Just C. Rust has a lot of problems for serious low level work imo and suffers from a lot of the same classes of problems C++ does, and there aren't many other candidates. A simple microkernel should be fairly straightforward to write in C without any big security concerns, especially in the hands of a multi-billion dollar company. You offload most of the security work to the architecture.
> Rust has a lot of problems for serious low level work
Could expand on where it suffers? I've been playing around with Rust in the embedded space (nothing serious at all); I find it to be as elegant in a nonstd situation as it is in standard high level app development.
> and suffers from a lot of the same classes of problems C++ does,
What are those classes of problems? C++ never offered a safe alternative to C, but did offer some eases of use and stronger typing over C.
Rust on the other hand has a huge amount to offer over C. At no point in my Rust work do I ever wish I was working with C, quite the contrary. But I like strongly typed languages, Rust is definitely not for those that dislike types.
>Could expand on where it suffers? I've been playing around with Rust in the embedded space (nothing serious at all); I find it to be as elegant in a nonstd situation as it is in standard high level app development.
By "the embedded space" do you mean "devices running Linux with Rust in userspace?" Because that's much higher level than what I'm talking about, and has very different design concerns from those of a general purpose operating system.
My main beef with Rust for low level development is that Rust is way more complicated than it should be. IMO for serious low level programming Rust should have 1/10th the featureset. It also has issues dealing with the weird data structures that tend to come up in low level contexts in my experience. Rust also has the shiny fad status working against it IMO. If, say, 5% of C hackers understand low level programming and/or kernel hacking, then maybe 0.5% of Rust hackers do (if that).
>What are those classes of problems? C++ never offered a safe alternative to C, but did offer some eases of use and stronger typing over C.
It comes back to complexity and typing. There's nothing wrong with strongly typed languages (of which C is a member), but I strongly dislike object oriented languages and paradigms. Especially in low level contexts it's like forcing a square peg into a round hole. Other features C++ brings to the table like operator overloading and templates are antifeatures, doubly so in a kernel hacking context. Many of the same patterns of unnecessary complexity introduced by C++ are also present in Rust.
C is boring, but it's also transparent and straightforward. Ergonomics takes a backseat to simplicity in C, which is a compromise I'd take any day.
People often make this statement, but I don't know exactly what it means. The type system is great for writing finite state machines, which I'm finding to be a nice quality for the toy programs I've written on Tock.
> Rust also has the shiny fad status working against it IMO.
Rust is 2 years into it's stable life. It's young, will it ever exceed the number of lines written than C or C++, almost definitely not, but I wouldn't dismiss it off-hand because people like it, there might be a good reason for that.
> If, say, 5% of C hackers understand low level programming and/or kernel hacking, then maybe 0.5% of Rust hackers do (if that).
I wonder about this statement. I've noticed quite a large number of people in the community working with Rust in the embedded space. According to the people who responded to the Rust survey this year, https://blog.rust-lang.org/2017/09/05/Rust-2017-Survey-Resul..., it was nearly 17%.
> C is boring
I've met more undefined behavior that makes me not agree.
> > Rust is way more complicated than it should be
> People often make this statement, but I don't know exactly what it means.
I can't speak for op, but you're right: people often make this statement. I'll try to explain what I might mean:
C is way more complicated than it should be.
The things we want in a language are tools that allow us to tell the computer what to do, but because people are bad at that, language design is taking us in the direction of telling the computer what we mean so it can tell us whether we're talking gibberish or not.
I don't need a type system. I don't need "warnings" about converting floats to chars: I know what I'm doing and why. I have a good idea what kind of machine code the compiler is producing, and yes: I often objdump to make sure.
If I need a FSM, I'll use erlang. If I need any kind of data processing, I'll probably use K/Q where I can. I can write some fast stuff in C where I need it. If I just need to bosh some stuff together I have perl. Maybe I want to fantasize about a DSL? It'll probably be a lisp or a forth. If I wanted a strong type system for units I want to get from some model nerds, I'll use OCaml.
I don't see the point in Rust when doing these things takes more code and runs slower, and worse:
> Rust is 2 years into it's stable life. It's young.
