Rewriting the GNU Coreutils in Rust
Rewriting the GNU Coreutils in Rust
Posted Jun 9, 2021 9:44 UTC (Wed) by eru (subscriber, #2753)In reply to: Rewriting the GNU Coreutils in Rust by tux3
Parent article: Rewriting the GNU Coreutils in Rust
it is getting a bit silly to iterate over items with only one core while the other 7 or 15 watch.
Only if that program is the only process running! Especially with utilities like this, you may not assume you have the whole CPU to yourself. Sometimes it is true, usually not.
Posted Jun 9, 2021 10:18 UTC (Wed)
by mathstuf (subscriber, #69389)
[Link] (2 responses)
Posted Jun 9, 2021 10:31 UTC (Wed)
by matthias (subscriber, #94967)
[Link] (1 responses)
And of course, high nice values are for background tasks where the user is not waiting for the output. If I run a core utility from the shell, I want to have the result now and I do not care whether a background task has to wait.
Posted Jun 20, 2021 14:35 UTC (Sun)
by roblucid (guest, #48964)
[Link]
Posted Jun 9, 2021 18:09 UTC (Wed)
by Cyberax (✭ supporter ✭, #52523)
[Link] (63 responses)
Posted Jun 9, 2021 20:17 UTC (Wed)
by Wol (subscriber, #4433)
[Link] (62 responses)
Cheers,
Posted Jun 10, 2021 6:59 UTC (Thu)
by jem (subscriber, #24231)
[Link] (61 responses)
Also, what default Application Programming Interface is this changing?
Posted Jun 10, 2021 23:02 UTC (Thu)
by warrax (subscriber, #103205)
[Link] (60 responses)
I'm obviously just nitpicking, but Rust "only" guarantees freedom from *data* races.
Posted Jun 11, 2021 1:44 UTC (Fri)
by ncm (guest, #165)
[Link] (59 responses)
Similarly, Rust does not trap integer overflows (except in signed types in non-release builds, i.e. unit tests), so does not prevent such bugs. Complacency around bugs the Rust compiler permits is encouraged by neglect as part of the Holy Mission to drive Rust into universal enterprise use. ("Rewrite It in Rust" has lately been repudiated as official policy of Rust advocacy, for reasons, but uutils seems to have missed the memo.)
When bugs do trap, such as array indexing errors, the resulting panic cannot be presumed to clean up properly before exiting. This sort of thing is hard to get right, and only comes with maturity. Coreutils probably still have bugs of their own, but they are manifestly bugs we have found we can live with.
All of the core utilities, and many others, could be switched over to build with a C++ compiler and then incrementally modernized with overwhelmingly smaller effort than a wholesale rewrite, at much less risk of introducing new bugs, and without abandoning those targets LLVM poorly serves. No Holy Mission drives such activity, so we see it happen with resounding success in Gcc and Gdb, but not yet in less active projects, or in more hidebound ones like PosgreSQL, SQLite, Git, Systemd, the BSDs, or Linux.
There is more than one way to get memory safety without compromising performance. Rust offers one way. Modern C++ practice, writing at a level of abstraction that confines risky operations to trusted libraries, is another. As such libraries are needed anyway, the cost is small. In effect, one places the trust in such libraries that Rust users place in their compiler and in audited "unsafe" blocks in their corresponding libraries.
It could be seen as tragic when wholly new projects, like Pipewire, Vulkan, and Wayland, are coded in archaic, bug-prone C for no defensible reason; but they can anyway be redeemed starting with a 1-line change to their build script.
Posted Jun 11, 2021 2:14 UTC (Fri)
by rodgerd (guest, #58896)
[Link] (1 responses)
Posted Jun 11, 2021 2:51 UTC (Fri)
by ncm (guest, #165)
[Link]
Unfortunate choices are unfortunate, including choices that generate unnecessary extra work; but as none of them make extra work for me, I happily coexist. You?
Posted Jun 11, 2021 2:26 UTC (Fri)
by rahulsundaram (subscriber, #21946)
[Link] (7 responses)
Or they found the Rust benefits worth it regardless of advocacy. Your scorn is unwarranted.
Posted Jun 11, 2021 3:05 UTC (Fri)
by ncm (guest, #165)
[Link] (6 responses)
Rust is manifestly a better language than C for any use where it works at all. But it is not the only, and often enough not the wisest choice. Everyone chooses for their own reasons, and wisdom may come too late, but late is better than never.
