Linus Torvalds: Speaks on the Rust vs C Linux Divide
(www.youtube.com)
from pnutzh4x0r@lemmy.ndlug.org to linux@lemmy.ml on 18 Sep 2024 21:12
https://lemmy.ndlug.org/post/1134308
from pnutzh4x0r@lemmy.ndlug.org to linux@lemmy.ml on 18 Sep 2024 21:12
https://lemmy.ndlug.org/post/1134308
Linus Torvalds Speaks on the the divide between Rust and C Linux developers an the future Linux. Will things like fragmentation among the open source community hurt the Linux Kernel? We’ll listen to the Creator of Linux.
For the full key note, checkout: Keynote: Linus Torvalds in Conversation with Dirk Hohndel
The Register’s summary: Torvalds weighs in on ‘nasty’ Rust vs C for Linux debate
threaded - newest
I don’t want to watch a video about it.
I’d like to know it, but a couple of sentences wouldn’t have hurt
Rust is harder to write but infinitely safer, and equivalent in speed.
It’s harder to write because it forces you to be careful.
It forces you to be careful in the way it wants you to be careful. Which is fine, but it makes it a strange beastie for anyone not used to it.
Yes
But the trade off is well worth it.
For who?
You
It can be, sure. I prefer garbage collectors but I’m not doing systems programming.
I feel like a garbage collector would be too much a performance hit for kernel stuff.
2 things:
It’s more the determinacy, a GC randomly fires up and your systems stops for some long amount of time. There are pauseless GCs but that’s a different nightmare.
The kernel has things similar to GCs. They’re used for more specialized tasks, and some (like rcu) are absolute nightmares that have take decades to get working.
it’s more “it forces you to make it burrow checker friendly”.
A burrow checker is not the only mechanism to write safe code. All the mess of Rust is all because this is the strategy they adopted.
And this strategy, like everything in this world, has trade offs. It just happens that there are a lot, like, - a lot -, of trade offs, and those are insufferable when it comes to Rust…
Borrow* checker, btw
Gotta watch out for those rabbits messing with your kernel
And because it looks like C, JavaScript, Bash and a few others all mixed up together.
I’ve heard Rust described as “Rust is what you get when you put all the good features of other programming languages together. You can’t read it, but it’s freaking fast!”
why does it look like bash?
Looking back on my comment, I don’t know why I was thinking of Bash. It does look a lot like JavaScript/Typescript, and C.
C is easier to get a program to compile. Rust is easier to get a program working correctly.
FWIW, it’s a 9 min video and doesn’t contain anything earth shattering or easily summarized. Basically there is some friction between C and Rust devs, and Linus doesn’t think that it’s such a bad thing (there has be interesting discussion) and it’s way too early to call Rust in the kernel a failure.
Thx!
This summary seemed pretty good though.
1, 90 or 9 minutes, in any case it needs a speaker to be watched, and often mobile data cap when not at home.
and a fair amount of rewinds for a lot of non-native english
speakersknowersYouTube has a transcribe feature you could use. Or you could keep scrolling if this content isn’t relevant to you.
I also dont like videos for this stuff. Summarized using kagi’s universal summarizer, sharing here:
I took notes for the benefit of anyone who doesn't like their info in video form. My attempt to summarize what Linus says:
He enjoys the arguments, it's nice that Rust has livened up the discussion. It shows that people care.
It's more contentious than it should be sometimes with religious overtones reminiscent of vi versus emacs. Some like it, some don't, and that's okay.
Too early to see if Rust in the kernel ultimately fails or succeeds, that will take time, but he's optimistic about it.
The kernel is not normal C. They use tools that enforce rules that are not part of the language, including memory safety infrastructure. This has been incrementally added over a long time, which is what allowed people to do it without the kind of outcry that the Rust efforts produce by trying to change things more quickly.
There aren't many languages that can deal with system issues, so unless you want to use assembler it's going to be C, C-like, or Rust. So probably there will be some systems other than Linux that do use Rust.
If you make your own he's looking forward to seeing it.
This is a great summary. Thanks!
As always, Ada gets no respect.
I blame Ian Dury.
Possibly NSFW.
www.youtube.com/watch?v=1kFnHPHBcb4
Start the linuxa or alinux project and off you trot. Find a better name than I did here and you’ll be fine.
Ladux? Linda? +Linux, pronounced “Add a Linux” -> Ada Linux? LinLace?
Lada
Images of smoking Eastern European jalopy intensifies.
I prefer Trabant.