I got burned by Python when it was" two years into its stable life" sometime around 1.5 and again around 2.2, and so I hesitate even looking at rust unless in a decade it can still run and compile rust programs written today.
This whole "let's rewrite everything in rust" is good practice. I'm watching you guys do it, and I know afterwards you'll try to beat the performance I'm getting in other languages.
Once you're writing programs that are smaller and faster than me, then we'll probably talk.
> C: I've met more undefined behavior that makes me not agree.
I don't write C like most people, so perhaps I don't have trouble with it like most people. My C programs don't leak memory or crash, and I tend to use a belt+braces approach to security that is very difficult in languages without good multiprocess support.
> I don't need a type system. I don't need "warnings" about converting floats to chars: I know what I'm doing and why.
No, you don't.
Regardless of your skills and seniority (I'm guessing pretty junior with this kind of hubris), there will come a time where you will make mistakes that can be caught by a good compiler. You want this compiler at your side, and the more statically typed your language is, the more robust your code will be.
> Once you're writing programs that are smaller and faster than me, then we'll probably talk
What a strange metric. Assembly language would probably meet these requirements but surely, you would not consider it.
I've been programming professionally for almost thirty years at this point.
That's admittedly long enough to get some peculiar ideas about programming, but there's a certain kind of person that thinks "statically typing" is a panacea for programming mistakes -- or even that there's a single solution for anything at all...
I wouldn't trust anyone who thinks a solution is a panacea in the software field, but having type annotations demonstrably leads to not just more correct code but also code that can be understood better by its surrounding tooling, thereby enabling automatic refactorings, auto completion, smart browsing, optimizations, etc...
Static typing is not perfect but it's better in all respects than dynamic typing.
Can you point to these Stac-M3 results and maybe at least mention that language? I wasn't able to find it.
Static languages are universally recognized and demonstrated as faster than dynamically typed languages, even if you claim to have found one rare exception. This is not just an opinion, it's scientific and objective fact.
But please share with us that code that runs more quickly on a dynamic language than a static language for you, I am genuinely curious (and equally curious to find out if you just made this up).
The first item on the list is written in an interpreted language.
> This is not just an opinion, it's scientific and objective fact.
I've just demonstrated two counterexamples, so it's clearly not "scientific and objective fact". Indeed I've never met anyone who even thought Rust would outperform an experienced C programmer in programmer speed, program runtime, and low program size.
>The first item on the list is written in an interpreted language.
Could I see the code? Because I'm pretty sure you can't write a fast numeric code without the knowledge of which type you will get on input. That's why fortran still rocks and we do nat have anything beyond fortran, c and c++ in the field of computation.
> Because I'm pretty sure you can't write a fast numeric code without the knowledge of which type you will get on input. That's why fortran still rocks and we do nat have anything beyond fortran, c and c++ in the field of computation.
You're not far off.
The first trick is that even though `x` can have any type, `x[4]` and `x[5]` must have the same type. This kind of array whilst uncommon in Python is extremely common in array languages. Array languages tend to have a lot of vector operators (and so therefore are very competitive users of the AVS512 instruction set) which tend to be very fast. Programmers of array languages also tend to avoid things like loops and branches -- indeed you might enjoy http://nsl.com/ if you want to expand your mind a bit on that point.
The second trick is that an interpreter can be made very small. If you can get your entire program and the interpreter into L1 then you do not stall the CPU while your program fetches various parts of itself from memory. This is a trick languages like Fortran and C and C++ don't miss per-se, a very experienced programmer can usually identify the hotspots and optimise the hotpath for these things, but it is very time consuming to do this when your entire program is the hotpath!
> That's the first link I found and it says nothing about a benchmark
Except the first paragraph:
The STAC-M3 Benchmark suite is the industry standard for testing solutions that enable high-speed analytics on time series data, such as tick-by-tick market data (aka "tick database" stacks).
I'm not going to bother any further with such an obvious troll.
So more of the "Arduino like" embedded space. That also has little to do with the design constraints of a general purpose operating system.
