Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 10 Sep 2024 10:11:54 -0500
From:      Kyle Evans <kevans@FreeBSD.org>
To:        Tomoaki AOKI <junchoon@dec.sakura.ne.jp>
Cc:        freebsd-hackers@freebsd.org
Subject:   Re: The Case for Rust (in any system)
Message-ID:  <c8b52bcd-725d-473e-a30c-a611b9c2e44c@FreeBSD.org>
In-Reply-To: <20240910234949.85d5a48c9b9f7bcf945794fc@dec.sakura.ne.jp>
References:  <CAOtMX2iCNX5OkdeghnbmcMrO0UYWwm4zfxFSZGznOznu%2Bmh5rA@mail.gmail.com> <49239d9a-aece-4b6b-b896-d7b4899149fc@FreeBSD.org> <20240910234949.85d5a48c9b9f7bcf945794fc@dec.sakura.ne.jp>

next in thread | previous in thread | raw e-mail | index | archive | help
On 9/10/24 09:49, Tomoaki AOKI wrote:
> On Mon, 9 Sep 2024 16:11:40 -0500
> Kyle Evans <kevans@FreeBSD.org> wrote:
> 
>> On 9/5/24 13:09, Alan Somers wrote:
>>> By now I expect that most of you have seen the long list of new
>>> security advisories that just came out.  Strikingly, all were the
>>> result of memory handling errors.  And none of them wouldn't have
>>> happened if their respective programs had been written in a
>>> memory-safe language.
>>>
>>> In fact, of all the C bug fixes that I've been involved with (as
>>> either author or reviewer) since May, about three quarters could've
>>> been avoided just by using a better language.
>>>
>>> The real takeaway here is that C is no longer sufficient for writing
>>> high quality code in the 2020s.  Everyone needs to adapt their tools.
>>> Programmers who don't will increasingly come to resemble experimental
>>> archaeologists, i.e. people who learn flintknapping to "keep the
>>> knowledge alive".  Such people are valuable, but definitely niche.  I
>>> for one don't want my career to go in that trajectory.
>>>
>>> To summarize, here's the list of this week's security advisories, and
>>> also some other recent C bug fixes of my own involvement:
>>   > [... snip ...]
>>
>> If even half of the energy that has gone into these threads would've
>> been spent on a proof-of-concept rust-xtoolchain implementation with
>> some motivating cases instead, we'd be in a lot better place to actually
>> have these conversations.
>>
>> Thanks,
>>
>> Kyle Evans
> 
> Shawn would be working on the PoC now. Let's see how it goes.
> 
> The worst is that the work is rejected AFTER it's almost done.
> It's clearly wastes of times/efforts.
> 

IMO if (general) you did enough work that you're angry about it being 
rejected, then you probably did way more than you should've for the 
stage we're at.  If you're rewriting major utilities/daemons for a PoC / 
talking point, then you're doing it wrong.

> My guess about this thread is that it is needed to determine what is
> acceptable, what's not, what's needed to be confirmed.
> 

Except it's been increasingly clear even before this discussion fired up 
again that a large chunk of the people involved don't have a good point 
of reference to even have this discussion.  You're wearing them down on 
the topic before you even have something to point at and say "Hey, this 
is what it might look like" and maybe a roadmap for some of the 
low-hanging fruit for things we can improve with it.

> Clarifying the above as much as possible before starting the work is
> a good thing. Now we know how many pros&cons exists, and what are
> proposed as possible alternatives. Unfortunately, it's still "chaotic"
> and maybe need some more times.
> 
> And discussions are ongoing at forums.frebsd.org, too. [1]
> It already is quite a long thread.
> 
> 
> [1]
> https://forums.freebsd.org/threads/the-case-for-rust-in-the-base-system.92024/
> 

I'd go as far as to say that none of this is all that useful until we 
can evaluate how much pain we're in for in trying to add this 
dependency, but we're apparently more interested in discussing it to 
death without putting in the effort to demonstrate the feasibility 
through bare minimum integration.

It's not very encouraging for future work in the area between that and 
also that the request made months ago for something tangible to point at 
to discuss further was answered by exactly one person who's already 
terribly busy.  It's great that he's trying to make time, but you 
would've thought from these threads that *someone*, *anyone* would have 
made time with all of this demonstrated passion if they really cared 
enough to push it forward.

We've been able to use C++ in base in a safer fashion for years and that 
simply has not happened, so one has to question the interest in 
alternatives.

Thanks,

Kyle Evans



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?c8b52bcd-725d-473e-a30c-a611b9c2e44c>