From nobody Sat Sep 07 19:20:32 2024 X-Original-To: freebsd-hackers@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4X1NGr2tcMz5WNkP for ; Sat, 07 Sep 2024 19:20:36 +0000 (UTC) (envelope-from paulf2718@gmail.com) Received: from mail-wm1-x333.google.com (mail-wm1-x333.google.com [IPv6:2a00:1450:4864:20::333]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "WR4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4X1NGq2zCYz4mHb for ; Sat, 7 Sep 2024 19:20:35 +0000 (UTC) (envelope-from paulf2718@gmail.com) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20230601 header.b=PT1WPHbv; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of paulf2718@gmail.com designates 2a00:1450:4864:20::333 as permitted sender) smtp.mailfrom=paulf2718@gmail.com Received: by mail-wm1-x333.google.com with SMTP id 5b1f17b1804b1-42cb2191107so1178225e9.1 for ; Sat, 07 Sep 2024 12:20:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1725736834; x=1726341634; darn=freebsd.org; h=content-transfer-encoding:in-reply-to:from:content-language :references:to:subject:user-agent:mime-version:date:message-id:from :to:cc:subject:date:message-id:reply-to; bh=6zByH2onN+x5hKJldswyZE2WtIJ/l1M9AAhYKZ8Ebhs=; b=PT1WPHbv9jdgAa27VRYsDFqQRcLcTZ4ezzBBHLtOzXIvij9TGVQSK7oc5N0BOPXRX/ CABKtIlwEL1JdrDVxNrsNQmydMHmPQBZ9S0RojAF3fNXkm3pdxSkAY0IKupkbkWjebNV 2qCQJd+N+gwLXGKeysONBNODQRvCxTd6AR+/ZmruMSIS2RnPT0CyxB1G9O+wpE8WYR2H AZuaUPLrj8pDFFKHAFIYSo3eB1whLlWN8/UR7ETzBUKH2bm2RkT+3+K3r3z6E9TbmjmB mWy5Nz9XtCIBnbbTVf4IQ88ms09BkFH+YEsdedcwpPMrQXotkMU+QRJWM9Ri3jJ6EPVi JMGg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1725736834; x=1726341634; h=content-transfer-encoding:in-reply-to:from:content-language :references:to:subject:user-agent:mime-version:date:message-id :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=6zByH2onN+x5hKJldswyZE2WtIJ/l1M9AAhYKZ8Ebhs=; b=l4lee5bjx1ZfE3nHZ5JXO1LtBKVVZYTKsxwYsaEzwtjovuD8sbsbqA0UruLlt0Ignu 1hsnlzsrSYmSy2RAW8oYIIgx5GLSwNamMauko5vd9cJJGbV//Q8yhH+4o/Vd0LMMd8fs aGTd4oUKTskzknMG5H88OK2/8DVYh5aFIwIDLE65f7QQtLIrG2P07+rPCYno2JAmnnS1 KIZchwtfyaISHASzTLqyQLlTLzjmrBxQGOSdyIO2EFwxoCADOJjo7JlNkvHOMpGiT+7K +rZ3hM2YkhjB26JxIyA2k8VJODQTB/EiHo8CopTMnM5GmUzemyQ9HrUSD8JpchRB1IMd X/Mw== X-Gm-Message-State: AOJu0Yz2+0EnXLCDDWIX5cbBsfyrFsJU8leYMXoMum+nDx7661gTTPoG jjUhYPU4XuVrfH/klEqCXaoZmD+c+SA5OS0elculz/nmgPzrd7ccXP1pZA== X-Google-Smtp-Source: AGHT+IHlalQDhL9XuH1+15fOAvLjQ8PdhaluJOK5LeodUO1pv134cj9T0aGHQqW0V4378td1BzJNuQ== X-Received: by 2002:a05:600c:4e4e:b0:42c:a580:71cf with SMTP id 5b1f17b1804b1-42cad87eed8mr21953405e9.30.1725736833555; Sat, 07 Sep 2024 12:20:33 -0700 (PDT) Received: from ?IPV6:2a01:cb15:801f:7500:1aa9:5ff:fe16:2efb? ([2a01:cb15:801f:7500:1aa9:5ff:fe16:2efb]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-42caeb43d73sm24225405e9.24.2024.09.07.12.20.33 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Sat, 07 Sep 2024 12:20:33 -0700 (PDT) Message-ID: <5d707cd5-ee31-4cce-98b7-3826e891a2dd@gmail.com> Date: Sat, 7 Sep 2024 19:20:32 +0000 List-Id: Technical discussions relating to FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-hackers List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-hackers@FreeBSD.org MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: The Case for Rust (in any system) To: freebsd-hackers@freebsd.org References: <202409060725.4867P3ul040678@critter.freebsd.dk> <4E4FB8CC-A974-42C4-95D5-2E1E4BF681AD@freebsd.org> Content-Language: en-US From: Paul Floyd In-Reply-To: <4E4FB8CC-A974-42C4-95D5-2E1E4BF681AD@freebsd.org> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Spamd-Bar: --- X-Spamd-Result: default: False [-3.98 / 15.00]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_SHORT(-0.99)[-0.994]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; R_SPF_ALLOW(-0.20)[+ip6:2a00:1450:4000::/36]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20230601]; MIME_GOOD(-0.10)[text/plain]; XM_UA_NO_VERSION(0.01)[]; RCVD_TLS_LAST(0.00)[]; MIME_TRACE(0.00)[0:+]; FREEMAIL_ENVFROM(0.00)[gmail.com]; TO_MATCH_ENVRCPT_ALL(0.00)[]; FREEMAIL_FROM(0.00)[gmail.com]; RCPT_COUNT_ONE(0.00)[1]; ARC_NA(0.00)[]; FROM_HAS_DN(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com:dkim]; TO_DN_NONE(0.00)[]; RCVD_COUNT_TWO(0.00)[2]; FROM_EQ_ENVFROM(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+]; PREVIOUSLY_DELIVERED(0.00)[freebsd-hackers@freebsd.org]; MID_RHS_MATCH_FROM(0.00)[]; MLMMJ_DEST(0.00)[freebsd-hackers@freebsd.org]; ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US]; RCVD_VIA_SMTP_AUTH(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[2a00:1450:4864:20::333:from] X-Rspamd-Queue-Id: 4X1NGq2zCYz4mHb On 06-09-24 07:41, David Chisnall wrote: > On 6 Sep 2024, at 08:25, Poul-Henning Kamp wrote: >> >> I will also note that almost all the blame for C's current status >> lies with the standardization efforts, which almost seem hell-bent >> on destroying the language rather than improving it. > > As someone who is involved with C++ standardisation and so periodically hears things from WG14, my impression is that the people who care about the things that you list have all moved to C++, where they were solved problems at least a decade ago. The people still actively driving C are the people who didn’t leave because they don’t want these things (and, increasingly, C++ people who just want to make sure that C doesn’t diverge too much from being a subset of C++). +1. SG23. There is one prominent case of someone moving from C++ to C standardization to get a proposal that was rejected in C++ adopted in C. I have seen some papers with proposals to improve C's memory safety but I doubt that they will ever get off the ground. C++ code that follows the core guidelines is already very substantially more secure than C. SG23 is working on improvements. > It’s trivial to write a packed struct in C++ where the fields are all BigEndian that do byte swapping on implicit conversion to and from T, for example. Integer ranges can be implemented in the same way and there is a proposal to add them to the standard library that looks nice (the ranged integers are a small part, the proposal is mostly about units and quantities). > > Having written a kernel in C++ Out of curiosity, did that mean limiting the ABI use (no RTTI or exceptions). Did it also allow using different compilers (say clang and GCC)? > and worked on two in C, and read a reasonable amount of one written in Rust, I am firmly of the opinion that C is absolutely the worst choice for writing a kernel. This was not true in the ‘80s and it wasn’t true even 15-20 years ago, so the question is how to move from where we are to where we should be. The strategy document that I coauthored at Microsoft recommended the following: > > - C++ conforming to the Core Guidelines and with static analysis for existing C/C++ projects with the C parts incrementally migrated to C++. > - Rust, C#, or TypeScript for new projects and discrete new components with well-defined interface boundaries. > - No new C code, except in open-source projects that accept only C contributions. Sounds like good suggestions to me. A+ Paul