The Case for Rust (in the base system)

Alain De Vos said:
Doesn't rust has zillions of features compared to other programming languages like e.g. python.
I don't even start to learn it as it is too huge. Just like C++.
Click to expand...
Completely agree. My copy of K&R is about 1/4" thick, and that's the way I like it! It's kind of tragic for linux because right back at the start it was also small, compact and neat. Now they've bloated the kernel beyond the realms of reason and fragmented userland beyond all belief. When I put a modern linux distro on a box I struggle to even recognise much of it as unix nowadays. Don't change, FreeBSD. Change isn't always for the best.
 
Alain De Vos said:
Doesn't rust has zillions of features compared to other programming languages like e.g. python.
I don't even start to learn it as it is too huge. Just like C++.
Click to expand...
Beastie7 said:
If you read that email thread; no-one there provided any real practical reason for inclusion; other than it being "hot, new and flashy". The cost-benefit ratio would be a complete net negative. The whole premise for Rusts existence was "better security" when we could just improve the security of existing software. Thankfully research has been done with FreeBSD to increase security at the low end of the stack. (eg. CHERI/Capsicum)
Click to expand...

Well, hold on a sec. Alain is on the right track here. Rust might be too big already at this point but it is dwarfed by C++20 and 23.

C is deficient in features. You can't even have trivial algorithms like sort in a manner that is either type-safe or array size safe, not to speak of hashtables. There are no exceptions or other error handling primitives - errno is a global variable for crying out loud (of course this comes from Unix but anyway). No (optional) array bounds checking. No (optional) integer overflow checking. No syntactic support for keeping track of memory.

The problem, however, is that almost all attempts to do better in a GC-less statically typed language have been screwed up. What is different about about Rust is that we don't yet know whether it is screwed up.

Cheers.
 
cracauer@ said:
Well, hold on a sec. Alain is on the right track here. Rust might be too big already at this point but it is dwarfed by C++20 and 23.

C is deficient in features. You can't even have trivial algorithms like sort in a manner that is either type-safe or array size safe, not to speak of hashtables. There are no exceptions or other error handling primitives - errno is a global variable for crying out loud (of course this comes from Unix but anyway). No (optional) array bounds checking. No (optional) integer overflow checking. No syntactic support for keeping track of memory.

The problem, however, is that almost all attempts to do better in a GC-less statically typed language have been screwed up. What is different about about Rust is that we don't yet know whether it is screwed up.

Cheers.
Click to expand...
zig ?
 
Beastie7 said:
real practical reason for inclusion
Click to expand...
From the link: "In a recent thread on src-committers"

So, not that thread, but a different one. Those lists are not public. Presumably those reasons were already considered if they were bringing practical considerations to the public list.
 
cracauer@ said:
C is deficient in features. You can't even have trivial algorithms like sort in a manner that is either type-safe or array size safe, not to speak of hashtables. There are no exceptions or other error handling primitives - errno is a global variable for crying out loud (of course this comes from Unix but anyway). No (optional) array bounds checking. No (optional) integer overflow checking. No syntactic support for keeping track of memory.
Click to expand...
I'm under impression that all those missing features can be implemented as C libs in #include files... and that some people actually did that.

I'm ready to have those assumptions of mine debunked. Go.
 
msplsh said:
From the link: "In a recent thread on src-committers"

So, not that thread, but a different one. Those lists are not public. Presumably those reasons were already considered if they were bringing practical considerations to the public list.
Click to expand...

I think that went as designed. src-committers is not supposed to be about technical direction. So the discussion was moved to hackers instead.
 
cracauer@ said:
C is deficient in features. You can't even have trivial algorithms like sort in a manner that is either type-safe or array size safe, not to speak of hashtables. There are no exceptions or other error handling primitives - errno is a global variable for crying out loud (of course this comes from Unix but anyway). No (optional) array bounds checking. No (optional) integer overflow checking. No syntactic support for keeping track of memory.
Click to expand...

astyle said:
I'm under impression that all those missing features can be implemented as C libs in #include files... and that some people actually did that.

