From nobody Mon Aug 5 22:46:51 2024 X-Original-To: freebsd-hackers@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WdBQ819YQz5Sr6r for ; Mon, 05 Aug 2024 22:46:56 +0000 (UTC) (envelope-from steffen@sdaoden.eu) Received: from sdaoden.eu (sdaoden.eu [217.144.132.164]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4WdBQ75Qznz4Fx0 for ; Mon, 5 Aug 2024 22:46:55 +0000 (UTC) (envelope-from steffen@sdaoden.eu) Authentication-Results: mx1.freebsd.org; none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sdaoden.eu; s=citron; t=1722898012; x=1723564678; h=date:author:from:to:cc:subject: message-id:in-reply-to:references:openpgp:blahblahblah:mime-version: content-type:content-transfer-encoding:author:from:subject:date:to:cc: resent-author:resent-date:resent-from:resent-sender:resent-to:resent-cc: resent-reply-to:resent-message-id:in-reply-to:references:mime-version: content-type:content-transfer-encoding:content-disposition:content-id: content-description:message-id:mail-followup-to:openpgp:blahblahblah; bh=pPIIJT/cx4y0XEqsPC4mcH6bueNtPorW24DhEnqpAc8=; b=H5sQP5yssouI3hwuKH7UOaoRWN5qFpSXlLsHIdkM5F6PxxlgqhVfUv1apcQN1z7eQyNaHX8x AmXnrXdphQyoykNiM1LPOs3/rIyXCT/qM8L/lppa5+gBl/b07hx/Co3ZVGONJY2klhwYtSE/US 3Zd0DIeoc7pIeSkR/505Mt43ZipW5d0xI6GQgd9XJHxtYMzgci8wKrV39fMg0VnXWSSUYw2Vt3 cBZPlcgF9sPk/fEhRg1H2VUH9jGvkN8gRdWb3pk0t4kt6R1+P/mGqWlYPypQrcT6ngY3gucsyF mOolgTwDD5Z5LzMuDjSb8A1wYtCizjGOPBX7IXqNIJFKaEIw== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=sdaoden.eu; s=orange; t=1722898012; x=1723564678; h=date:author:from:to:cc:subject: message-id:in-reply-to:references:openpgp:blahblahblah:mime-version: content-type:content-transfer-encoding:author:from:subject:date:to:cc: resent-author:resent-date:resent-from:resent-sender:resent-to:resent-cc: resent-reply-to:resent-message-id:in-reply-to:references:mime-version: content-type:content-transfer-encoding:content-disposition:content-id: content-description:message-id:mail-followup-to:openpgp:blahblahblah; bh=pPIIJT/cx4y0XEqsPC4mcH6bueNtPorW24DhEnqpAc8=; b=wCX2mdi+KT8XTqJDCTtx+NWINpD36qRUj7Ch7RNHphCxMurjdgSllqU6t6IhS2CCstsXyHyF nC2MN/KtMcNxAA== Date: Tue, 06 Aug 2024 00:46:51 +0200 Author: Steffen Nurpmeso From: Steffen Nurpmeso To: Warner Losh Cc: Poul-Henning Kamp , Cy Schubert , freebsd-hackers@freebsd.org, Bakul Shah Subject: Re: The Case for Rust (in the base system) Message-ID: <20240805224651.sDOyBurF@steffen%sdaoden.eu> In-Reply-To: References: <704D020F-78A4-4926-AE3C-41F7FD619A89@cschubert.com> <20240805210149.nrkHN3j3@steffen%sdaoden.eu> <202408052127.475LROnE067608@critter.freebsd.dk> <202408052206.475M6h8E067967@critter.freebsd.dk> User-Agent: s-nail v14.9.24-621-g0d1e55f367 OpenPGP: id=EE19E1C1F2F7054F8D3954D8308964B51883A0DD; url=https://ftp.sdaoden.eu/steffen.asc; preference=signencrypt BlahBlahBlah: Any stupid boy can crush a beetle. But all the professors in the world can make no bugs. List-Id: Technical discussions relating to FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-hackers List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-hackers@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Spamd-Bar: ---- X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:15987, ipnet:217.144.128.0/20, country:DE] X-Rspamd-Queue-Id: 4WdBQ75Qznz4Fx0 Warner Losh wrote in : |On Mon, Aug 5, 2024 at 4:06=E2=80=AFPM Poul-Henning Kamp \ |wrote: |> -------- |> Warner Losh writes: |>>>> Most user space tools could be written in lua. |>>> |>>> That /exact/ same argument was made for Perl :-) |>> |>> Lua's been in the base since I imported it for the boot loader, \ |>> though... |> |> Lua is is much more "language" than "eco-system", by design as I |> understand it, so that is a different situation than Perl or Rust. | |Indeed. The standard stuff is fairly small, and we're doing