Greg Kroah-Hartman… urged fellow contributors to embrace those interested in contributing Rust code to improve the kernel.
"Adding another language really shouldn’t be a problem… embrace the people offering to join us
Thoughts on this?
Despite my drive-by shitposts in the rest of this thread I want to make a serious point here.
There’s a large part of software engineering that thinks languages are chosen based on the problem, as a tool for a job.
They aren’t. They’re chosen based on the team, on how well the team knows and can use the tool. On how many people can be hired with the knowledge of the tool to work immediately.
Sometimes, even if the team knows C well, there can be a problem so different it’s worth using another tool. say python for some testing scripts on a C project.
But rust and C are too similar for this to apply. If you want rust to be used for the kernel you have to push for it to be more well known and used, so more Devs come into teams already knowing it well. Anyone agreeing to work on a team using rust is making a career decision that will be stay on their CV forever and you need them to feel good about this, that it will give them more opportunity in future.
It’ll take 20+ years because that’s how long legacy code is often maintained for and we already have 20+ years of future legacy code for C teams to deal with. We’re all making more future legacy C code than future legacy rust code too.
I’m trapped in C++ so I’m doomed but good luck C and Rust coders.
In my mind, introducing Rust would only make sense if:
- There was a serious lack of current kernel developers (which I don’t think there is)
- New hardware and tech was evolving at a rate that the Linux Kernel could not keep up (again, I don’t think this is am issue)
- The end goal is to migrate the entire Kernel to Rust.
Regarding point 3, having both C and Rust really only makes sense as a transition phase (measured in years) - as it would require kernel developers to be savvy in both C and Rust, or would force developers to stay within whatever domains were implemented in C or Rust.
- There was a serious lack of current kernel developers (which I don’t think there is)
Maybe not at the moment, but my understanding is that the pool of qualified C programmers is shrinking rapidly, because the old guard is all ageing out and there simply are not enough intermediate developers coding in C at the level that Kernel development requires.
Having a larger (and growing) pool of upcoming developers interested in systems programming and software excellence is one of the explicit stated reasons that Linus et al. considered Rust in the first place.
it would require kernel developers to be savvy in both C and Rust
From my experience knowing how both C and rust works makes you a better developer in both languages.
Learning Rust made me a better C# programmer.
Oh absolutely, but you could argue the same for learning lisp or mastering any functional programming language (list comprehensions, etc). It will improve your design patterns when you go back to an object oriented language with some elements of functional programming.
What’s in your mind does not coincide with the professional experience of Greg KH. You shoyld read what he had to say on the subject.
What?!? Actually, read the article? What is this, Reddit? /s
Seriously, though - let me spin the question around: what, in your mind, overlaps with what Greg said?
(plus, OP was just interested in people opinions - not whether they align/contradict with Greg, Linus, etc)
To add something to this: linux has avoided internal SPIs for a long time. It’s often lauded as one of the reasons it hasn’t ossified.
However, some subsystems have a huge amount of complexity and hidden constraint in how you correctly use them. Some of that may be inherent, but more of it will be accidental.
Wrapping type-erased shims around this that attempt to capture (some of) those semantics shines a light onto the problem. The effort raises good technical questions around whether the C layer can be improved. Where maintainers have approached that with an open mind, the results are positive for both C and Rust consumers. Difficult interfaces are a source of bugs; it’s always worth asking whether that difficulty is inherent or accidental.
I’ve gotten into the most hilariously circular debates with rust opponents on this point. Their arguments tend to come down to “just don’t write bad code”.
The team is only as strong as the weakest link. The release is only as good as the least talented dev. Tools that raise the entire foundation are objectively good. Even better are tools that outright prohibit you from even writing entire categories of bugs. Rust is that tool.
And yeah I know it’s not perfect, and it shouldn’t be treated as a panacea. But its advantages should be lauded, not derided because some contributors like to maintain the walled garden of knowledge as if it were a secret spellbook.
- Humans write code
- Humans make mistakes
∴ Humans write bad code
But some beautiful day in the future, bad code will write badder code.
And that’s why I don’t work in software development!
I don’t know about you, but I prefer provably correct code over “just trust me bro.”
There’s an analogy I like here. A manager at a trucking company was hiring a new driver, and he asked each of them how close they could get to the edge on a mountain pass. The first said, “I can get within a wheel’s width.” The second said, “I can drive on the edge, with part of the tire hanging off.” And the third said, “I stay away from the edge.” The third applicant got the job, because why take the risk?
That’s how I feel about C/C++. Why use them if Rust can do the job? You get a lot more safety features without sacrificing performance, what’s not to like?
Did somebody say “provably correct”?
Haskell has entered the chat
Because people already know C/C++.
