But for new code / drivers, writing them in rust where these types of bugs just can’t happen (or happen much much less) is a win for all of us, why wouldn’t we do this? C++ isn’t going to give us any of that any decade soon, and the C++ language committee issues seem to be pointing out that everyone better be abandoning that language as soon as possible if they wish to have any codebase that can be maintained for any length of time.
Rust also gives us the ability to define our in-kernel apis in ways that make them almost impossible to get wrong when using them. We have way too many difficult/tricky apis that require way too much maintainer review just to “ensure that you got this right” that is a combination of both how our apis have evolved over the years (how many different ways can you use a ‘struct cdev’ in a safe way?) and how C doesn’t allow us to express apis in a way that makes them easier/safer to use. Forcing us maintainers of these apis to rethink them is a GOOD thing, as it is causing us to clean them up for EVERYONE, C users included already, making Linux better overall.
And yes, the Rust bindings look like magic to me in places, someone with very little Rust experience, but I’m willing to learn and work with the developers who have stepped up to help out here. To not want to learn and change based on new evidence (see my point about reading every kernel bug we have.)
Rust isn’t a “silver bullet” that will solve all of our problems, but it sure will help in a huge number of places, so for new stuff going forward, why wouldn’t we want that?
I’m not a programmer so i don’t have much skin in the game, but from how it’s described it seems like a good idea to me and rust seems like a solid language to me. I do understand the concern from devs who don’t know rust and don’t want to learn it, but i guess that also depends on how much they would actually have to interact with it.
The main problem is that Rust is immature. It’s still evolving, and the unreliable compiler slowly generates bloated binaries.
It’s a great idea, and it will get there, but shoving something incomplete into the mainline Linux kernel isn’t the way to start.
A Rust-only fork, on the other hand, would do much more to test and prove Rust’s utility in such a space.
To point it out for folks unfamiliar with Rust, I consider this comment borderline misinformation.
I don’t know in what world the Rust compiler is considered unreliable. In my experience, it is one of the most reliable toolchains across all programming languages.
The Rust compiler is slow, because it does so many more checks than the C compiler, which is what these devs want. This is also barely relevant while actually developing, because then incremental compilation kicks in, which makes subsequent builds rather quick.
And Rust binaries are primarily larger than C binaries, because it does not use dynamic linking of dependencies. In the kernel, you cannot use dynamic linking anyways, because you need a running kernel to have a filesystem from which to dynamically load these.