Re: The Case for Rust (in any system)

From: Alan Somers <asomers_at_freebsd.org>
Date: Thu, 05 Sep 2024 20:36:09 UTC
On Thu, Sep 5, 2024 at 2:16 PM Warner Losh <imp@bsdimp.com> wrote:
>
>
>
> On Thu, Sep 5, 2024 at 12:10 PM Alan Somers <asomers@freebsd.org> wrote:
>>
>> By now I expect that most of you have seen the long list of new
>> security advisories that just came out.  Strikingly, all were the
>> result of memory handling errors.  And none of them wouldn't have
>> happened if their respective programs had been written in a
>> memory-safe language.
>
>
> FreeBSD represents hundreds of thousands or millions of man hours
> in its current form (depending on how you measure it). It has evolved
> over 30 years. To get to the same level of maturity in a rust rewrite would
> take a similar amount of time. But even if it took an order of magnitude
> less because rust is that much better, that represents a huge pool of
> manpower that don't seem to be hanging out around the project just
> waiting for something to do.

Sure.  I for one am not volunteering to rewrite CTL next week.

>
> Where do the resources for this come from? Without enough resources,
> the rewrites will be crap and nobody will want to use them (or maybe even
> FreeBSD). The rewrites to date have lost functionality (though maybe not
> functionality that's important) relative to what they replace.

Which rewrites are you thinking of?

>
> So great, we should switch to rust. But so far we have no way to do that
> incrementally (other than a parallel build system, which isn't very FreeBSDish).
> And if we can't even find the resources to do that minimal level of work, how
> can the rest possibly be robustly undertaken?
>
> Warner

Your point is obvious; FreeBSD is too big to rewrite the whole thing.
But my point stands: new projects (whether inside of FreeBSD or not)
should almost always be using a safe language.  And any component that
needs a major overhaul anyway should probably also be written in a
safe language, too.