Originally posted by plonoma
View Post
Announcement
Collapse
No announcement yet.
Torvalds Voices Thoughts On Linux Mitigating Unexpected Arithmetic Overflows/Underflows
Collapse
X
-
- Likes 1
-
Originally posted by kevlar700 View Post
So the overflow caused an exception and Spark could have found it at compile time. Arianne 5 happened because code was copied from the previous rocket that overrode the protections.
Ada is a better language for the Linux kernel than C or Rust will likely ever be. You can makeup whatever irrelevant arguments that you like.
Comment
-
Originally posted by F.Ultra View Post
you completely ignored my first point which was the more important one. And it still stands true today. If Linus changes the kernel to be 100% Ada then the project would instantly die, some one else would fork it before the change and development would continue in the fork. There are probably more D-programmers out there then Ada-programmers and a kernel in D would also be a dead project.Last edited by kevlar700; 15 May 2024, 05:52 AM.
Comment
-
Originally posted by kevlar700 View Post
The usual status quo argument from those already invested. It might take less time to learn Ada than Linux notoriously opaque abstractions. I expect less time than Rust. Of course, Rome wasn't built in a day. The number of Ada programmers can change in a matter of weeks and Adas features mean the bar for kernel code quality would be far easier to reach than with C.
Just look at all the other attempts at writing a OS kernel in Ada, they are all more or less half finished and their community size can be counted on one hand.
Rust might not have as many devs or as large a community as C but they are still orders of magnitude larger than Ada. There have been attempts before of supporting Linux modules in Ada and those went nowhere because as I've already written now several times, there is no large community. For Rust there is, regardless of what you, I or anyone else things about Rust.
And no the number of Ada developers can not change in a matter of weeks. People don't learn C or Rust to code on the Linux kernel, they come to code on the Linux kernel because they have learned C or Rust. Changing Linux to Ada from C would not change devs to suddenly learn Ada, it would just force the devs to stop contributing.
- Likes 1
Comment
-
Originally posted by F.Ultra View Post
Linux took of because there where enough programmers that knew C and also had an itch to create an operating system.
C is in decline so hopefully a more maintainable code base and being owned by scanning wifi or receiving packets are coming to an end on a system with development at a more care free pace greater than OpenBSD. I don't believe that Rust is the answer personally but it solves the security issues in the main atleast.
Comment
-
Not to mention that there's the "Rust is an ML-lineage language in C++ clothing. Given how many people I've seen bad-mouthing Pascal for its syntax over the years, how many people are there who are going to find the prospect of hobby-coding in Ada a turn-off because they don't like Wirth-style syntaxes and aren't being paid to do it?" part.
Rust didn't have to resemble C++, but they made it a conscious decision to make Rust look friendlier to users of C-descended or C-inspired syntaxes.
Comment
-
Sooo this whole discussion is overall above what I can comprehend, but I do notice Linus reverted quite a bit towards his old self.
From reading some comments I understand the OP of that topic needed some technical slap to put him back in place, but there are honestly alternatives ways Linus could have used to express the same kind of definiteness in his position without using expressions bordering ad personam insults... :/
Comment
-
Originally posted by kevlar700 View Post
Actually I don't believe that. C compilers were simple enough to be freely available at a time when plenty of AT&Ts C code was available. People were worried by the BSD law suit and LInux became the progressive system.
C is in decline so hopefully a more maintainable code base and being owned by scanning wifi or receiving packets are coming to an end on a system with development at a more care free pace greater than OpenBSD. I don't believe that Rust is the answer personally but it solves the security issues in the main atleast.
Originally posted by Citan View PostSooo this whole discussion is overall above what I can comprehend, but I do notice Linus reverted quite a bit towards his old self.
From reading some comments I understand the OP of that topic needed some technical slap to put him back in place, but there are honestly alternatives ways Linus could have used to express the same kind of definiteness in his position without using expressions bordering ad personam insults... :/
Go read his comments on LKML again, he is not insulting Kees one bit, the only time he rages he does that against a piece of software (which also is not a piece of software that Kees have written). Which can also be seen by the reply by Kees where he basically agrees to most of what Torvalds writes.Last edited by F.Ultra; 16 May 2024, 04:09 PM.
Comment
-
Originally posted by kevlar700 View PostTruly, I say to you that all that Misra achieves is to highlight how problematic C is.
All C programs contain undefined behaviour
Ex: 2-line program in Appendix I of MISRA C:2012
https://youtu.be/CVlkJ-ryeoQ?si=-ScXr-05uuLly7MZ
Second, no -- not all C programs contain undefined behavior.
Third, MISRA rules were devised through decades of working on making C code safer. It accomplishes that goal quite commendably provided people follow the rules which, if they can be bothered to use a linter, isn't all that hard to do.
Finally, C is a tool just like Ada or Rust. In right usage scenarios and in the right hands it works wonders. Linux kernel as well as all the embedded stuff all around you (in your car, kitchen, etc) is the proof of that.
I don't mind if you want to waste your time rewriting Linux kernel in Ada. What I do mind is people demanding from C programmers to do it or worse yet demanding that C be changed to be more like Ada or Rust. We need diverse tools -- pliers, hammers, saws, ... not a shelf full of identical precision screwdrivers.
Comment
-
Originally posted by CmdrShepard View PostSecond, no -- not all C programs contain undefined behavior.
Third, MISRA rules were devised through decades of working on making C code safer. It accomplishes that goal quite commendably provided people follow the rules which, if they can be bothered to use a linter, isn't all that hard to do.
Finally, C is a tool just like Ada or Rust. In right usage scenarios and in the right hands it works wonders. Linux kernel as well as all the embedded stuff all around you (in your car, kitchen, etc) is the proof of that.
I don't mind if you want to waste your time rewriting Linux kernel in Ada. What I do mind is people demanding from C programmers to do it or worse yet demanding that C be changed to be more like Ada or Rust. We need diverse tools -- pliers, hammers, saws, ... not a shelf full of identical precision screwdrivers.
People demanding for migrating big codebases to another language probably don't know what they talking. The Rust in Kernel project for example is doing baby steps and only implementing the infrastructure for modules in Rust, without touching the core.
Comment
Comment