Anixa for the win
Adux
Nor does Forth (which used to be a common choice for “first thing to bootstrap on this new chip architecture we have no real OS for yet”). Alas, they’re just not popular languages these days.
Forth is fun but not really suitable for large, long-lasting projects with huge developer communities. Linux isn’t being bootstrapped, it’s already here and has been around for decades and it’s huge. And, I think bootstrapping-by-poking-around on a new architecture has stopped being important. Today, you have compiler and OS’s targeted to the new architecture under simulation long before there is any hardware, with excellent debugging tools available in the simulator.
Have you actually ever used Ada? It’s like programming with handcuffs on.
I have played with Ada but not done anything “real” with it. I think I’d be ok with using it. It seems better than C in most regards. I haven’t really looked into Rust but from what I can gather, its main innovation is the borrow checker, and Ada might get something like that too (influenced by Rust).
I don’t understand why Linux is so huge and complicaed anyway. At least on servers, most Linux kernels are running under hypervisors that abstract away the hardware. So what else is going on in there? Linux is at least 10x as much code as BSD kernels from back in the day (idk about now). It might be feasible to write a usable Posix kernel as a hypervisor guest in a garbage collected language. But, I haven’t looked into this very much.
Here’s an ok overview of Ada: cowlark.com/2014-04-27-ada/index.html
This is how they want to frame it. C has footguns, therefore use Rust—instead of Rust is one of the options you could use.
I don’t think Ada in the kernel would get any cultural acceptance. Rust has been hard enough. C++ was vehemently rejected decades ago though the reasons made some sense at the time. Adopting C++ today would be pretty crazy. I don’t see much alternative to Rust (or in a different world, Ada) in the monolithic kernel. But Rust seems like it’s still in beta test, and the kernel architecture itself seems like a legacy beast. Do you know of anything else? I can’t take D or Eiffel or anything like that seriously. And part of it is the crappiness of the hardware companies. Maybe it will have to be left to future generations.
There’s one called Redox that is entirely written in Rust. Still in fairly early stages, though. www.redox-os.org
Not a programmer whatsoever but I’ve heard about Zig and people comparing it to Rust, what’s the deal with it?
Zig is feasible for systems programming and some, (most notably, the Primeagen in one video) claim it should have gone into the kernel instead of Rust, but I don’t know Zig so I don’t feel qualified to comment beyond that.
Zig is “c”, but modern and safe.
The big selling points compared to Rust are:
The syntax is really close to the C language; any C programmer can pick up Zig really fast.
IMO Zig is a far better choice to go in the kernel than Rust.
Linux has tried to include CPP in it, and it failed.
So imagine if trying to fit in a C-like cousin failed, how far they are to fit an alien language like Rust…
For more information: ziglang.org/learn/why_zig_rust_d_cpp/
But that wasn’t about the syntax, but about the fastnesses, size and control, want it? Things that shouldn’t be much of an issue to Rust.
Zig is safer than C, but not on a level that is comparable to Rust, so it lacks its biggest selling point. Unfortunately just being a more modern language is not enough to sell it.
C++ was not added to Linux because Linus Torvalds thought it was an horrible language, not because it was not possible to integrate in the kernel.
Zig has other selling points, that are arguably more suitable for system programming. Rust’s obsession with safety (which is still not absolute even in rust) is not the only thing to consider.
It is absolue in safe Rust, aka 99% of Rust code.
UB is only one class of error though. I get nervous when people talk about re-writing battle hardened code which has been used - and reviewed by the community - for decades because there are going to be many subtleties and edge cases which are not immediately apparent for any developer attempting a re-implementation.
Like sudo that has had zero days lurking for 10 years?
I’m not advocating for reimplementing stuff for no good reason though.
You mean old code that has bugs that are no just being discovered. Battle hardened code and many eyeballs means nothing.
Zig is a very new and immature language. It won’t be kernel-ready for at l’East another 10 years.
That’s pretty suggestive. Rust syntax is pretty good. Postfix
tryis just better for example.Zig also uses special syntax for things like error and nullability instead of having them just be enums, making the language more complex and less flexible for no benefit.
Syntax is also not everything. Rust has extremely good error messages. Going through Zig’s learning documentation, half the error messages are unreadable because I have to scroll to see the actual error and data because it’s on the same line as the absolute path as the file were the error comes from
That’s a library design question, not a language question. Rust for Linux uses its own data collections that don’t perform hidden memory allocations instead of the ones from the standard library.
