These are server CPUs, not something you wanna put in your laptop or desktop.
These are server CPUs, not something you wanna put in your laptop or desktop.
What? You can easily escape from it if there are better alternatives you can use.
So there is no general escape hatch.
Pointing at one language and saying it is not easy to code like it is another language is a pointless argument.
I’m not arguing that it is easier to code in C# than in Rust, just that this particular escape hatch is possible in C# and not in Rust. It’s just an observation.
They all differ for good reasons and as long as you can solve similar problems in both, even if in different ways then what does it matter that you cannot do it in the same way?
It does not really matter, but does it have to?
This is a kind of stupid example, but imagine you have to implement some external trait (e.g. in order to work with some dependency) with the following shape:
trait Foo {
fn foo(&self, i: usize) -> &Bar;
}
Which is not too unreasonable, for example it’s very similar to the stdlib’s Index
. In order to implement this trait you must return a reference, you can’t return e.g. a Cow
or an Arc
. The fact that it takes a parameter means there might not even be one single value it has to return, so you can’t even cache that inside of self
with e.g. LazyLock
.
Of course I’m not saying I would try to reach for an escape hatch if I had to do something like this. I would first try to see if this is an intrinsic problem in my code, or if maybe I can change the crate I’m working with to be more permissible. That is, I would try to look for proper solutions first, though Cow
might not always work for that.
You dont write code like this in rust.
I perfectly agree, that would be horrible code! I would generally try to restructure my code, making it better fit the actual lifetimes of the data I’m working with. The point in the article is that you can’t really escape from this. I’m not arguing this is a real problem, and I don’t think the article is neither, just pointing out that this is something you can easily do in C# and not in Rust. It’s just a difference between the two languages.
I can agree that the example function is not the best usecase. But the point still stand that there’s no realistic escape hatch from lifetimes and memory management in Rust.
Cow
does not work when you are actually required to return a reference, e.g. if you’re working with some other crate that requires that. Cow
also has some more strict requirements on reborrows (i.e. you can reborrow a &'short &'long T
to a &'long T
, but you can only reborrow a &'short Cow<'long, T>
to a &'short T
).
LazyLock
can solve very specific issues like static
, but is not a general escape hatch. Again, the example is not the best to showcase this, but imagine if you have to perform this operation for an unknown amount of runtime values. LazyLock
will only work for the very first one.
It’s a very different kind of borrow checking than Rust’s. For example there’s no mutability xor sharing checking, because mutability cannot invalidate memory (there’s still a GC in C# after all!). As such, Rust’s NLL (which are available in the 2015 edition too btw) don’t really make sense in C#.
(Note that I’m not the article author)
In this example, you could have just made a constant with value
0
and returned a reference to that. It would also have a'static
lifetime and there would be no leaking.
I believe the intention was to demonstrate something that works with runtime values too, and a constant 0 does not.
Btw you can just write &0
to do what you proposed, there’s no need for an explicit constant/static.
If you think this is normal then imagine what other people think of the linux community though!
But here’s the issue: the parent comment didn’t even provide reasons why they think Windows sucks or examples/episodes where this was a problem for them. It adds nothing to the discussion, just free hate.
Lots of major companies like Microsoft and IBM also contribute to Linux, it doesn’t make them saints nor even necessarily compare to what they get for using the volunteer dev work inside Linux.
Most of those companies actually contribute to the kernel or to foundational software used on servers, but few contribute to the userspace for desktop consumers on the level that Valve does.
Zig is “c”, but modern and safe.
Zig is safer than C, but not on a level that is comparable to Rust, so it lacks its biggest selling point. Unfortunately just being a more modern language is not enough to sell it.
So imagine if trying to fit in a C-like cousin failed
C++ was not added to Linux because Linus Torvalds thought it was an horrible language, not because it was not possible to integrate in the kernel.
CEO bonuses should be awarded 10 years after their mandate
Would it makes sense to provide a “share nothing” runtime implementation that can be injected at startup?
Isn’t this tokio::task::spawn_local
?
It also seems to require a GC though…
newxml is GC only, for simplicity sake.
Pointers are not guaranteed to be safe
So I guess they are forbidden in @safe
mode?
but it’s being replaced by something else instead
Do you know what is the replacement? I tried looking up DIP1000 but it only says “superceded” without mentioning by what.
This makes me wonder how ready D is for someone that wants to extensively use @safe
though.
For local variables, one should use pointers, otherwise
ref
does references that are guaranteed to be valid to their lifetime, and thus have said limitations.
Should I take this to mean that pointers instead are not guaranteed to be valid, and thus are not memory safe?
Note that Rust does not “solve” memory management for you, it just checks whether yours is memory safe. Initially you might rely on the borrow checker for those checks, but as you become more and more used to Rust you’ll start to anticipate it and write code that already safisfies it. So ultimately you’ll still learn how to safely deal with memory management, just in a different way.
Rust for Linux used to be developed in parallel to the mainline Linux before Linus Torvalds merged support in the main tree.
“safe by default” can be done by starting your files with
@safe:
Last time I heard about that it was much more limited than Rust, for example it even disallowed taking references to local variables. Has something changed since then?
But the one time I looked at a rust git repo I couldn’t even find where the code to do a thing was.
IMO that tells more about how the project was organized and names things than the language used.
So I think probably, the best way IS to go the way linus did. Just go ahead and write a very basic working kernel in rust. If the project is popular it will gain momentum.
As the other commenter pointed out, there’s Redox. The issue is that this completly disregards an incremental approach: you have to rewrite everything before it comes usable, you can’t do it piece by piece. Currently the approach of Rust for Linux is not even to rewrite things, but to allow writing new drivers in Rust.
Trying to slowly adapt parts of the kernel to rust and then complain when long term C developers don’t want to learn a new language in order to help isn’t going to make many friends on that team.
Have you seen the conference video? That’s not just refusal to learn a new language, it’s open hostility. And it’s not the only instance, for example Asahi Lina also reported unreasonable behaviour by some maintainers just because she wrote Rust code, even when Rust was not involved.
Do you apply the same reasoning for software that use javascript, the JVM, the CLR or some other kind of VM?