Re: The Case for Rust (in the base system)

From: Robert R. Russell <robert_at_rrbrussell.com>
Date: Mon, 22 Jan 2024 22:45:43 UTC
On Mon, 22 Jan 2024 19:17:30 +0100
Matthias Andree <mandree@FreeBSD.org> wrote:

> Am 21.01.24 um 11:24 schrieb Bertrand Petit:
> 
> > 	One of the strong values of FreeBSD is its stability. For
> > fun I recently booted a 4BSD-something on a VAX emulator and
> > immediately felt at ease, because of this stability. I perceive
> > rust, despite some of its technical merits, as unable to provide
> > that kind of stability. This language is a fast and (still)
> > unstable moving target, so fast that once integrated it will
> > immediately be obsolete on release. The integrated version would
> > probably only be usable to compile base, countless other packaged
> > versions would be required to compile ports---I'm also thinking
> > about llvm here. That is bound to be a maintenance nightmare, for
> > the FreeBSD teams and for the users alike.  
> 
> I have read this thread up to what's here now, and I like that it
> kept to a very useful constructive tone and arguments exchanged.
> 
> So, personally, I've always found a language whose compiler gets 
> recompiled several times a week if I do ports development is
> something I definitely can't advocate having in source.
> 
> The same goes for the 3rd party stuff.
> 
> Even if you mirror external dependencies to prevent from losing them 
> with some upstream maintainer's decision, and keep maintainable, that 
> begs the question: who is reviewing, polishing, maintaining this?  We 
> certainly don't want Log4J-like disasters to strike because in all 
> convenience and "don't rewrite the world" programmer-time efficiency 
> claims we used all sorts of, whoever wrote this, "half the Internet".
> 
> I understand that people who have spoken up in this thread have 
> inter-individually mixed feelings (meaning one person proposes it,
> the next person is loathe of it) about C++, about the Standard
> Template Library (STL) in particular, and I find it a pity that most
> arguments in this thread around C++ did not mention a standard
> edition's year.
> 
> I have been around C++ since before it became an ISO standard, I have 
> seen it on the decline when C++03 seemed to have stalled, but I can 
> really sympathize with Microsoft's "Welcome back to C++" approach.
> C++ has come a really long way, and over the past decade shown to
> deliver continually. C++14 or C++17 is lightyears ahead over what
> people left behind who haven't followed/used it in many years.
> 
> So I really would have wished for people to not just write C++ but 
> really the minimum/oldest edition they would consider.
> 
> I understand why people sometimes steer clear of Standard Template 
> Library - but I really liked how clear the dis-/advantages of its 
> datatypes and algorithms are laid out.  Yes, you can still shoot
> holes into your extremities when abusing the language, but Rust also
> has unsafe modes...
> 
> Rust advocates usually write about safety, but do we really want to 
> argue about introducing all this technical debt to just rule out ONE 
> PARTICULAR class of errors when there are dozens of others that open
> up security risks?   Seems a bit drastic to me.
> 
> Do Rust proponents audit what all the indirect dependencies' codes do 
> before referencing them?  Or are there bodies that tell us what 
> libraries are safe, when the base language can't dance?
> 
> So bottom line, let's see to pushing Rust back and keeping it out of
> the base system until it is stable, mature, and useful without
> betting and risking our world on half of the outside Internet -- and
> we really know it's not just another fad of the decade and have valid
> use cases that really can't be shown in what we have in the base
> system today.
> 

Having had the luxury or curse of not being stuck with only one
programming language I have learned usable pieces of several. C++ is
not on that list even though I have the most formal education in it.
My best way of answering why is this. Would you write or use a C++
codebase maintained by the average developer with just Vi? Up to C++03
I can say yes, after that the answer is no.

A consequence of Microsoft's "Welcome back to C++" item that may have
gotten missed is what resources are they spending to enforce compliance
with a certain C++ standard? Particularly, to enforce the restrictions
on anti-patterns? Cargo needs approximately a dozen lines in a
configuration file to restrict its upstream sources. That includes
whitespace and formatting.