• secret300@lemmy.sdf.org
    link
    fedilink
    arrow-up
    1
    ·
    4 days ago

    What exactly makes rust memory safe? That’s the big selling point of it right? Is the compiler just more strict?

  • kbal@fedia.io
    link
    fedilink
    arrow-up
    498
    arrow-down
    1
    ·
    2 months ago

    I took notes for the benefit of anyone who doesn’t like their info in video form. My attempt to summarize what Linus says:

    He enjoys the arguments, it’s nice that Rust has livened up the discussion. It shows that people care.

    It’s more contentious than it should be sometimes with religious overtones reminiscent of vi versus emacs. Some like it, some don’t, and that’s okay.

    Too early to see if Rust in the kernel ultimately fails or succeeds, that will take time, but he’s optimistic about it.

    The kernel is not normal C. They use tools that enforce rules that are not part of the language, including memory safety infrastructure. This has been incrementally added over a long time, which is what allowed people to do it without the kind of outcry that the Rust efforts produce by trying to change things more quickly.

    There aren’t many languages that can deal with system issues, so unless you want to use assembler it’s going to be C, C-like, or Rust. So probably there will be some systems other than Linux that do use Rust.

    If you make your own he’s looking forward to seeing it.

    • alyxbond@kbin.earth
      link
      fedilink
      arrow-up
      1
      ·
      5 days ago

      Linus Torvalds has made some interesting comments on the Rust vs C debate in the Linux kernel. He enjoys the discussions because it shows that people care about the project, even though things can get a little heated like the classic vi vs emacs arguments. The Rust conversation is still in its early days, and while Linus is optimistic about its future in the kernel, it’s too soon to say whether it will ultimately succeed or fail.

      He points out that the Linux kernel isn’t just “normal” C it’s C with additional tools and rules that ensure memory safety and other protections. This incremental approach has allowed for changes without causing the kind of backlash that Rust has faced with its more dramatic changes.

      At the end of the day, the kernel has to deal with system-level issues, and unless you’re working in assembly, it’s going to be C, C-like, or Rust. Linus is looking forward to seeing how other systems outside of Linux might adopt Rust for their own needs.

      If you’re interested in exploring more of these tech discussions or maybe looking for some related tools, you can download APK for access to various Linux utilities on mobile.

    • gomp@lemmy.ml
      link
      fedilink
      arrow-up
      87
      ·
      2 months ago

      I took notes for the benefit of anyone who doesn’t like their info in video form.

      I love you.

      • gerdesj@lemmy.ml
        link
        fedilink
        English
        arrow-up
        21
        ·
        2 months ago

        Start the linuxa or alinux project and off you trot. Find a better name than I did here and you’ll be fine.

      • nyan@sh.itjust.works
        link
        fedilink
        arrow-up
        5
        ·
        2 months ago

        Nor does Forth (which used to be a common choice for “first thing to bootstrap on this new chip architecture we have no real OS for yet”). Alas, they’re just not popular languages these days.

        • solrize@lemmy.world
          link
          fedilink
          arrow-up
          1
          ·
          edit-2
          2 months ago

          Forth is fun but not really suitable for large, long-lasting projects with huge developer communities. Linux isn’t being bootstrapped, it’s already here and has been around for decades and it’s huge. And, I think bootstrapping-by-poking-around on a new architecture has stopped being important. Today, you have compiler and OS’s targeted to the new architecture under simulation long before there is any hardware, with excellent debugging tools available in the simulator.

        • solrize@lemmy.world
          link
          fedilink
          arrow-up
          1
          ·
          edit-2
          2 months ago

          I have played with Ada but not done anything “real” with it. I think I’d be ok with using it. It seems better than C in most regards. I haven’t really looked into Rust but from what I can gather, its main innovation is the borrow checker, and Ada might get something like that too (influenced by Rust).