>People often make this statement, but I don't know exactly what it means. The type system is great for writing finite state machines, which I'm finding to be a nice quality for the toy programs I've written on Tock.
Rust gets new features daily [1]. C gets new features every decade if we're lucky.
>I wonder about this statement. I've noticed quite a large number of people in the community working with Rust in the embedded space. According to the people who responded to the Rust survey this year, https://blog.rust-lang.org/2017/09/05/Rust-2017-Survey-Resul..., it was nearly 17%.
Embedded space != kernel hacking, as I've already pointed out.
> That also has little to do with the design constraints of a general purpose operating system.
Does it not? It's the same issue around no-stdlib, stricter sense of allocated memory, etc. If it isn't something that I can extrapolate from you'll have to explain better why. It's been a while since my CS courses on operating systems.
> Rust gets new features daily [1]. C gets new features every decade if we're lucky.
Yes, this is an age thing. I'm sure in it's infancy, C was gaining features and changing rapidly. For example, C changed significantly early on it's syntax from K&R to Ansi. C compilers have to support that.
It's reasonable to say that the language isn't ready for your use, but the features that are being gained are all related to areas around ease of use of the language, making it easier to get started and lower the initial learning curve. They seem important. By the way, you linked to the RFC repo instead of the language repo: https://github.com/rust-lang/rust/commits/master. The language does have a lot of features that make it into the nightly branch, but those take a long time to bake until they're promoted to stable.
> Embedded space != kernel hacking, as I've already pointed out.
I thought we were talking about low-level programming, not explicitly Kernel hacking. Yes, Arduino and it's ilk are definitely not full OS'.
All of those projects seem very interesting. For Linux drivers, there was this exploratory project I saw a while back: https://github.com/tsgates/rust.ko (hasn't been touched in a while).
So people are doing it and seem to be enjoying it.
>Does it not? It's the same issue around no-stdlib, stricter sense of allocated memory, etc.
No, because a general purpose OS has to do that and effectively, securely, and performantly manage userspace access to those resources (including hardware resources, which you didn't mention). It also has to facilitate secure and performant interactions between userspace programs. Beyond kernel hacking you also have to do some serious work on userspace design, especially if you have a microkernel. This is an entirely different domain than embedded programming usually deals with.
>Yes, this is an age thing. I'm sure in it's infancy, C was gaining features and changing rapidly. For example, C changed significantly early on it's syntax from K&R to Ansi. C compilers have to support that.
Sure, but that doesn't make my argument less compelling. Rust may follow the same path but that's years out and IMO they've already gone too far.
>The language does have a lot of features that make it into the nightly branch, but those take a long time to bake until they're promoted to stable.
But not before the ecosystem runs with it and ships packages that require you to use a nightly compiler to be productive, in my experience. Not to mention that several projects still build the compiler themselves!
I have some opinions about projects like Redox but I'm out of time.
OP is talking about a bare-metal world where you might care about things like:
- how many instructions execute between an interrupt trigger and your vector getting executed
- if some piece of data is getting stored in text, data, or runtime space (harvard v single address spaces can make things weird)
- minimizing or not using a stack to avoid clobbering your puny memory
- other misc. things that even hardware vendors don't make easy (or sometimes possible) to find
Honestly I don't think that even C is great for these things, but I mostly blame hardware vendors/architects for this situation. They all like to roll their own standards for documentation, language interfaces, etc. Sometimes it feels like a competition to see who can come up with the worst.
I have been working on writing my own OS in rust for the past few months, and the main thing I have had the most difficulty with is Rust itself. The package management is so much better than C, dependencies are easier, and it was honestly easier to get working compared to C++. The fact that they nicely have separated rust core and std so that I don't have to deal with things randomly breaking because of something I haven't implemented. The abstractions that Rust offers I don't feel suffer the same problems as C++ because they are much more straightforward to use and just make sense from an object oriented programming perspective.
Rust itself is so inherently different from other a language like C that it takes a long time to truly understanding lifetimes and the borrow checker to the point where you are actually making use of the languages features.
The straightforwardness of C is really where it shines, and for me at least Rusts biggest upside is also its biggest downside, because learning to write good Rust is not an easy process.
