either.
      I’m not saying things can never change, but opening for a mixed code base is a recipe for disaster.

      source

      • -> View More Comments
• drmoose@lemmy.world ⁨17⁩ ⁨hours⁩ ago

  I feel like better tooling is a safer bet. I know people hate on AI here but tooling that can detect flaws in C memory management would be basically as good as Rust itself.

  source

  • sugar_in_your_tea@sh.itjust.works ⁨1⁩ ⁨hour⁩ ago

    True. We should have both better tooling and better languages. Someone posted this thread with Greg KH, which has this gem:

    The majority of bugs (quantity, not quality/severity) we have are due to the stupid little corner cases in C that are totally gone in Rust. Things like simple overwrites of memory (not that rust can catch all of these by far), error path cleanups, forgetting to check error values, and use-after-free mistakes. That’s why I’m wanting to see Rust get into the kernel, these types of issues just go away, allowing developers and maintainers more time to focus on the REAL bugs that happen (i.e. logic issues, race conditions, etc.)

    I’m all for moving our C codebase toward making these types of problems impossible to hit, the work that Kees and Gustavo and others are doing here is wonderful and totally needed, we have 30 million lines of C code that isn’t going anywhere any year soon. That’s a worthy effort and is not going to stop and should not stop no matter what.

    But for new code / drivers, writing them in rust where these types of bugs just can’t happen (or happen much much less) is a win for all of us, why wouldn’t we do this?

    In short, let’s do both.

    source