Posted Jun 11, 2021 4:47 UTC (Fri)
by rahulsundaram (subscriber, #21946)
[Link]
I wasn't the only who read it that way. Couple of examples:
"Complacency around bugs the Rust compiler permits is encouraged by neglect as part of the Holy Mission to drive Rust into universal enterprise use"
Sounds like a conspiracy with no evidence cited.
"No Holy Mission drives such activity"
Sounds scornful to me. If you didn't intend to be read that way, you should rephrase these.
Posted Jun 11, 2021 10:13 UTC (Fri)
by khim (subscriber, #9252)
[Link] (4 responses)
Sadly today they are precisely one language suitable for writing safe low-level code. Well… one and half, essentially: Rust and “GCC's C with set of flags Linus insisted on being added to GCC”. C++ is flat-out unsuitable. And as you readily admit Rust is the best of these.
Posted Jun 12, 2021 13:50 UTC (Sat)
by BirAdam (guest, #132170)
[Link] (1 responses)
Did everyone suddenly forget about Ada and it’s sinking Spark? These two have been in use in mission critical work for decades.
Posted Jun 21, 2021 22:04 UTC (Mon)
by rc_rocks (guest, #152877)
[Link]
Posted Jun 12, 2021 22:52 UTC (Sat)
by ncm (guest, #165)
[Link] (1 responses)
Posted Jun 12, 2021 23:22 UTC (Sat)
by Cyberax (✭ supporter ✭, #52523)
[Link]
Posted Jun 11, 2021 4:19 UTC (Fri)
by marcH (subscriber, #57642)
[Link]
Great plan on paper. The reasons why this does not work in practice are well known and have been detailed in about every single article about Rust.
- While much safer than C, even the "most modern" C++ is not as safe as Rust [1]
- Different C++ programmers seem to have different opinions about "modernity" (and everything C++?) "There is more than one way to do it", famous last words.
- Similarly, there is no simple tool or set of rules to detect unsafe/old C and tell when such a safety effort is "done". With Rust you know that safety is done when it compiles and all the unsafe blocks have been very carefully review. In C/C++ there is instead a patchwork of external checkers [2] with varying and overlapping coverage, rules and false positives.
- For the above reasons, safety regressions are easy even after you think you're done.
Last but not least:
The problem with safety and security is that they depend on "the weakest link". So incremental approaches that don't tell you when the job is done are flawed by design.
[1] https://alexgaynor.net/2019/apr/21/modern-c++-wont-save-us/
> Modern C++ practice, writing at a level of abstraction that confines risky operations to trusted libraries, is another. As such libraries are needed anyway, the cost is small.
Modularity and code re-use in C are indeed a joke, unlike safety this is a very good reason to switch to C++; no "weakest link" problem with modularity and immediate benefits. I bet there are other very good reasons to switch to C++; but not safety. Sorry.
Posted Jun 11, 2021 9:52 UTC (Fri)
by james (subscriber, #1325)
[Link] (3 responses)
Posted Jun 11, 2021 14:24 UTC (Fri)
by zlynx (guest, #2285)
[Link] (2 responses)
Of course, if the cleanup is truly important than you cannot implement cleanup using exceptions, panics, or error return codes. There is just no way to be sure that the process isn't killed, so for thorough, reliable cleanup it needs to fork() and have the parent wait for successful completion. If the child fails the parent can clean up. That works for OOM Kill, segmentation fault, illegal instruction and other failures.
Posted Jun 13, 2021 13:52 UTC (Sun)
by jezuch (subscriber, #52988)
[Link]
I myself would be completely satisfied if mv did not clean up completely after it was killed by an unmaskable signal. After all, it seemed like this was the intent of the killer!
Posted Jun 13, 2021 14:14 UTC (Sun)
by james (subscriber, #1325)
[Link]
Once the file is linked, you've got a full copy where you want it. Deleting that copy is not obviously the right thing. Deleting the original copy is, but the program crashed when it tried to do that.