          I don’t understand why Linux is so huge and complicaed anyway. At least on servers, most Linux kernels are running under hypervisors that abstract away the hardware. So what else is going on in there? Linux is at least 10x as much code as BSD kernels from back in the day (idk about now). It might be feasible to write a usable Posix kernel as a hypervisor guest in a garbage collected language. But, I haven’t looked into this very much.

          Here’s an ok overview of Ada: http://cowlark.com/2014-04-27-ada/index.html

      • toastal@lemmy.ml
        link
        fedilink
        arrow-up
        1
        ·
        2 months ago

        This is how they want to frame it. C has footguns, therefore use Rust—instead of Rust is one of the options you could use.

        • solrize@lemmy.world
          link
          fedilink
          arrow-up
          1
          ·
          2 months ago

          I don’t think Ada in the kernel would get any cultural acceptance. Rust has been hard enough. C++ was vehemently rejected decades ago though the reasons made some sense at the time. Adopting C++ today would be pretty crazy. I don’t see much alternative to Rust (or in a different world, Ada) in the monolithic kernel. But Rust seems like it’s still in beta test, and the kernel architecture itself seems like a legacy beast. Do you know of anything else? I can’t take D or Eiffel or anything like that seriously. And part of it is the crappiness of the hardware companies. Maybe it will have to be left to future generations.

      • AusatKeyboardPremi@lemmy.world
        link
        fedilink
        arrow-up
        21
        ·
        2 months ago

        He uses a version of Emacs called MicroEmacs.

        I recall seeing his MicroEmacs configuration a while back when I was exploring options to start using Emacs.

        • corsicanguppy@lemmy.ca
          link
          fedilink
          English
          arrow-up
          4
          ·
          2 months ago

          MicroEmacs

          In testing, to settle a bet by a rabid cult-of-vi peer, I opened a given set of files in each editor, each a day apart because I couldn’t be arsed to clear caches. This guy, otherwise a prince, was railing about emacs, but otherwise suffered days of waiting.

          10/10 the memory usage by his precious vi was same-or-more than emacs.

          There’s so many shared libs pulled in by the shell that all the fuddy doomsaying about bloat is now just noise.

          I avoid vi because even in 1992 it was crusty and wrong-headed. 30 years on the hard-headed cult and the app haven’t changed.

          I don’t see how microEmacs can improve on what we have by default, and I worry that the more niche the product is the harder it will be to find answers online. But I’m willing to be swayed if anyone can pitch its virtues.

          • chonglibloodsport@lemmy.world
            link
            fedilink
            arrow-up
            6
            ·
            2 months ago

            MicroEmacs was written in 1985 and has nothing to do with GNU Emacs (which people just call Emacs these days). It’s entirely outside of the vi-vs-emacs war.

      • thingsiplay@beehaw.org
        link
        fedilink
        arrow-up
        4
        ·
        2 months ago

        If we can believe random strangers in the internet, then Linus uses a self maintained lighter version of Emacs, or has. Looks like Linus is an Emacs guy.

    • m4m4m4m4@lemmy.world
      link
      fedilink
      arrow-up
      23
      ·
      2 months ago

      If you make your own he’s looking forward to seeing it.

      Not a programmer whatsoever but I’ve heard about Zig and people comparing it to Rust, what’s the deal with it?

      • khorovodoved@lemm.ee
        link
        fedilink
        arrow-up
        33
        ·
        edit-2
        2 months ago

        Zig is indeed designed specifically for such tasks as system programming and interoperability with C code. However it is not yet ready for production usage as necessary infrastructure is not yet done and each new version introduces breaking changes. Developers recomend waiting version 1.0 before using it in any serious project.

      • PushButton@lemmy.world
        link
        fedilink
        arrow-up
        27
        arrow-down
        5
        ·
        2 months ago

        Zig is “c”, but modern and safe.