I'm ready to have those assumptions of mine debunked. Go.
Click to expand...

astyle beat me to it.
 
astyle said:
I'm under impression that all those missing features can be implemented as C libs in #include files... and that some people actually did that.

I'm ready to have those assumptions of mine debunked. Go.
Click to expand...

It is not logically possible to proof the absence of some piece of code on the Internet. All I can say is that I have never seen a C include file that would add exception handling and from my reading of the spec it looks impossible.
 
cracauer@ said:
All I can say is that I have never seen a C include file that would add exception handling and from my reading of the spec it looks impossible.
Click to expand...
If I understand correctly, *.c and *.h (aka header) is completely equivalent. Just used different extension for human's convenience. Some compilers could hesitate to compile other than *.c as command line argument, though.

For example, header files (*.h) are included using #include, but it can include *.c files, too. Moreover, no matter what the extension is.

rg -n "#include" /usr/src/sys/ | rg "\.c>" | wc -l
shows 37, where rg(1) is textproc/ripgrep.

Also,
rg -n "#include" /usr/src/sys/ | rg --invert-match "\.h>" | rg --invert-match '\.h' | rg "\.c:" | wc -l
shows 221, including some noises by comment lines.
 
Not sure what direction we are drifting in right now. Most FreeBSD developers are C experts and can use the language near its theoretical capability.
 
cracauer@ said:
It is not logically possible to proof the absence of some piece of code on the Internet. All I can say is that I have never seen a C include file that would add exception handling and from my reading of the spec it looks impossible.
Click to expand...
C language is Turing-complete, y'know... Which means that even if the formal spec for C does not have exception handling, there's nothing preventing anyone from implementing it from scratch, even as a private, unreleased project on a single personal system.

Connecting that back to this thread - it does look like Rust is growing out of control with its crates. Sure, the crates extend the functionality and improve memory safety - but that's nothing that cannot be done in C... :p

Hell, did you know that C has been used to implement a lot of other languages, like Ocaml, the precursor to Rust? And that in spite of lacking a garbage collector since 2013, it's actually bulkier than Java (thanks to all those crates)?

Compiling Rust from scratch will rust the CPU, y'know...
 
As most C compilers support inline assembly codes, even assembly codes coulde be included in header files for C. Not meaning "pure C", but "practical C". And if I recall correctly, ancient C compilers had as(1) in its build pipeline.
 
So. C is a low-level systems programming language. The earliest versions of the unix kernel were written in assembler. They wanted to port unix to other architectures, so they designed C as a language to re-write the unix kernel in, with the design goal of leaving as little of the machine-specific assembler within the kernel as possible. Once they had re-written the kernel in C, unix became readily portable to other machine types, and that is a major reason why it was succesful. See this paper https://www.bell-labs.com/usr/dmr/www/chist.html .

At the time the whole unix kernel was only of the order of thousands or maybe 10's of thousands of lines of code. The John Lions "commentary on unix kernel" book is less than half an inch thick. Unix was a small portable system, created by a small team.

C has been successful over the years because the language has remained small and stable, consider the contrast with C++. If you want hashtables, exceptions etc as first-class language features, you need a higher level language, not C. If you want to do those kind of things in C, you write actual C code to do them. The ansi C standard doesn't mention hashtables or exceptions, as far as I am aware.

Add more features to C at your peril, for that is the path towards C++. C has remained successful because the specification has remained concise and feature creep has been resisted by the wise heads of the C standards comittee.

As for errno, that was a major fcuk-up in the unix system call library design. C itself can't be blamed for that.

Torvalds was asked in a recent interview why rust has been added to the linux kernel; he said it was because they didn't want to become stale and just keep doing the same old thing, they wanted to add something new. I suppose that's one reason. I'm sure there are commercial reasons behind the scenes, including the availability of rust developers. C isn't being taught so much in comp. sci. courses nowadays. It remains to be seen how successful the addition of rust will be. Personally I hope that freebsd doesn't go down the same path, certainly not at the current state of development of rust.