I don’t know, Rust is one of the most readablelangueage for me.
Is it still the case once you have a very large project and make use of comptime?
Not true. Because it doesn’t have the guardrails that rust has, you must build a mental model of where the guardrails should be so you don’t make mistakes. Arguably this is something that C maintainers already know how to do, but it’s also not something they do flawlessly from just looking at the bugs that regularly need to be fixed.
Being able to write code faster does not equate being able to write correct code faster.
Yes, because it’s basically C with some syntax sugar. Rust is a Generational change.
Zig is indeed designed specifically for such tasks as system programming and interoperability with C code. However it is not yet ready for production usage as necessary infrastructure is not yet done and each new version introduces breaking changes. Developers recomend waiting version 1.0 before using it in any serious project.
Thank you for the summary!
Good bot!
On a tangential note, what does Linus used, Vi or Emacs?
my money is on vi or vi derivates.
If we can believe random strangers in the internet, then Linus uses a self maintained lighter version of Emacs, or has. Looks like Linus is an Emacs guy.
He uses a version of Emacs called MicroEmacs.
I recall seeing his MicroEmacs configuration a while back when I was exploring options to start using Emacs.
In testing, to settle a bet by a rabid cult-of-vi peer, I opened a given set of files in each editor, each a day apart because I couldn’t be arsed to clear caches. This guy, otherwise a prince, was railing about emacs, but otherwise suffered days of waiting.
10/10 the memory usage by his precious vi was same-or-more than emacs.
There’s so many shared libs pulled in by the shell that all the fuddy doomsaying about bloat is now just noise.
I avoid vi because even in 1992 it was crusty and wrong-headed. 30 years on the hard-headed cult and the app haven’t changed.
I don’t see how microEmacs can improve on what we have by default, and I worry that the more niche the product is the harder it will be to find answers online. But I’m willing to be swayed if anyone can pitch its virtues.
MicroEmacs was written in 1985 and has nothing to do with GNU Emacs (which people just call Emacs these days). It’s entirely outside of the vi-vs-emacs war.
Yeah the interface for it - and functionality - is more like nano than actual Emacs.
TIL that version appears to be on the AUR: MicroEMACS/PK 4.0.15 customized by Linus Torvalds.
Last updated in 2014, it probably has serious cobwebs now. Even the upstream hasn’t been touched in 6 years.
How is it that no matter what the damn topic is, Linus always seems to be the most level-headed in the room? I really admire him for that…
Edit: Lol, Linus, not Linux. Linus. xD
Linus did have emotion control issues and was not always completely rational, but he’s gone a long way towards being incredibly responsible to his child that powers the world.
Also, he long understands that Linux ain’t a hobby project, which some programmers still get to think.
Doing the lord’s work, thank you.
I love you.
Isn’t there Redox OS?
Edit: yes, it’s still alive and kicking.
I think Linus mentioned Redox directly during the interview
what did he say about it?
He just mentioned it as an example of a kernel written in Rust. The interviewer asked if Rust isn’t accepted into the Linux kernel, would someone go out and build their own in Rust, and Linus mentioned Redox saying that’s already happened.
You write “vi versus the world” funny.
I use Micro except for when I forget to install it and can’t, at which point I use Nano
it’s a polite way of saying, “intelligence vs emacs”
Good human.
Thank you for the write-up!!
I think it can be summed up to C is more mature than Rust so we wait for Rust to shine Rust can overcome some complex things in C and vice versa
Linus Torvalds has made some interesting comments on the Rust vs C debate in the Linux kernel. He enjoys the discussions because it shows that people care about the project, even though things can get a little heated like the classic vi vs emacs arguments. The Rust conversation is still in its early days, and while Linus is optimistic about its future in the kernel, it’s too soon to say whether it will ultimately succeed or fail.
He points out that the Linux kernel isn't just "normal" C it's C with additional tools and rules that ensure memory safety and other protections. This incremental approach has allowed for changes without causing the kind of backlash that Rust has faced with its more dramatic changes.
At the end of the day, the kernel has to deal with system-level issues, and unless you're working in assembly, it’s going to be C, C-like, or Rust. Linus is looking forward to seeing how other systems outside of Linux might adopt Rust for their own needs.
If you're interested in exploring more of these tech discussions or maybe looking for some related tools, you can download APK for access to various Linux utilities on mobile.
You can’t improve and break silence without discussing and making changes. The existing maintainers won’t live forever, having Rust in the Kernel is a bet on the future. Linus wouldn’t have adopted and accepted Rust, if he wasn’t thinking its worth it. And looks like it was already worth it.