Posted Jun 11, 2021 10:08 UTC (Fri)
by khim (subscriber, #9252)
[Link] (7 responses)
Unfortunately the time have come to accept that C and especially C++ are not languages you can use to write bug-free programs. Even if your code is bug-free today it wouldn't be bug-free tomorrow. Modern compilers insist that code compiler with --std=c89 or --std=c++98 should obey rules introduced in 2023 (sic! they use not yet developed and not yet approved rules from not yet existing standard to compile code written decades ago — look here for details). With C you can piggyback on the Linux need to actually produce reliable code and the fact that Linus keeps one (just one) C compiler in a state where it can actually be used for that. With C++ that's just plain out impossible. Rust is built on the same unstable foundation, but, fortunately, this quicksand is only for the unsafe part of the language, safe mode (the default mode) is supposed to not have any undefined behaviors which compiler couldn't detect. This make it actually suitable for reliable software. Linux already contemplates Rust, too. Modern C++ is unsitable. You can't write safe software using it. Simply because you never know how and when code style would be retroactive changed. Google writes such code in C++, but it's special: they “own” both sides of the equation and thus can actually change code-which-was-safe-but-is-now-unsafe when they are changing the compiler. Most C++ developers don't have such luxury. And since Linux doesn't use C++ they couldn't rely on Linus, too. Rust tries to make sure that code written according to the rules of the book is not only safe today but would stay safe tomorrow. That's big practical difference. The fact that this promise doesn't cover unsafe code is quite unfortunate, but typical rust project doesn't include a lot of unsafe code thus there are at least some hope. No such hope with C++, sadly. C++ maybe more convenient and sometimes even offer faster code (with the use of rvalue-references and other such things) but they also make it more bug-prone. Time have come to start thinking about abandoning it. And Rust is the only viable alternative. And I say that as someone who likes C++ and hates Rust syntax. Bug I guess I would have to accept it.
Posted Jun 12, 2021 9:29 UTC (Sat)
by ncm (guest, #165)
[Link] (6 responses)
Thus, every tiny increment in safety of C++ code being written, from any cause, whether via compiler improvements, language evolution, standard library improvements, third-party library improvements, new libraries released, or developer education, *each* have overwhelmingly more real-world impact than the entire output of the entire Rust ecosystem, from language spec through to "hello world" beginner. All these incremental steps accumulate, day in and day out, adding up to thousands of times as much real-world result, and more again soon after.
Thus, if you actually care even a little bit about the correctness and safety of code you depend on every day, the overwhelmingly greatest effect you can have now and for the foreseeable future would be in helping make the C++ code being written today and tomorrow better, and in helping get C++ code, which can be improved, to be written in place of C code, which cannot.
You can of course continue playing with Rust, for your amusement, but to pretend that it may have any substantive effect in this decade will fool only yourself. In another decade, you will likely have discovered some other enthusiasm of likely similar real-world impact.
I don't make reality, I only observe and report it. Whether you have any effect on it is up to you. Promoting Rust is one way to choose not to. That is allowed much like fooling yourself is.
Posted Jun 12, 2021 10:33 UTC (Sat)
by khim (subscriber, #9252)
[Link] (3 responses)
Sure. And they would be buggy and there would be lots of CVEs and data loss. That's fine: if safety is not your goal, data loss is accetable and only performance matters to you then C++ is fine choice. “Unsuitable for any purpose” is definition from some “better world” position. Where people are more honest and care about security and not just about security certificates. We don't live in that world, sadly. Indeed. Only you misrepresent direction. Today programs written in C++ code are worse from security perspective than it was yesterday and tomorrow they would be even less safe. Just look on number of CVEs in Chrome, e.g. Yes, 2020 had less vulnerabilities than 2019 — but that's mostly because COVID-19 made development slower. And 2021 is shaping to beat record of 2019, so… Also note how DoS vulnerabilities have disappeared. That's good, right? C++ is doing great, right? Nope: it just means that there are so many other, more serious, vulnerabilities that DoS ones are no longer even worth reporting. Indeed. Pain accumulates slowly but steadily. And even Google and Microsoft are thinking about abandoning ship (and before you misinterpret me: no, they are not ready to embrace Rust, Google have just only added it to Android… even the decision whether to drop C++ or not is not yet finalized… but discussions are underway). That I agree with. That I couldn't agree with, sorry. While C++ can be improved it's actually less secure than C code. Simply because language is just so complex and insecure. And most mitigations techniques (sanitizers, static analysis, etc) improve safety of both C and C++ thus C stays ahead. Heck, if you compare C and C++ standard you will find out that C have (and always had) four nicely-prepared lists in it's annex: unspecified behavior list, undefined behavior list, implementation-defined behavior list and locale specific behavior list. With C++… after 36 years of developers we only have proposal… and it doesn't even includes such lists, it just says that it would be nice to, you know, have an actual list of rules for the programmer to follow somewhere. That's not security, that's a joke. Only time will tell. Rust was added to Android only just one year ago. And only couple of small subsystems were implemented in Rust. Microsoft joined the Rust Foundation and actually supports development in Rust, but is not yet ready to drop C++. But the fact that these companies with billions of investment in C++ tools, lots of in-house expertise and their own compilers (clang's C++ is basically Google work at this point, Apple never was all that interested in C++ and other contributors do even less) are even contemplating switch says you something about C++ safely, I'm afraid. Yes, it's true: we don't yet know if Rust would be able to replace C++ or not. But the fact remains: it's the only relatively popular language that can do that. C#, Go or Java are all very nice languages but they couldn't be used as low-level system languages. Rust can be used for that. And it's more secure than C, unlike C++, which is less secure, so why would you advocate switching to C++? Rust eliminates certain classes of bugs entirely (not all of them, of course, you can write buggy code in any language) while C++ warmly embraces latter choice in the infamous “Hoare dilemma” (There are two ways of constructing a software design: one way is to make it so simple that there are obviously no deficiencies, and the other way is to make it so complicated that there are no obvious deficiencies). Thus if you need security you go with Rust. If you only need security certificates then C++ is better for now. But why would anyone want a security certificate for coreutils replacement?
Posted Jun 12, 2021 23:51 UTC (Sat)
by ncm (guest, #165)
[Link] (2 responses)
It doesn't matter what you agree or don't agree with; nobody asks you.
Instead, they continue to choose to use C++ because it works, is fully mature, yet is on a cycle of continuous improvement. It reliably brings in billions of dollars, quarter after quarter, for myriad serious users. They invest in continuous improvement by sending literally hundreds of representatives to ISO Standard meetings three times a year, more at each meeting than at any prior, to help prepare the next Standard. Each Standard published on a reliable 3-year schedule has had as much work than the sum total ever devoted to Rust.
I have spent strictly more time in the past decade filing bug reports against compilers than I have in chasing down memory errors in my C++ code. So, whatever Rust has to offer in avoiding memory errors is of no practical value to me or people who code like me: we don't make memory errors. Overwhelmingly more of us are coding C++ than have ever even heard of Rust. More pick up coding C++ anew each month than the total who have ever so much as compiled hello.rs.
You can pretend all you like that C++ code is less secure than C, or that it is getting less secure, or that Google et al. are preparing to drop it, but it is your fantasy. Your need to invent falsehoods to promote your case only shows you have no case, and that people have been correct to ignore you.
Posted Jun 13, 2021 7:28 UTC (Sun)
by Cyberax (✭ supporter ✭, #52523)
[Link]
We already know whether Rust will displace C++. It will. Any plans you have that depend on not displacing C++ have already failed, right out of the gate.
It doesn't matter what you agree or don't agree with; nobody asks you.
Posted Jun 13, 2021 8:43 UTC (Sun)
by farnz (subscriber, #17727)
[Link]
In at least one large engineering organisation I'm aware of, Rust is displacing C++ in internal tooling, and there are people looking at using it in customer-facing code because the internal tooling that's written in Rust has the performance characteristics of tooling written in C++, but with many fewer bugs, and all of those bugs being either non-security or in the FFI layer to existing C++ libraries that are being reused.
I would not bet on Rust displacing C++ in the next 5 years; I also wouldn't bet on C++ retaining dominance in the next 20, because the Rust ownership and borrowing model is the killer feature over C++17 (the current internal standard for C++ in that organisation). And the problem with the ownership model is that it needs full ecosystem buy-in to be useful - everything has to respect it in order for it to give benefits - which means that a C++23 with a Rust ownership model will take decades to upgrade existing C++ code to the point where it's useful.
With Rust, because there's a clear FFI boundary (e.g. using the CXX crate), you get tooling assistance in enforcing the model at that boundary, and with experience, it becomes clear when a bug is in the FFI layer or C++ code, and when it's in Rust.