it all as |a 'private' library, so ports will never see what we pull in. | |I personally do not subscribe to to the "let's rewrite all the 50 |> year old source code to make it more safe" philosophy, but there |> are valid arguments when the old code is horrible. | |Plus we're writing new stuff only, and typically only where it makes |a lot of sense (lots of string processing). Plus we're keeping the scripts |as compatible with what little ecosystem there is so we can go back |and forth between the ports lua and the base flua. | |> But there are some wrinkles. |> |> First: Anything setuid/setgid is off-limits. |> |> There are good reasons why we dont have setuid shell-scripts (any more!) |> |> I guess with most systems being effectively single-user these days, |> that may not be as much a security focus as it was back in the 1990ies. | |Yea. No plans there. | |> Second: Performance. |> |> I cannot remember the exact subset of bin programs somebody did in |> Perl as proof of concept, but it slowed down buildworld a LOT to |> fire up all of Perl to do trivial stuff like "echo", "chown" and |> "mkdir". |> |> Lua may be cheaper than Perl, but it will still be measurable. | |Yea. I'm guessing you wouldn't notice, but why do that. There's |no benefit and only a myriad of ways to introduce new bugs |or non-posix conformance where we were conformant before. | |I'm definitely in the "why are we rewriting stuff in rust" because |it doesn't move the ball forward, really. At best it's a great leap |sideways, |maybe with marginally better actual safety. At worst, it's a great \ |leap into |a morass of almost compatible that causes great grief in the gaps, or |worse, has new security problems the old one didn't. So rewriting |for the sake of rewriting seems like a giant waste of resources. |Rewriting strategically to fix areas that have had safey issues |may be different, but cp.rst isn't going to be any better, than |cp.c in most aspects because cp.c has had 50 years to be |debugged. And 50 years makes up for a lot of danger |in the language.... So there may be things that we get some |advantage out of by doing a rewrite in rust, but I'm in the |'case by case basis' camp there: those cases where the cost / benefit |ratio is favorable should be considered. But they can't be |considered entirely in a vacuum because there's a non-zero |cost to rust in the base, even as an external toolchain. That sounds nothing but good. (I was not really serious at first btw.) =20 |Having said all that, I'd love to see us be able to make better of rust a= nd |new rust programs where it makes sense. That's why I've been |encouraging people to give it a go to show us the money. To |show up that we can integrate it (even if it is just a few lines in |Makefile.inc1 that builds everything, optionally, as part of |buildworld). That shows us we can keep the dependency hell |under control, that we can update things sanely (more ecosystem |here, not language). How much work is it to track the latest versions, |how do we deal with that as the number of new rust programs grow, |how do we deal with ABI stability, etc. And to show us if there's an |actual advantage to all of that over what we can do in ports, or what |we might do with pkgbase somehow. I'm unsure of the outcome of all |this, but I think it would be wrong to shout it down completely. To do |all that, people need room to experiment and show what's what. --steffen | |Der Kragenbaer, The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt) | | Only during dog days: | On the 81st anniversary of the Goebbel's Sportpalast speech | von der Leyen gave an overlong hypocritical inauguration one. | The brew's essence of our civilizing advancement seems o be: | Total war - shortest war -> Permanent war - everlasting war