You’re drastically reducing your talent base by requiring membership in two groups of experts. Well done.
The comma splice gives it away, but you’re new at organizing groups and practicing set theory, aren’t you?
No. That does not mean they have to program in both languages. If the programmer only understand one language (which would be a shame), then they only need to program in their field. This increases the talent base, not reduces it. C programmers do not need to be a Rust expert, so what in the world are you saying there? They just need to cooperate!
I think you’re correct except for “having Rust in the Kernel is a bet on the future”. That’s something the techbro’s would say.
Do you have something against it? People hate on it like it’s a fad or whatever. But, the people who like it, LOVE it.
survey.stackoverflow.co/2023/#overview
survey.stackoverflow.co/2022/#overview
8 years in a row. I can understand the perspective of someone who spent years honing their craft in C/C++ and not wanting to learn a new language. But, the Harassment of the “Rust in Linux Lead” is ridiculous. I’m not saying you are harassing. But, saying it’s a tech bro thing is just negative and doesn’t do justice to how many devs just like rust.
I only have something against the syntax, but nothing against anything else about it, nor is my comment meant as a negative against the language. What I referred to was simply about how that stupid sentence is not a good comment and completely personal opinion. I am sure a lot of programming languages would have gotten the same label at one point in time. And many times they have been superseded by the next big thing.
Fair enough. Personally, I am a developer who only has worked professionally in C#. C/C++ scare me. I would get used to it if I were to use it professionally. on the other hand, I picked up rust as a hobby language for some low level stuff because I love the guardrails the compiler provides. I think rust would help make me a better C programmer TBH.
C isn’t too hard if you learn about how memory and pointers work, which seems to be something Rust tries to get away from. So I’m not sure it would make you a better C programmer.
If anything I think that the current rust discourse is a fad. I’m not sure what it is about rust that makes people have so strong opinions about it but I can’t wait for it to become a “normal” language so that people can chill about it a bit.
I agree. People need to chill.
It’s also possible the number of people who like it do not outnumber the people who don’t like it
Its also possible that out of the people who hate on it, the people who haven’t actually tried it outnumber the ones who have.
@lambda @x00za Well for what it's worth, there is Redox, a Posix compliant kernel written entirely in Rust. There are some other aspects of Redox I don't like, chiefly it's use of a microkernel, which, while it makes portability better it exacts a performance penalty, and of having all drivers operate in userland, perhaps better from a security standpoint but again exacts a performance penalty.
If you believe in ADTs, limiting mutation, & a type system that goes beyond Rust’s affine types + lack of refinements (including a interleaved proof system), you could be writing kernel code in ATS which compiles to C.
there have been attempts at writing kernels using stuff like Coq www.cs.columbia.edu/~rgu/…/cacm19-gu.pdf
.
Correct me if I am wrong, but my understanding is that you use Coq to prove your theroem, then need to rewrite it in something else. I think there is some OCaml integration, but OCaml—while having create performance for a high level language & fairly predictable output—isn’t well-suited for very low-level kernel code. The difference in the ATS case (with the ML syntax similarity 🤘) is you can a) write it all in a single language & b) you can interweave proof, type, & value-level code thru the language instead of separating them; which means your functions need to make the proof-level asserts inside their bodies to satisfy the compiler if written with these requirements, or the type level asserting the linear type usage with value-level requirements to if allocating memory, must deallocate memory as well as compeletly prevent double free & use after free.
For those in the back: Rust can’t do this with its affine types only preventing using a resource multiple times (at most once), where linear types say you must use once & can only use once.
You’r right that only OCaml and Haskell can be used as extraction target for Coq programs. However, it is possible to use Coq to write verified C software. On example is the Verified Software Toolchain that lets you translate C programs to a format that Coq understands and can prove theorems regarding their behavior.
Spoken like a wise elder!
This video is full of jarring edits which initially made me wonder if someone had cut out words or phrases to create an abbreviated version. But, then I realized there are way too many of them to have been done manually. I checked the full original video and from the few edits i manually checked it seems like it is just inconsequential pauses etc that were removed: for instance, when Linus says “the other side of that picture” in the original there is an extra “p” sound which is removed here.
Yet another irritating and unnecessary application of neural networks, I guess.
I don’t think its completely unnecessary, it helps save some time
What exactly makes rust memory safe? That’s the big selling point of it right? Is the compiler just more strict?