Speculative: Rust for base system components

Conrad Meyer cem at freebsd.org
Mon Dec 31 21:29:40 UTC 2018 

Hi Eric,

I don't disagree that C++ is worse than Rust in that regard.  I just
don't believe Rust is enough better to be a suitable *C* replacement
(it's a perfectly fine C++ replacement).

Things that are closer to suitable might be:

1. Enabling stronger C semantics and runtime enforcement over existing
code.  It might be possible to enable globally and selectively disable
only on performance sensitive code, while still covering the majority
of the system.  Some work has been done by the Cambridge academics as
part of CHERI / Cerberus / REMS ("Rigorous Engineering for Mainstream
Systems").  A demo of Cerberus is online at
http://cerberus.cl.cam.ac.uk/cerberus ; press 'forward' a few times.
Or it could be something else (UBSan and ASan on security-critical
userspace programs?).  But the migration path from existing code is
more clear and requires less "throw away the world" as step 1.

2. Ziglang seems somewhat promising.  It's still immature and I am
certainly not claiming the pros of rewriting components or including
new compilers in base outweigh the cons.  But its aims are closer to C
than C++ or Rust (simplicity, no operator overloading) and that seems
a better fit.  It is also based on LLVM, which comes with some of the
same drawbacks as Rust (or Clang, for that matter) re: toolchain build
time and supported architectures.  https://github.com/ziglang/zig

Best,
Conrad

On Mon, Dec 31, 2018 at 9:59 AM Eric McCorkle <eric at metricspace.net> wrote:
>
> On 12/31/18 1:56 AM, Conrad Meyer wrote:
> > Rust has many of the exact same problems C++ has.  Sure, it avoids a
> > few classes of issue.  But it doesn't fix the classic C++ problems of
> > extremely slow build times (if you think C++ is bad, Rust is worse)
> > and having a kitchen sink of language features that make Rust and C++
> > code difficult to grok.
>
> I would debate the kitchen sink claim.  For one, Rust benefits from a
> solid understanding of type systems that didn't exist when C++ was
> created.  Proper parameterized types are a significant improvement over
> C++ templates (the same holds for Java's generics, but that's
> tangential).  This alone reduces the complexity of the language (and its
> error messages) considerably.  While I give C++ slack on the issue of
> templates because Somebody Had To Go First, that doesn't mean I relish
> the idea of writing C++ code.
>
> Beyond that, the C++ standardization process these days is seemingly
> aiming at bringing everything under the sun into the language itself,
> whereas Rust went for a syntax extension system and an overall language
> design that avoids the need to graft everything into the language
> itself.  (Side note: as much as I loathe macros in programming
> languages, Rust actually seems to have produced a reasonable macro-like
> system)
>

More information about the freebsd-hackers mailing list