Re: Some rather stupid questions about Rust and FreeBSD

From: B. E. <estrabd_at_gmail.com>
Date: Thu, 12 Sep 2024 02:45:21 UTC
On Wed, Sep 11, 2024 at 9:00 PM Alan Somers <asomers@freebsd.org> wrote:

> On Wed, Sep 11, 2024 at 6:36 PM B. E. <estrabd@gmail.com> wrote:
> >
> > It doesn't matter the technicalities, Rust enthusiasts are looking for
> relevancy in a post-language wars world; and they think falsely that their
> only recourse is to invade established camps.
>
> Nobody is invading anything.  Myself and the other Rust boosters have
> been involved with FreeBSD for longer than Rust has existed.
>
> >
> > I feel sorry for them in a lot of ways, but this is the time for them to
> be discovering problem domains or creating solutions that Rust is uniquely
> good for; and not copying or corrupting established technical communites.
> Augmenting FreeBSD somehow is not a legitimate problmem domain nor is it
> something uniquely solved by Rust. Don't be a solution in search of a
> problem is my best advice to the Rust community - unfortunately much of the
> low hanging problems have been picked; but there are plenty of slightly
> less easy problems to solve.
>
> Systems programming IS the problem domain that Rust is uniquely good
> for.  Nor do we have a solution in search of a problem.  As I've
> explained elsewhere on this list (but you can 100% be forgiven for
> overlooking; there've been a lot of posts), I've already encountered
> many problems within FreeBSD that could've easily been solved by Rust.
> Being experienced with both C and Rust, but being forced to use the
> former, feels like a real handicap.  To recap:
>
> * I considered writing the fusefs test suite in Rust.  It would've
> been well-suited.  But I was forced to do it in C++ instead.
> * I tried to write a prometheus exporter for CTL in Rust.  But when I
> realized that the API is unstable, I had to abandon using ports, which
> meant that I had to abandon using Rust, and use C instead.
> * I had to fix several file-parsing and memory-handling bugs in ctld.
> Just to help myself understand the code, I rewrote part of it in Rust.
> The portion that I rewrote took about 5.5x less code and was free of
> memory-handling bugs.  But I can't finish it, because the src tree
> currently only allows C and C++.
> * ALL of the recent security advisories involved memory handling bugs.
> We obviously can't rewrite all of the affected components overnight,
> but those SAs should serve as a wake-up call that C is insufficient
> for developing reliable and secure software.  Any components that we
> can rewrite will improve the quality of our project.
>
>
> >
> > So, this is ideologically and existentially driven, and rational
> arguments are not enough (FreeBSD is not experiencing this alone). Setting
> extremely hard boundaries, in charity, is the only answer. I am a mere
> casual but consistent user of FreeBSD from a long time ago, and I very
> strongly support all firm (but charitable) opposition to Rust being
> required to run FreeBSD.
>
> I've noticed that the most vociferous opposition to using Rust in
> FreeBSD comes from users like yourself: casual users who do little to
> no development of FreeBSD.  If you aren't a developer, then what are
> you afraid of?  Longer compile times when updating your desktop from
> src?  If Shawn Webb's project works out, then you won't have to worry
> about that.  A larger .iso for installation?  Even the smallest thumb
> drives are now larger than our dvd image.  Please explain to me: what
> negative impact do you foresee for yourself?
>

This ^

Cheers,
Brett


>
> -Alan
>
> >
> > Cheers,
> > Brett
> >
> > On Wed, Sep 11, 2024 at 7:11 PM Aryeh Friedman <aryeh.friedman@gmail.com>
> wrote:
> >>
> >> On Wed, Sep 11, 2024 at 7:02 PM Alan Somers <asomers@freebsd.org>
> wrote:
> >>
> >> > > 2. The code looks no better than portable assembly and if that is
> the
> >> > > case why does it need to be in the kernel when there is already a
> >> > > perfectly good portable assembly already there known as C?
> >> >
> >> > I don't know if you're being serious or trolling.  I ought to assume
> >> > the former, but if you genuinely can't tell the difference between
> >> > Rust and assembly source code then you obviously haven't looked at one
> >> > or the other for more than a few seconds.
> >>
> >> If I had wanted to troll instead of genuinely out of pure curosity I
> >> could of compared all three languages to a language I am currently
> >> writting to use in a forth come PhD thesis that is purefly function,
> >> gate level (with abstractions allowed), has no explicit flow control
> >> except for calling functions and  few other really oddball things.
> >> But I am not going to say anything more about that and instead focus
> >> on why I made the comment I did:
> >>
> >> 1. C when super optimized has about a 2 to 1 ratio between expressions
> >> and emitted machine instructions but it self is semantically much
> >> easier to deal with then assembly and the fact it is a high level
> >> language means it in theory portable to any machine a compiler is
> >> implemented on.
> >>
> >> 2. I consider assembly fairly high level actually compared to the
> >> topic I am not trolling on (I am at the level of building UTM's from
> >> gates)
> >>
> >> > So I think you must be
> >> > exaggerating, and you really mean "Rust looks no more or less readable
> >> > than C".  For a good example of why Rust (and other modern languages)
> >> > can be more readable than C, compare these examples, which sort an
> >> > array:
> >> >
> >> > in C
> >> > ====
> >> > int compare(const void* a, const void* b) {
> >> >      return (*(int*)a - *(int*)b);
> >> > }
> >>
> >> I completely agree pointers are evil and that's why I (like Rust it
> >> appears) *ONLY* allow arrays and array references not direct pointers
> >> into physical address space.   This way we still have the advantage of
> >> being able to use base+offset addressing modes instead of having the
> >> language processor/executor compute absolute addresses at run time.
> >>
> >> >
> >> > int arr[] = { 170, 45, 75, 90, 802, 24, 2, 66 };
> >> > int n = sizeof(arr) / sizeof(arr[0]);
> >> > qsort(arr, n, sizeof(int), compare);
> >>
> >> So C is not OO (what a surprise ;-)) but it does do one thing right is
> >> it separates out the concerns of storage from processing at the lowest
> >> levels (hard to get above that level and that is why I use Java for my
> >> freelancing work).   Which when working in any language is a good idea
> >> but since C is not OO we are stuck with naked function calls (no harm
> >> in that)
> >>
> >> >
> >> > in Rust
> >> > =======
> >> > let mut arr = vec![170, 45, 75, 90, 802, 24, 2, 66];
> >> > arr.sort();
> >>
> >> The fact the data structure even worries about behaviour instead of
> >> being passable to objects is asking for it (this is from my software
> >> engineering hat).   Also the fact there is no explicit size of the
> >> array defined since if it is static a Turing complete process can be
> >> implemented on it but if it is dynamic how do you keep from
> >> overflowing the storage allocated to it (aka buffer overflow).
> >>
> >> > * The size of the array
> >>
> >> Very good idea from the resource management POV
> >>
> >> > * The size of each element
> >>
> >> Again correct call for an OS level language.
> >>
> >> > * The name of the comparison function
> >>
> >> Separation of concerns *STANDARD* software engineering.
> >>
> >> >
> >> > Each of those is error-prone.  Stuff like that is a common source of
> >> > bugs in C code.  But Rust tracks it automatically.
> >>
> >> At the cost of coupling stuff far too tightly it appears.
> >>
>