Okay? I know a half dozen languages well, and am pretty productive with a half dozen more. If you’re an experienced software engineer, picking up a new language should be easy. If a language is useful for a given task, I use it. If another language offers benefits I want, I learn it.
It’s like any other profession, why limit yourself to one tool? If a new tool comes out and does the job better, use it.
I love C and it’s my first choice for low level work like microcontrollers. However, it’s not great for larger projects, especially ones with significant security concerns, since subtle vulnerabilities in different areas could be combined to create an attack. Rust provides a lot of protection against common attacks without a performance cost, so it’s a good choice.
That’s kind the entirety of my point: if Rust is a tool that can make expressing algorithms safer and less prone to error - and it can, in a logically provable sense - then what the fuck ground do you have to push back on?
Their arguments tend to come down to “just don’t write bad code”.
Oooooh, that’s a good stratagy! Write that down! Write that down!
I feel like better tooling is a safer bet. I know people hate on AI here but tooling that can detect flaws in C memory management would be basically as good as Rust itself.
Just fork it, do a complete rewrite in Rust, and call it “Runix”
More OS options is better for everyone.
The one thing stopping large scale adoption of linux is definitely the lack of options.
ikr
I just want WindowsXP without security risks. If Linux could make a WindowsXP clone, that works with exe files, and works exactly like WindowsXP, except handles modern standards, I would jizz all over the place.
Yeah. I’m leaving it in as motivation for linux developers. If they don’t want to hear about my jizz spraying like a firehose, they should made LindowsXP.
SEE??? I EVEN GAVE YOU A GREAT BRAND NAME!
There was a “Lindows” back in the day…
This sort of exists https://reactos.org/
Key word on sort of, it’s quite rough in many areas
Microhard?
Theres heaps of stuff that is under-developed or mssing, but they prefer to rewrite working code in Rust, because ideology.
We are witnessing the death of Linux here, no less, replacing a working kernal with an still undefined language that everyone will have forgotten in 5 years.
That does NOT sound like a good idea.
We’ve turned our development model into a well-oiled engineering marvel,
Exactly, and I’m pretty sure one of the reasons is that it’s remained on C, and NOT switched to C++, as has been often suggested.
The second they make it a mixed code base, that’s the same second quality will deteriorate. Mixed code base is a recipe for disaster.Edit:
Torvalds eventually responded by defending the Linux kernel development process and scolding Martin for grandstanding on social media about the issue. Martin later quit as a Linux maintainer and resigned from the Asahi Linux project.
Seems like Linus isn’t onboard with this.
But I guess all the downvoters know better?
opening for a mixed code base is a recipe for disaster.
Greg Kroah-Hartman:
Yes, mixed language codebases are rough, and hard to maintain, but we are kernel developers, dammit.
That’s special pleading, that lacks basis in reality. Still he admits it’s rough to mix codebases.
I’m not claiming Rust wouldn’t be brilliant in some situations, but the detraction of a mixed codebase is worse than the benefit.
Moving from C to C++ would also not solve any real problem. C++ of course adds OOP which I think can be nice (not everyone agrees with this!) but it also adds an insane amount of language complexity and instability. Mentally reasoning about C code is hard, reasoning about C++ code is nearly impossible.
Rust however brings a novel solution to classes of problems like ownership and mutability with the borrow checker. It’s now accepted to be a great tool for writing high performance code while preventing a substantial amount of common, but often subtle, bugs from slipping through. It’s not arbitrarily the first non-C code to be accepted in the kernel. And it’s used in other operating systems like Android and Windows already.
In general, for me, Rust > C > C++.
I’ve heard people say that C is like a loaded and cocked revolver, and if you’re not careful, you could blow your foot off, whereas C++ is like a loaded and cocked sawed-off shotgun, and if you’re not careful, you could blow your leg off.
C++ is a semi automatic shotgun with 200 barrels pointing in all directions.
Whilst it’s gotten a lot better in the -17 and -20 iterations, the fact that there was recently a doorstop book published solely on the subject of C++ initialisation semantics is pretty telling.
I really like what Herb Sutter’s doing around cppfront; I still wouldn’t use C++ unless I absolutely had to.
Mostly this ^.
There’s just not really demand for C++ in the kernel; that’s not the case with Rust.
I think rust would also bring in more developers. So more changes would eventually make its way into the kernel.
The second they make it a mixed code base, that’s the same second quality will deteriorate.
I envy your confidence!
Maybe I’m wrong, but as I read the article, Linus isn’t convinced this is a good idea either.
I’m not saying things can never change, but opening for a mixed code base is a recipe for disaster.You’re wrong, but it’s possible the article gave you that impression. Read the mailing-list thread.
It’s particularly worth reading Ted T’so’s contribution, which (considering his rude behaviour at the recent con led to a previous round of this nonsense) seems much more positive.
