Rust is hard/simple. The rules aren't complex. The constructs aren't complex. But it's hard to write because the rules are very restrictive.
Rust is also much easier to read than write (for a reader who understands the rules).
It's optimising for exactly the things you want in systems programming:
Easier to read than the write.
Simple rules that are easy to understand but hard to follow, and that produce simple programs.
Compare that to C which is easy/complex. It's much easier to write than to read. It's easy to learn and write but produces code that's very complex. The rules are all by convention instead of part of the type system.
> Maybe the answer for more secure kernel code is C with better security analysis tools?
Perhaps like a way of expressing the constraints of a program and automatically checking if portions of a program satisfy those constraints. Aka a type checker.
> the relatively simple nature of C is what makes it suitable for large scale kernel development
the relatively simple nature of any language would make it suitable for ANY large scale development
I dont know why you attribute this to kernel development specifically. When you think about kernel development, the uniqe requirement is never "being simple". I would think it has something to do with being closer to bare metal and can do low level instructions performantly.
Hard to learn does not necessarily equate to hard to read. You don't need to learn to work with Rust's borrow checker to understand a bit of code, but figuring out how to change it might take longer.
"Windows NT is written in C and C++, with a very small amount written in assembly language. C is mostly used for the kernel code while C++ is mostly used for user-mode code. Assembly language is avoided where possible because it would impede portability."
> wil was primarily developed by the Windows shell team for writing usermode code, but the NDIS and Bluetooth teams have contributed some small kernel-specific features. Here's a few examples of how you can use wil in your kernel driver:
andrewstuart|2 years ago
Kernel code should be easily readable and understandable, shouldn’t it?
If Rust is complex and hard to understand won’t that lead to the kernel source code becoming a giant kablooie of complexity?
Surely the relatively simple nature of C is what makes it suitable for large scale kernel development.
Maybe the answer for more secure kernel code is C with better security analysis tools?
TypesWillSaveUs|2 years ago
Rust is hard/simple. The rules aren't complex. The constructs aren't complex. But it's hard to write because the rules are very restrictive.
Rust is also much easier to read than write (for a reader who understands the rules).
It's optimising for exactly the things you want in systems programming:
Easier to read than the write. Simple rules that are easy to understand but hard to follow, and that produce simple programs.
Compare that to C which is easy/complex. It's much easier to write than to read. It's easy to learn and write but produces code that's very complex. The rules are all by convention instead of part of the type system.
duped|2 years ago
> Maybe the answer for more secure kernel code is C with better security analysis tools?
Perhaps like a way of expressing the constraints of a program and automatically checking if portions of a program satisfy those constraints. Aka a type checker.
nsonha|2 years ago
the relatively simple nature of any language would make it suitable for ANY large scale development
I dont know why you attribute this to kernel development specifically. When you think about kernel development, the uniqe requirement is never "being simple". I would think it has something to do with being closer to bare metal and can do low level instructions performantly.
dist-epoch|2 years ago
And the number of bugs per line of code is constant, so you will have more bugs in C code than in Rust code simply because you'll have more code.
onei|2 years ago
aleph_minus_one|2 years ago
That is why in the Windows kernel, according to https://en.wikipedia.org/w/index.php?title=Windows_NT&oldid=..., C++ is rather avoided, and C is preferred for kernel code (for user-mode code, the priorities are reversed):
"Windows NT is written in C and C++, with a very small amount written in assembly language. C is mostly used for the kernel code while C++ is mostly used for user-mode code. Assembly language is avoided where possible because it would impede portability."
pjmlp|2 years ago
C++ supported in the kernel since Vista,
https://learn.microsoft.com/en-us/cpp/build/reference/kernel...
"The new wil library for C++ code in drivers"
https://community.osr.com/discussion/291326/the-new-wil-libr...
> wil was primarily developed by the Windows shell team for writing usermode code, but the NDIS and Bluetooth teams have contributed some small kernel-specific features. Here's a few examples of how you can use wil in your kernel driver: