this post was submitted on 03 Sep 2024

434 points (97.4% liked)

Linux

54857 readers

397 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
No misinformation
No NSFW content
No hate speech, bigotry, etc

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 6 years ago

MODERATORS

[email protected]

434

Rust in Linux lead retires rather than deal with more “nontechnical nonsense” (arstechnica.com)

submitted 9 months ago by [email protected] to c/[email protected]

211 comments fedilink hide all child comments

Linux people doing Linux things, it seems.

(page 3) 50 comments

sorted by: hot top controversial new old

[–] [email protected] 1 points 9 months ago

"primacy"?

Fuck that accusation of turf.

[–] [email protected] 63 points 9 months ago (14 children)

Here's what I think. Both opinions are correct.

Rust is sufficiently different that you cannot expect C developers to learn rust to the level they have mastered C in order to be working at the kernel level. It's not going to happen.

I don't really know too much about rust. Maybe one day I'll actually mess around with it. But the one time I looked at a rust git repo I couldn't even find where the code to do a thing was. It's just different enough to be problematic that way.

So I think probably, the best way IS to go the way linus did. Just go ahead and write a very basic working kernel in rust. If the project is popular it will gain momentum.

Trying to slowly adapt parts of the kernel to rust and then complain when long term C developers don't want to learn a new language in order to help isn't going to make many friends on that team.

[–] [email protected] 63 points 9 months ago* (last edited 9 months ago) (3 children)

But that's the thing where you are wrong. They clearly state they don't want C developers to learn Rust. In the particular video posted he was saying "I want you to explain to me how this particular API works so that I can do it"

The concerns about who fixes what on a merge when the C code breaks Rust code are valid, but that's easily fixed by gathering with the Rust developers, explaining the changes and letting them fix it.

[–] [email protected] 7 points 9 months ago (8 children)

You could alternatively phrase "But that's the thing where you are wrong" as "But here's the crux of why I disagree", it's a bit more personable

load more comments (8 replies)

load more comments (2 replies)

[–] [email protected] 20 points 9 months ago (5 children)

But the one time I looked at a rust git repo I couldn't even find where the code to do a thing was.

IMO that tells more about how the project was organized and names things than the language used.

So I think probably, the best way IS to go the way linus did. Just go ahead and write a very basic working kernel in rust. If the project is popular it will gain momentum.

As the other commenter pointed out, there's Redox. The issue is that this completly disregards an incremental approach: you have to rewrite everything before it comes usable, you can't do it piece by piece. Currently the approach of Rust for Linux is not even to rewrite things, but to allow writing new drivers in Rust.

Trying to slowly adapt parts of the kernel to rust and then complain when long term C developers don't want to learn a new language in order to help isn't going to make many friends on that team.

Have you seen the conference video? That's not just refusal to learn a new language, it's open hostility. And it's not the only instance, for example Asahi Lina also reported unreasonable behaviour by some maintainers just because she wrote Rust code, even when Rust was not involved.

load more comments (5 replies)

[+] [email protected] -10 points 9 months ago (1 children)

That's why I often recommend D instead.

Has a much more C-style syntax, except much more refined from the years of hindsight. The catch? No corporate backing, didn't jump on the "immutable by default" trend when functional programming evangelists said for loops are a bad practice and instead we should just write recursive functions as a workaround, memory safety is opt-in (although "safe by default" can be done by starting your files with @safe:), some of the lead devs are "naive centrists" who want to "give everyone a chance at coding even if they're bad people (nazis)", implementing new changes to the lang has slowed down significantly up until the departure of Adam D Ruppe and the drama surrounding it, etc.

[–] [email protected] 7 points 9 months ago (1 children)

"safe by default" can be done by starting your files with @safe:

Last time I heard about that it was much more limited than Rust, for example it even disallowed taking references to local variables. Has something changed since then?

[–] [email protected] 0 points 9 months ago (1 children)

D has many memory safety features. For local variables, one should use pointers, otherwise ref does references that are guaranteed to be valid to their lifetime, and thus have said limitations.

[–] [email protected] 5 points 9 months ago (1 children)

For local variables, one should use pointers, otherwise ref does references that are guaranteed to be valid to their lifetime, and thus have said limitations.

Should I take this to mean that pointers instead are not guaranteed to be valid, and thus are not memory safe?

[–] [email protected] 1 points 9 months ago (3 children)

Pointers are not guaranteed to be safe. DIP1000 was supposed to solve the issue of a pointer referencing to a now expired variable (see example below), but it's being replaced by something else instead.

int* p;
{
  int q = 42;
  p = &q;
}
writeln(*p);     //ERROR: This will cause memory leakage, due to q no longer existing

load more comments (3 replies)

[–] [email protected] 15 points 9 months ago (3 children)

RedoxOS! There's been solid progress too, beyond just having a functional microkernel, they have many of the userspace tools/their version of coreutils, even a desktop environment already mostly implemented!

