Re: The Case for Rust (in the base system)
- In reply to: Warner Losh : "Re: The Case for Rust (in the base system)"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 05 Aug 2024 22:46:51 UTC
Warner Losh wrote in <CANCZdfpB9k_gzuLUij-kuwXMeMDqVwfx9DUsWBdmwNEtMvVkaA@mail.gmail.com>: |On Mon, Aug 5, 2024 at 4:06 PM Poul-Henning Kamp <phk@phk.freebsd.dk> \ |wrote: |> -------- |> Warner Losh writes: |>>>> Most user space tools could be written in lua. |>>> |>>> That /exact/ same argument was made for Perl :-) |>> |>> Lua's been in the base since I imported it for the boot loader, \ |>> though... |> |> Lua is is much more "language" than "eco-system", by design as I |> understand it, so that is a different situation than Perl or Rust. | |Indeed. The standard stuff is fairly small, and we're doing it all as |a 'private' library, so ports will never see what we pull in. | |I personally do not subscribe to to the "let's rewrite all the 50 |> year old source code to make it more safe" philosophy, but there |> are valid arguments when the old code is horrible. | |Plus we're writing new stuff only, and typically only where it makes |a lot of sense (lots of string processing). Plus we're keeping the scripts |as compatible with what little ecosystem there is so we can go back |and forth between the ports lua and the base flua. | |> But there are some wrinkles. |> |> First: Anything setuid/setgid is off-limits. |> |> There are good reasons why we dont have setuid shell-scripts (any more!) |> |> I guess with most systems being effectively single-user these days, |> that may not be as much a security focus as it was back in the 1990ies. | |Yea. No plans there. | |> Second: Performance. |> |> I cannot remember the exact subset of bin programs somebody did in |> Perl as proof of concept, but it slowed down buildworld a LOT to |> fire up all of Perl to do trivial stuff like "echo", "chown" and |> "mkdir". |> |> Lua may be cheaper than Perl, but it will still be measurable. | |Yea. I'm guessing you wouldn't notice, but why do that. There's |no benefit and only a myriad of ways to introduce new bugs |or non-posix conformance where we were conformant before. | |I'm definitely in the "why are we rewriting stuff in rust" because |it doesn't move the ball forward, really. At best it's a great leap |sideways, |maybe with marginally better actual safety. At worst, it's a great \ |leap into |a morass of almost compatible that causes great grief in the gaps, or |worse, has new security problems the old one didn't. So rewriting |for the sake of rewriting seems like a giant waste of resources. |Rewriting strategically to fix areas that have had safey issues |may be different, but cp.rst isn't going to be any better, than |cp.c in most aspects because cp.c has had 50 years to be |debugged. And 50 years makes up for a lot of danger |in the language.... So there may be things that we get some |advantage out of by doing a rewrite in rust, but I'm in the |'case by case basis' camp there: those cases where the cost / benefit |ratio is favorable should be considered. But they can't be |considered entirely in a vacuum because there's a non-zero |cost to rust in the base, even as an external toolchain. That sounds nothing but good. (I was not really serious at first btw.) |Having said all that, I'd love to see us be able to make better of rust and |new rust programs where it makes sense. That's why I've been |encouraging people to give it a go to show us the money. To |show up that we can integrate it (even if it is just a few lines in |Makefile.inc1 that builds everything, optionally, as part of |buildworld). That shows us we can keep the dependency hell |under control, that we can update things sanely (more ecosystem |here, not language). How much work is it to track the latest versions, |how do we deal with that as the number of new rust programs grow, |how do we deal with ABI stability, etc. And to show us if there's an |actual advantage to all of that over what we can do in ports, or what |we might do with pkgbase somehow. I'm unsure of the outcome of all |this, but I think it would be wrong to shout it down completely. To do |all that, people need room to experiment and show what's what. --steffen | |Der Kragenbaer, The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt) | | Only during dog days: | On the 81st anniversary of the Goebbel's Sportpalast speech | von der Leyen gave an overlong hypocritical inauguration one. | The brew's essence of our civilizing advancement seems o be: | Total war - shortest war -> Permanent war - everlasting war