        The big selling points compared to Rust are:

        • A better syntax
        • No hidden control flow
        • No hidden memory allocation
        • Really great interop with C (it’s almost as if you just include the C code as you would in a C code base…)
        • Fast compile time
        • it’s more readable
        • it’s simpler to learn

        The syntax is really close to the C language; any C programmer can pick up Zig really fast.

        IMO Zig is a far better choice to go in the kernel than Rust.

        Linux has tried to include CPP in it, and it failed.

        So imagine if trying to fit in a C-like cousin failed, how far they are to fit an alien language like Rust…

        For more information: https://ziglang.org/learn/why_zig_rust_d_cpp/

        • Giooschi@lemmy.world
          link
          fedilink
          English
          arrow-up
          22
          arrow-down
          2
          ·
          2 months ago

          Zig is “c”, but modern and safe.

          Zig is safer than C, but not on a level that is comparable to Rust, so it lacks its biggest selling point. Unfortunately just being a more modern language is not enough to sell it.

          So imagine if trying to fit in a C-like cousin failed

          C++ was not added to Linux because Linus Torvalds thought it was an horrible language, not because it was not possible to integrate in the kernel.

          • khorovodoved@lemm.ee
            link
            fedilink
            arrow-up
            8
            arrow-down
            1
            ·
            edit-2
            2 months ago

            Zig has other selling points, that are arguably more suitable for system programming. Rust’s obsession with safety (which is still not absolute even in rust) is not the only thing to consider.

              • steeznson@lemmy.world
                link
                fedilink
                arrow-up
                4
                ·
                2 months ago

                UB is only one class of error though. I get nervous when people talk about re-writing battle hardened code which has been used - and reviewed by the community - for decades because there are going to be many subtleties and edge cases which are not immediately apparent for any developer attempting a re-implementation.

                • teolan@lemmy.world
                  link
                  fedilink
                  arrow-up
                  2
                  arrow-down
                  2
                  ·
                  2 months ago

                  Like sudo that has had zero days lurking for 10 years?

                  I’m not advocating for reimplementing stuff for no good reason though.

                • Auli@lemmy.ca
                  link
                  fedilink
                  English
                  arrow-up
                  1
                  arrow-down
                  5
                  ·
                  2 months ago

                  You mean old code that has bugs that are no just being discovered. Battle hardened code and many eyeballs means nothing.

        • teolan@lemmy.world
          link
          fedilink
          arrow-up
          13
          arrow-down
          5
          ·
          2 months ago

          Zig is a very new and immature language. It won’t be kernel-ready for at l’East another 10 years.

          a better syntax

          That’s pretty suggestive. Rust syntax is pretty good. Postfix try is just better for example.

          Zig also uses special syntax for things like error and nullability instead of having them just be enums, making the language more complex and less flexible for no benefit.

          Syntax is also not everything. Rust has extremely good error messages. Going through Zig’s learning documentation, half the error messages are unreadable because I have to scroll to see the actual error and data because it’s on the same line as the absolute path as the file were the error comes from

          No hidden memory allocation

          That’s a library design question, not a language question. Rust for Linux uses its own data collections that don’t perform hidden memory allocations instead of the ones from the standard library.

          it’s more readable

          I don’t know, Rust is one of the most readablelangueage for me.

          Fast compile time

          Is it still the case once you have a very large project and make use of comptime?

          it’s simpler to learn

          Not true. Because it doesn’t have the guardrails that rust has, you must build a mental model of where the guardrails should be so you don’t make mistakes. Arguably this is something that C maintainers already know how to do, but it’s also not something they do flawlessly from just looking at the bugs that regularly need to be fixed.

          Being able to write code faster does not equate being able to write correct code faster.

          Really great interop with C

          Yes, because it’s basically C with some syntax sugar. Rust is a Generational change.

        • Fonzie!@ttrpg.network
          link
          fedilink
          arrow-up
          4
          arrow-down
          1
          ·
          2 months ago

          Linux has tried to include CPP in it, and it failed.

