Date: Mon, 31 Dec 2018 13:21:02 -0800 From: Conrad Meyer <cem@freebsd.org> To: Eric McCorkle <eric@metricspace.net> Cc: "freebsd-hackers@freebsd.org" <freebsd-hackers@freebsd.org> Subject: Re: Speculative: Rust for base system components Message-ID: <CAG6CVpW9takjMQvxYLG-ynvDjgeJ8T%2BSQ07FAQB0QiGjpKKXDQ@mail.gmail.com> In-Reply-To: <414c837f-4b06-b6dc-468c-8bbbc8ad8c59@metricspace.net> References: <ca76e5f7-6e59-bd67-144a-90ad66f0252e@metricspace.net> <CAG6CVpV0kxupmkhHiYBT05Yfst6uNtbUyYUzG95Zwcbk9F3K0Q@mail.gmail.com> <414c837f-4b06-b6dc-468c-8bbbc8ad8c59@metricspace.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Eric, I don't disagree that C++ is worse than Rust in that regard. I just don't believe Rust is enough better to be a suitable *C* replacement (it's a perfectly fine C++ replacement). Things that are closer to suitable might be: 1. Enabling stronger C semantics and runtime enforcement over existing code. It might be possible to enable globally and selectively disable only on performance sensitive code, while still covering the majority of the system. Some work has been done by the Cambridge academics as part of CHERI / Cerberus / REMS ("Rigorous Engineering for Mainstream Systems"). A demo of Cerberus is online at http://cerberus.cl.cam.ac.uk/cerberus ; press 'forward' a few times. Or it could be something else (UBSan and ASan on security-critical userspace programs?). But the migration path from existing code is more clear and requires less "throw away the world" as step 1. 2. Ziglang seems somewhat promising. It's still immature and I am certainly not claiming the pros of rewriting components or including new compilers in base outweigh the cons. But its aims are closer to C than C++ or Rust (simplicity, no operator overloading) and that seems a better fit. It is also based on LLVM, which comes with some of the same drawbacks as Rust (or Clang, for that matter) re: toolchain build time and supported architectures. https://github.com/ziglang/zig Best, Conrad On Mon, Dec 31, 2018 at 9:59 AM Eric McCorkle <eric@metricspace.net> wrote: > > On 12/31/18 1:56 AM, Conrad Meyer wrote: > > Rust has many of the exact same problems C++ has. Sure, it avoids a > > few classes of issue. But it doesn't fix the classic C++ problems of > > extremely slow build times (if you think C++ is bad, Rust is worse) > > and having a kitchen sink of language features that make Rust and C++ > > code difficult to grok. > > I would debate the kitchen sink claim. For one, Rust benefits from a > solid understanding of type systems that didn't exist when C++ was > created. Proper parameterized types are a significant improvement over > C++ templates (the same holds for Java's generics, but that's > tangential). This alone reduces the complexity of the language (and its > error messages) considerably. While I give C++ slack on the issue of > templates because Somebody Had To Go First, that doesn't mean I relish > the idea of writing C++ code. > > Beyond that, the C++ standardization process these days is seemingly > aiming at bringing everything under the sun into the language itself, > whereas Rust went for a syntax extension system and an overall language > design that avoids the need to graft everything into the language > itself. (Side note: as much as I loathe macros in programming > languages, Rust actually seems to have produced a reasonable macro-like > system) >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAG6CVpW9takjMQvxYLG-ynvDjgeJ8T%2BSQ07FAQB0QiGjpKKXDQ>