Originally posted by Almindor
View Post
Announcement
Collapse
No announcement yet.
Linux 5.15 Working Towards Comprehensive Compile-Time & Run-Time Detection Of Buffer Overflows
Collapse
X
-
Originally posted by Almindor View PostYou don't bail on C, you just incrementally replace it with Rust or similar.
- Likes 1
Comment
-
- Likes 1
Comment
-
Originally posted by TheMightyBuzzardC is not a "high level language". About the only thing lower-level is writing in assembly. And it's not meant to be a high level language. It's meant to be what you use when you really, truly need the number of cycles or memory usage optimized.
- Likes 1
Comment
-
Some people need their perspective widened a little.
C and its derivatives require the developer to manage. The original CPUs and OSs did not do any of this, therefore the coder had to.
Modern languages are nice and all, but that type of automatic memory safety just wasn't available when C was created.
It's really a different environment in computing these days and the advent if Virtual Memory spaces on a per program basis, really are what allows things like Rust and Java to exist. Only truly low level things like OS kernels really need the explicit memory management that C provides. Otherwise, everybody should be using the newer memory safe code paths instead.
Comment
-
Originally posted by TheMightyBuzzard View Post
Sure, for things where you don't give a rodent's posterior about performance or resource usage. Rust has carved out a really useful middle ground for itself but it simply is not capable of replacing C universally.
Comment
-
Originally posted by TheMightyBuzzard View Post
Sure, for things where you don't give a rodent's posterior about performance or resource usage. Rust has carved out a really useful middle ground for itself but it simply is not capable of replacing C universally.
Comment
-
Originally posted by oiaohm View Post
There is a question does C have to be replaced. Linux kernel has been progressively extending what C defects can be detected at build time. Sparse with C add a stack more meta data. I remember point that extra sparse stuff out to person who is attempting rust based drivers for Linux that they really need need to make sure they were processing in sparse details on functions. Linux kernel C is not put pure bog standard C.
You can monkey patch this all you want, add static analyzers and whatnot, anything written in C, C++ or even Go will always be a huge CVE waiting to happen. Rust isn't perfect but it's in a different league when it comes to security constraint enforcement.
That doesn't mean that re-writing the whole kernel is on the table now, but one day it might. Or it might be a separate kernel that keeps ABI compatible who knows. If it doesn't happen like that a new replacement will probably arrive at some point written in Rust or rust-alikes.
Start with the drivers, then individual modules and go from there. Fix the remaining issues along the way (e.g. alloc, panic etc.). Rust has already been more or less chosen for this, and for good reasons.
I'm sure Rust itself will become deprecated one day on this level, replaced by something even better, but that's probably decade or more from now.
Comment
Comment