          So imagine if trying to fit in a C-like cousin failed, how far they are to fit an alien language like Rust…

          But that wasn’t about the syntax, but about the fastnesses, size and control, want it? Things that shouldn’t be much of an issue to Rust.

      • theshatterstone54@feddit.uk
        link
        fedilink
        arrow-up
        17
        arrow-down
        2
        ·
        2 months ago

        Zig is feasible for systems programming and some, (most notably, the Primeagen in one video) claim it should have gone into the kernel instead of Rust, but I don’t know Zig so I don’t feel qualified to comment beyond that.

          • CeeBee_Eh@lemmy.world
            link
            fedilink
            arrow-up
            2
            ·
            2 months ago

            He just mentioned it as an example of a kernel written in Rust. The interviewer asked if Rust isn’t accepted into the Linux kernel, would someone go out and build their own in Rust, and Linus mentioned Redox saying that’s already happened.

    • Psyhackological@lemmy.ml
      link
      fedilink
      arrow-up
      7
      ·
      2 months ago

      I think it can be summed up to C is more mature than Rust so we wait for Rust to shine Rust can overcome some complex things in C and vice versa

    • EveryMuffinIsNowEncrypted@lemmy.blahaj.zone
      link
      fedilink
      English
      arrow-up
      5
      arrow-down
      2
      ·
      edit-2
      2 months ago

      How is it that no matter what the damn topic is, Linus always seems to be the most level-headed in the room? I really admire him for that…

       


      Edit: Lol, Linus, not Linux. Linus. xD

      • Allero@lemmy.today
        link
        fedilink
        arrow-up
        17
        ·
        2 months ago

        Linus did have emotion control issues and was not always completely rational, but he’s gone a long way towards being incredibly responsible to his child that powers the world.

        Also, he long understands that Linux ain’t a hobby project, which some programmers still get to think.

  • thingsiplay@beehaw.org
    link
    fedilink
    arrow-up
    45
    arrow-down
    1
    ·
    2 months ago

    You can’t improve and break silence without discussing and making changes. The existing maintainers won’t live forever, having Rust in the Kernel is a bet on the future. Linus wouldn’t have adopted and accepted Rust, if he wasn’t thinking its worth it. And looks like it was already worth it.

      • λλλ@programming.dev
        link
        fedilink
        arrow-up
        14
        ·
        2 months ago

        Do you have something against it? People hate on it like it’s a fad or whatever. But, the people who like it, LOVE it.

        Rust is the most admired language, more than 80% of developers that use it want to use it again next year.

        https://survey.stackoverflow.co/2023/#overview

        Rust is on its seventh year as the most loved language with 87% of developers saying they want to continue using it.

        https://survey.stackoverflow.co/2022/#overview

        8 years in a row. I can understand the perspective of someone who spent years honing their craft in C/C++ and not wanting to learn a new language. But, the Harassment of the “Rust in Linux Lead” is ridiculous. I’m not saying you are harassing. But, saying it’s a tech bro thing is just negative and doesn’t do justice to how many devs just like rust.

        • nanook@friendica.eskimo.com
          link
          fedilink
          arrow-up
          1
          ·
          4 days ago

          @lambda @x00za Well for what it’s worth, there is Redox, a Posix compliant kernel written entirely in Rust. There are some other aspects of Redox I don’t like, chiefly it’s use of a microkernel, which, while it makes portability better it exacts a performance penalty, and of having all drivers operate in userland, perhaps better from a security standpoint but again exacts a performance penalty.

          • λλλ@programming.dev
            link
            fedilink
            arrow-up
            1
            ·
            2 months ago

            Fair enough. Personally, I am a developer who only has worked professionally in C#. C/C++ scare me. I would get used to it if I were to use it professionally. on the other hand, I picked up rust as a hobby language for some low level stuff because I love the guardrails the compiler provides. I think rust would help make me a better C programmer TBH.