View: https://www.youtube.com/watch?v=YyRVOGxRKLg
 
One problem crates.io might have is "crate squatting". Someone creates an empty crate for an obvious name like 'file' or 'disk'. No code - just their name and a copyright - along with a note asking for help to complete the thing. I spotted two such examples two years ago but forget their names.
 
blackbird9 said:
Personally I hope that freebsd doesn't go down the same path, certainly not at the current state of development of rust.
Click to expand...

Looking at all the "prestigious" C-based open source projects that care about code quality (ie. PostgreSQL, Nginx, redis, Dtrace etc.); I've yet to see them complain about C to the point where a complete re-write would be necessary in a different language. Ironically these projects tend to bode well with FreeBSD. I'd wager a lot of folks in the greater open source world would hold the same objections.
 
Alain De Vos said:
Compare to the freebsd kernel scheduler. If you write it in assembly its even larger.
Click to expand...
astyle said:
hmmm 😏 ... Do you have the numbers to back THAT up?
Click to expand...

I expect Alain is talking about size of source, not object code.

When it comes down to it, any ultimately optimised program - or just a (relatively) critical section of code - will read well and compactly in assembler.

Try writing boot0.S in C ;-)
 
cracauer@ said:
C is deficient in features. You can't even have trivial algorithms like sort in a manner that is either type-safe or array size safe, not to speak of hashtables.
Click to expand...
Still you can have all of that. And to be precise, you can even have the type safety and bounds checking if you just add it (which can certainly be done in a generic way), the catch is: at runtime only. You could probably debate a lot whether more language support here is a good thing. Of course I see the need, e.g. when it's about speeding up development without sacrificing quality....

cracauer@ said:
There are no exceptions [...]
Click to expand...
Oh the great joy this ill concept is "missing"! Yep, that's "opinionated", we're currently going to great lengths at work (where most code is implemented in C#) to at least have our domain layer exception-free. Let me first show you some pretty old paper I found when we took that decision: https://www.lighterra.com/papers/exceptionsharmful/

In a nutshell, exceptions introduce a "hidden" control flow path. In the real world, you basically have two kinds of error conditions: The expected errors (for which "business rules" exist), and these should always be handled as close as possible to where they occur. Doing that with exceptions always bears the risk to forget handling them, silently promoting them to the second category: Unexpected (and therefore "fatal") errors. The only sane way to "handle" them is: Abort whatever you are currently doing. Sure, you can use Exceptions for that, but the handler probably won't do much more than logging the error in some way. Some languages came up with ideas how to "fix" the issue ("checked exceptions") you wouldn't have without exceptions in the first place, littering the code with ridiculous lists of exception types that could appear on any boundary ... just gross.

Now, what's worse than just exceptions? Combining them with a language not offering managed resources. The "solution" C++ came up with to solve this issue is called RAII. It leads to creating lots of purely technical classes, just for the sake of managing resources leveraging the construction/destruction. Gross again. TBH, I didn't look much into Rust so far, no idea how Rust is dealing with these issues, pretty likely at least better than C++....

cracauer@ said:
[...] or other error handling primitives
Click to expand...
There's at least an idiomatic approach that isn't all bad: The return value is reserved for "error codes", while the actual return value is passed "by reference" in one of the arguments, typically the fist one. Sure, this has drawbacks, e.g. you might want more error information than just a number.

The idea I currently like most is the generic Result<T> object which can either contain a Success<T> or an Error<T> (with whatever description you might need). Sure, C doesn't offer that either, but if you really need it, it can be implemented in C.

cracauer@ said:
errno is a global variable for crying out loud (of course this comes from Unix but anyway).
Click to expand...
That of course is a horrific legacy. At least, errno was made thread safe (which implies some stupid complexity in the C lib implementing that). I just hope no sane modern code would ever add more usage of that extremely dumb idea.

cracauer@ said:
The problem, however, is that almost all attempts to do better in a GC-less statically typed language have been screwed up. What is different about about Rust is that we don't yet know whether it is screwed up.
Click to expand...
That's a very nice way to summarize it 😉

As I wrote earlier, I do have some concerns about integrating Rust into base, but they're not about the language itself. It looks like one of the best attempts so far.
 
You must log in or register to reply here.
Back
Top