My understanding is that it shouldn't be too bad to port some other things over as well. The main issue I had was just the lack of drivers, especially since it's still tricky even on Linux, and the microkernel architecture (though more secure) also means there's no way to reuse any of those from Linux

[–] [email protected] 3 points 9 months ago (1 children)

Same with Ironclad kernel and OS written in Ada Programing language. Nice to see these systems development

load more comments (1 replies)

load more comments (2 replies)

load more comments (10 replies)

[–] [email protected] 16 points 9 months ago (11 children)

Not an expert in both the languages but I heard that C developers are trained to use memory smartly, sometimes even reuse a range of allocated memory for completely different purpose to save cycles freeing and reallocating. But for Rust developers, everything is about making sure when one should get the hand away from the memory, and whose memory is allowed to be touched.

Sounds to me like sharing rides that maximise economically but we may have some oops moments sitting on someone's laps vs absolute private rides to make sure no one in your family will be harmed but we have to make sure everyone gets a car only when needed.

It is quite interesting to see how it will work out eventually...

[–] [email protected] 24 points 9 months ago (3 children)

I heard that C developers are trained to use memory smartly

Kernel coders are an entirely different breed, and when I worked with a few of them they were just stunning. The smartest man I know on the planet so far coded on the Unix kernel -- the one that IBM forced back to Novell who'd already fired their staff after selling it, and thus shelved it and killed Unix. He is and was amazing.

So yes, I can confirm that Kernel devs know how to manage their memory -- they use very little, they allocate and free it, and they build very small, tight, optimized kernels by knowing how the optimizer will do things and how to hint it to do what they know needs to happen.

Yeah, it's a skill. Yeah, it takes skilled people. I'd like to one day find out that really big training wheels will let anyone build code that well, but I've seen the goal and I don't expect we're there yet.

Let the kernel be built by kernel devs.

[–] [email protected] 60 points 9 months ago* (last edited 9 months ago)

They are amazing but at the end of the day they are still humans and they can make mistakes. In the YouTube video referenced one of the C devs is heavily against rust.

Decided to go look for CVEs from code the guy manages (Ted Ts'o) I found these

CVE-2024-42304 — crash from undocumented function parameter invariants

CVE-2024-40955 — out of bounds read

CVE-2024-0775 — use-after-free

CVE-2023-2513 — use-after-free

CVE-2023-1252 — use-after-free

CVE-2022-1184 — use-after-free

CVE-2020-14314 — out of bounds read

CVE-2019-19447 — use-after-free

CVE-2018-10879 — use-after-free

CVE-2018-10878 — out of bounds write

CVE-2018-10881 — out of bounds read

CVE-2015-8324 — null pointer dereference

CVE-2014-8086 — race condition

CVE-2011-2493 — call function pointer in uninitialized struct

CVE-2009-0748 — null pointer dereference

Do you see a pattern in the type of error here? It's pretty much entirely memory related and right in the wheelhouse of something rust would just outright not allow short of just slapping everything into unsafe blocks.

The Old Guard is not perfect, and they are acting as a barrier to new talent coming in. Sometimes change is good and I'm heavily in the camp that rust one of those times. Linus seems to agree as he allowed the code into the kernel which he would never do lightly or just because it's fomo

[–] [email protected] 12 points 9 months ago* (last edited 9 months ago)

But on the other hand you can’t expect some smaller and smaller subset of the population to primarily just learn C and meet the criteria of a kernel dev.

I absolutely agree with all your points, and most rust devs would agree, but the general idea is that over time that energy (which would have been spent tweaking malloc and such) should be spent on the rust compiler and memory management systems, which is already magic as someone who as written a lot of c, c++, and spent the better part of a year learning rust. (I’m no expert of course, but I have a pretty decent grasp on the low level memory management of both the Linux kernel and the rust compiler).

So that over time the effort that would be spent on memory management and kernel functionality can be properly divided. Rust not being efficient somewhere in catching memory faults or managing memory? Fix it. Someone writing unsafe rust code? Fix it.

I think at the end of the day everyone wants the same thing which is a memory safe kernel, and I think that rust Is being shoehorned into kernel projects too early in places where it shouldn’t be, but I also think there is unnatural resistance to it just because it’s different elsewhere to "how it's always been done."

load more comments (1 replies)

load more comments (10 replies)

load more comments