        • zygo_histo_morpheus@programming.dev
          link
          fedilink
          arrow-up
          3
          ·
          2 months ago

          If anything I think that the current rust discourse is a fad. I’m not sure what it is about rust that makes people have so strong opinions about it but I can’t wait for it to become a “normal” language so that people can chill about it a bit.

        • refalo@programming.dev
          link
          fedilink
          arrow-up
          2
          ·
          2 months ago

          It’s also possible the number of people who like it do not outnumber the people who don’t like it

          • λλλ@programming.dev
            link
            fedilink
            arrow-up
            3
            ·
            2 months ago

            Its also possible that out of the people who hate on it, the people who haven’t actually tried it outnumber the ones who have.

    • corsicanguppy@lemmy.ca
      link
      fedilink
      English
      arrow-up
      1
      arrow-down
      23
      ·
      2 months ago

      The existing maintainers won’t live forever, having Rust in the Kernel is a bet on the future.

      You’re drastically reducing your talent base by requiring membership in two groups of experts. Well done.

      The comma splice gives it away, but you’re new at organizing groups and practicing set theory, aren’t you?

      • thingsiplay@beehaw.org
        link
        fedilink
        arrow-up
        21
        arrow-down
        1
        ·
        2 months ago

        No. That does not mean they have to program in both languages. If the programmer only understand one language (which would be a shame), then they only need to program in their field. This increases the talent base, not reduces it. C programmers do not need to be a Rust expert, so what in the world are you saying there? They just need to cooperate!

  • GravitySpoiled@lemmy.ml
    link
    fedilink
    English
    arrow-up
    48
    arrow-down
    5
    ·
    2 months ago

    I don’t want to watch a video about it.

    I’d like to know it, but a couple of sentences wouldn’t have hurt

    • blackbrook@mander.xyz
      link
      fedilink
      arrow-up
      32
      ·
      2 months ago

      FWIW, it’s a 9 min video and doesn’t contain anything earth shattering or easily summarized. Basically there is some friction between C and Rust devs, and Linus doesn’t think that it’s such a bad thing (there has be interesting discussion) and it’s way too early to call Rust in the kernel a failure.

        • atzanteol@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          16
          ·
          2 months ago

          It forces you to be careful in the way it wants you to be careful. Which is fine, but it makes it a strange beastie for anyone not used to it.

              • Kairos@lemmy.today
                link
                fedilink
                arrow-up
                7
                ·
                edit-2
                2 months ago

                I feel like a garbage collector would be too much a performance hit for kernel stuff.

                • InverseParallax@lemmy.world
                  link
                  fedilink
                  English
                  arrow-up
                  3
                  ·
                  2 months ago

                  2 things:

                  1. It’s more the determinacy, a GC randomly fires up and your systems stops for some long amount of time. There are pauseless GCs but that’s a different nightmare.

                  2. The kernel has things similar to GCs. They’re used for more specialized tasks, and some (like rcu) are absolute nightmares that have take decades to get working.

        • nous@programming.dev
          link
          fedilink
          English
          arrow-up
          10
          ·
          2 months ago

          C is easier to get a program to compile. Rust is easier to get a program working correctly.

        • Fonzie!@ttrpg.network
          link
          fedilink
          arrow-up
          9
          arrow-down
          3
          ·
          2 months ago

          And because it looks like C, JavaScript, Bash and a few others all mixed up together.

          I’ve heard Rust described as “Rust is what you get when you put all the good features of other programming languages together. You can’t read it, but it’s freaking fast!”

        • PushButton@lemmy.world
          link
          fedilink
          arrow-up
          7
          arrow-down
          6
          ·
          2 months ago

          it’s more “it forces you to make it burrow checker friendly”.

          A burrow checker is not the only mechanism to write safe code. All the mess of Rust is all because this is the strategy they adopted.

