The chatter surrounding the Rust language is growing into a deafening roar. Not only is the Linux kernel train racing toward the 6.1 station, but countless other developers are waking up to the memory-safe language.
Last month I talked about Rust’s momentum seemed unstoppable. I stand by this assessment.
But beware of borderline cases. In this week Secure Software Blogwatch, we brace ourselves for one of Linus Torvalds’ famous rants.
Your humble Blogwatcher has curated these blog articles for your entertainment. Not to mention: The Doodle House.
Don’t miss it
What is the craic? Michael Larabel reports — “The initial Rust infrastructure was merged into Linux 6.1”:
“Some Linux users disagree”
Linus Torvalds pulled the original Rust code into the mainline Linux kernel. [It] has been merged into the mainline git tree for Linux 6.1.
[But] At the weekend there was disagreement among some Linux users about the ideas for supporting the Rust programming language for the Linux kernel. … Those first 12.5,000 lines of new code only provide the basic infrastructure. … Building the Linux kernel with Rust support remains optional.
6.1? I thought it was originally planned for 6.0? Kevin Purdy reminds us – “Linux 6.0 is coming”:
“Torvalds took a wait-and-see attitude”
While major Linux releases only come out when the previous number’s scores look too big – “there’s literally no other reason” – there are many notable things going into this release. …Not included in 6.0 are Rust improvements, but those will likely come in the next point release.
Rust, a memory-safe language sponsored by the Mozilla project, started out as something Torvalds was taking a wait and see approach… something he hoped to see in 6.0. … Just the “core infrastructure” for Rust in 6.1 means a big change in Linux, which has long been dominated by C.
What moved him? pr0nbot summarizes like this:
Linus is a down-to-earth guy and his assessment of Rust is positive. … Something like: It’s the first hot language he’s looked at that fixes a lot of things that suck about C without adding a bunch of new vulnerabilities like C++. So it’s receptive to the idea of Rust in the kernel.
However, This does not mean that Rust programmers can automatically jump into kernel programming. Here is Mini rant by Linus Torvalds:
“You can’t decide”
“Rost is safe” is not an absolute guarantee of code security. … Anyone who believes that should probably … stop believing in the Easter Bunny. … That’s something I really do to need to understand the Rust people. … If you can’t handle the rules that the kernel requires, then just don’t do any kernel programming.
If you want to allocate memory and don’t want to worry about what context you’re in or if you’re holding spinlocks etc. then don’t fucking do any kernel programming. Not in C and not in Rust. … That’s really, really fundamental. Mappers that “just work” in different contexts are broken garbage in the context of a kernel. … cores are special.
To have behavior changes depending on the context, a total disaster. … Such is the reality. You can’t choose the universe you live in.
All of which pulled Drew DeVault to think:
“I would have chosen differently”
As Linus recently put it, “Kernel must trump all Rust requirements.” … These limitations have presented and will continue to present a major challenge for Rust in Linux, but by and large I think it will be able to to face them, though perhaps not as gracefully as I would like.
In my opinion [Rust] does not belong in the Linux kernel. [But] C is boring — it hasn’t really wowed anyone in decades. Rust is exciting and its community enjoys a huge pool of developers using it to build their brave new world. The introduction of Rust into the kernel will [expand] kernel developer base from a group of aging C-writers to a more inclusive developer pool.
Linux is by and large a conservative project. It is used in billions of devices worldwide and its reliability depends on the majority of the earth’s population. … Rust is one of the riskiest bets Linux has ever considered. … That means it will happen, and the ramifications will probably be irksome to me at worst. Although I would have chosen differently, I wish them the best of luck.
Apart from storage security what is so “exciting”? blacksmith forges a neat list:
I respect the opinion… that Linux should be simple and Rust adds a lot of complexity to the build and ABI, but the benefit of Rust isn’t just memory security. … you actually get tagged enums, modules, sensible dependency management, generics, polymorphism, optional elements, no unchecked nullability, collections and many other things. Writing system software with it – even if you completely ignore memory security – is a very pleasant experience once you get the hang of the language.
But why rust? Why not C++? DrXym has a recipe: [You’re fired—Ed.]
There’s a lot that sucks about C++. Any mistake you can make in C, you can make in C++.
In addition, it has its own layer of Bull**** to deal with: the rule of 3, the rule of 5, pointer/reference abuse, weird constructor traps about type coercion, destructor traps about using a virtual, fragile Base classes, issues with multiple inheritance, exceptions, etc. etc… I’m not surprised the kernel didn’t want to go there.
And it just takes less effort. So say marlock:
[Here’s] why so many developers are at least interested in exploring Rust as an alternative to C where possible: … Imagine not having to bend over backwards at every other line of code to avoid silly, repetitive pitfalls, and constantly reimplementing their verbose mitigations throughout the codebase. It also makes the useful code more readable because the extra lines don’t have to be in the code base.
But is it worth the learning curve? You bet thinks u/zerosurplus:
I find that I don’t want to use any other programming language now that I’m familiar with Rust. … I’m beginning to feel like Rust is the language I want for all my projects. It feels like it has the best of both worlds: high-level features and native performance. It feels like programming languages should be.
There’s room for improvement, but I just don’t see myself wanting to go back to C++, C#, or Python. I’m starting to forget how to use these three languages and I think that would be a lot of knowledge to lose, although I don’t think I really need these languages anymore. … C#’s garbage collector led me down this path to Rust. … There’s no reason they couldn’t do reference counting, and I don’t see why they don’t. It seems like a more reasonable approach.
I started learning Rust in February, but I’ve been programming in different languages for 14 years. … I’ve played around with so many languages. Ultimately… I planned all my future projects in Rust.
but Oh my God, It seems like adding Rust doubled the kernel build time. GigaplexNZ sounds succinctly optimistic:
An acceptable compromise – if it results in better memory protection.
my head hurts
Hat tip: aircraft arm
Inside earlier And finally
they have read Safe Software Blogwatch by Richie Jennings. Richi curates the best blog articles, best forums and craziest websites… so you don’t have to. Hate mail can be sent to @RiCHi or [email protected]. Consult your doctor before reading. Your mileage may vary. Past performance is no guarantee of future results. Do not stare into the laser with the remaining eye. E&OE. 30
picture sauce: Mobilus In Mobili (cc:by-sa; leveled and cropped)
*** This is a Security Bloggers Network syndicated blog from the ReversingLabs Blog written by Richi Jennings. Read the original post at: https://blog.reversinglabs.com/blog/rustlang-shines-with-its-day-in-the-sun