Re: The Case for Rust (in any system)

From: Chris <bsd-lists_at_bsdforge.com>
Date: Wed, 11 Sep 2024 22:41:48 UTC
On 2024-09-05 13:36, Alan Somers wrote:
> On Thu, Sep 5, 2024 at 2:16 PM Warner Losh <imp@bsdimp.com> wrote:
>> 
>> 
>> 
>> On Thu, Sep 5, 2024 at 12:10 PM Alan Somers <asomers@freebsd.org> wrote:
>>> 
>>> By now I expect that most of you have seen the long list of new
>>> security advisories that just came out.  Strikingly, all were the
>>> result of memory handling errors.  And none of them wouldn't have
>>> happened if their respective programs had been written in a
>>> memory-safe language.
>> 
>> 
>> FreeBSD represents hundreds of thousands or millions of man hours
>> in its current form (depending on how you measure it). It has evolved
>> over 30 years. To get to the same level of maturity in a rust rewrite would
>> take a similar amount of time. But even if it took an order of magnitude
>> less because rust is that much better, that represents a huge pool of
>> manpower that don't seem to be hanging out around the project just
>> waiting for something to do.
> 
> Sure.  I for one am not volunteering to rewrite CTL next week.
> 
>> 
>> Where do the resources for this come from? Without enough resources,
>> the rewrites will be crap and nobody will want to use them (or maybe even
>> FreeBSD). The rewrites to date have lost functionality (though maybe not
>> functionality that's important) relative to what they replace.
> 
> Which rewrites are you thinking of?
> 
>> 
>> So great, we should switch to rust. But so far we have no way to do that
>> incrementally (other than a parallel build system, which isn't very 
>> FreeBSDish).
>> And if we can't even find the resources to do that minimal level of work, 
>> how
>> can the rest possibly be robustly undertaken?
>> 
>> Warner
> 
> Your point is obvious; FreeBSD is too big to rewrite the whole thing.
> But my point stands: new projects (whether inside of FreeBSD or not)
> should almost always be using a safe language.  And any component that
> needs a major overhaul anyway should probably also be written in a
> safe language, too.
I don't think the problem is the language. C has proven to be an extremely
powerful and capable language. If it were made impotent enough to prevent
people from making mistakes. Would it be potent enough to do what needs to be 
done?
IOW the people that use it are the problem. Not the language. Is *any* 
language
that prevents one from shooting themselves in the foot powerful enough to be
of any value? I say not. It will always be a matter of quality control, and
until humans are made to be infallible. This will thread will continue.
I know, I know, it's all philosophical, but still...

--Chris