          And this strategy, like everything in this world, has trade offs. It just happens that there are a lot, like, - a lot -, of trade offs, and those are insufferable when it comes to Rust…

    • mac@lemm.ee
      link
      fedilink
      arrow-up
      6
      arrow-down
      3
      ·
      edit-2
      2 months ago

      I also dont like videos for this stuff. Summarized using kagi’s universal summarizer, sharing here:

      • The integration of Rust into the Linux kernel has been a contentious topic, with some long-term maintainers resisting the changes required for memory-safe Rust code.
      • The debate over Rust vs. C in the Linux kernel has taken on “almost religious overtones” in certain areas, reflecting the differing design philosophies and expectations.
      • Linus Torvalds sees the Rust discussion as a positive thing, as it has “livened up some of the discussions” and shows how much people care about the kernel.
      • Not everyone in the kernel community understands everything about the kernel, and specialization is common - some focus on drivers, others on architectures, filesystems, etc. The same is true for Rust and C.
      • Linus does not think the Rust integration is a failure, as it’s still early, and even if it were, that’s how the community learns and improves.
      • The challenge is that Rust’s memory-safe architecture requires changes to the existing infrastructure, which some long-time maintainers, like the DRM subsystem people, are resistant to.
      • The Linux kernel has developed a lot of its own memory safety infrastructure over time for C, which has allowed incremental changes, whereas the Rust changes are more “in your face.”
      • Despite the struggles with Rust integration, Linus believes Linux is so widely used and entrenched that alternative “bottom-up grown-up from the start Rust kernels” are unlikely to displace it.
      • Linus sees the embedded/IoT space as an area where alternative kernels built around different languages like Rust may emerge, but does not see Linux losing its dominance as a general-purpose OS.
      • Overall, Linus views the Rust debate as a positive sign of the community’s passion and an opportunity to learn, even if the integration process is challenging.
  • Arthur Besse@lemmy.mlM
    link
    fedilink
    English
    arrow-up
    29
    arrow-down
    1
    ·
    2 months ago

    This video is full of jarring edits which initially made me wonder if someone had cut out words or phrases to create an abbreviated version. But, then I realized there are way too many of them to have been done manually. I checked the full original video and from the few edits i manually checked it seems like it is just inconsequential pauses etc that were removed: for instance, when Linus says “the other side of that picture” in the original there is an extra “p” sound which is removed here.

    Yet another irritating and unnecessary application of neural networks, I guess.

  • toastal@lemmy.ml
    link
    fedilink
    English
    arrow-up
    2
    arrow-down
    1
    ·
    2 months ago

    If you believe in ADTs, limiting mutation, & a type system that goes beyond Rust’s affine types + lack of refinements (including a interleaved proof system), you could be writing kernel code in ATS which compiles to C.

      • toastal@lemmy.ml
        link
        fedilink
        arrow-up
        1
        ·
        edit-2
        2 months ago

        Correct me if I am wrong, but my understanding is that you use Coq to prove your theroem, then need to rewrite it in something else. I think there is some OCaml integration, but OCaml—while having create performance for a high level language & fairly predictable output—isn’t well-suited for very low-level kernel code. The difference in the ATS case (with the ML syntax similarity 🤘) is you can a) write it all in a single language & b) you can interweave proof, type, & value-level code thru the language instead of separating them; which means your functions need to make the proof-level asserts inside their bodies to satisfy the compiler if written with these requirements, or the type level asserting the linear type usage with value-level requirements to if allocating memory, must deallocate memory as well as compeletly prevent double free & use after free.

        For those in the back: Rust can’t do this with its affine types only preventing using a resource multiple times (at most once), where linear types say you must use once & can only use once.

        • ☆ Yσɠƚԋσʂ ☆@lemmy.ml
          link
          fedilink
          arrow-up
          2
          ·
          2 months ago

          You’r right that only OCaml and Haskell can be used as extraction target for Coq programs. However, it is possible to use Coq to write verified C software. On example is the Verified Software Toolchain that lets you translate C programs to a format that Coq understands and can prove theorems regarding their behavior.