Posted Jun 13, 2021 18:30 UTC (Sun)
by Wol (subscriber, #4433)
[Link]
> I don't make reality, I only observe and report it. Whether you have any effect on it is up to you. Promoting Rust is one way to choose not to. That is allowed much like fooling yourself is.
You only observe and report reality? Like the future? Well they do say prediction is always difficult, especially if it's about the future.
It won't take much, and you could suddenly find all those thousands of pages you describe are legacy. There's probably *still* more Cobol than C++ in regular production use, but nobody hears about it because it's all in maintenance mode. What will you say if that description becomes true of C++ in the next decade?
Cheers,
Posted Jun 28, 2021 13:38 UTC (Mon)
by immibis (subscriber, #105511)
[Link]
This was true of every now-dead language, at some point.
Posted Jun 11, 2021 11:19 UTC (Fri)
by daniels (subscriber, #16193)
[Link] (14 responses)
Wayland literally predates Rust, so sadly that wasn't an option.
The core library is quite tiny though, and its primary role in life is to act as a mediator between UNIX sockets (raw bytes) and an FFI bridge (C base types) to whichever language clients or servers are written in. Maybe C++ has matured a bit since Wayland's inception, but at the time C++ interfacing with itself might as well have been an FFI given how difficult it was. Either way, the code in between the sockets and the FFI is so thin that you'd probably increase the code complexity and error factor by converting it to C++.
I get frustrated at C when working on Weston because it's so unhelpful. But C++ doesn't help me with that, because remembering what the name of my type isn't my problem, nor is more ergonomic list/array iteration (because everyone augments the laughably-inadequate C standard library with their own anyway). Working with a language like Rust - which has a real type system unlike C/C++, the benefit of which flows through your entire codebase - would be a lot more compelling though.
Posted Jun 11, 2021 12:02 UTC (Fri)
by khim (subscriber, #9252)
[Link] (2 responses)
Indeed. Rust is so nice (except for syntax which I still hate) that I fear for the Mozilla a lot nowadays. Because most (if not all) really popular languages which were developed in companies either belong to companies are no longer are relevant in the software field (like AT&T with C) or extinct (like Sun with C++ and Java, like Netscape with JavaScript, etc). Rust was separated from Mozilla, though, let's hope it would save Mozilla from that fate.
Posted Jun 14, 2021 16:45 UTC (Mon)
by anton (subscriber, #25547)
[Link] (1 responses)
Posted Jun 14, 2021 16:49 UTC (Mon)
by khim (subscriber, #9252)
[Link]
Memory wart, sorry. So both C and C++ were by AT&T and Java was by Sun.
Thanks for the correction, but it still doesn't bode well for Mozilla.
Except Rust is now separated from it thus there are hope.
Posted Jun 12, 2021 8:00 UTC (Sat)
by ncm (guest, #165)
[Link] (10 responses)
When you show you need to rely on falsehoods to make your case, you reveal you have no case.
Posted Jun 13, 2021 14:10 UTC (Sun)
by jezuch (subscriber, #52988)
[Link] (3 responses)
Um, excuse me? C++'s type system is based on misunderstanding of object orientedness (which in C++, and just about any other "OO" language, is just an extension of structural programming and a far cry from Simula's design, which we're only now rediscovering). Rust's type system is based on algebraic types, in the ML tradition (not as pure as in Haskell, but still). Traits are first-class citizen in Rust, while in C++ they're a design pattern at best, and everything is centered on classes. Completely different paradigms.
BTW, I know that my interpretation of history of programming language design is un-orthodox, no need to point it out ;)
Posted Jun 13, 2021 18:38 UTC (Sun)
by zlynx (guest, #2285)
[Link] (1 responses)
But no, it was not a "misunderstanding." I think C++ design is probably one of the best compromises possible between efficient machine code and OO. And of course we must remember it stayed compatible with C.
"Pure" object oriented languages are just disgustingly inefficient. Java succeeds because of the immense work put into its JVM and JIT compiling. Python and Ruby show off what happens when everything is an object.
Anyone can look and see that C++ is used where speed matters.
Also it is very funny that you use Simula of all languages as an example of object oriented. Smalltalk was the pure object oriented language. Simula was a mashup of Algol and OO juist as C++ is a mix of C and OO. Simula doesn't contain even half of what became Object Oriented in Smalltalk.
Posted Jun 14, 2021 12:28 UTC (Mon)
by jezuch (subscriber, #52988)
[Link]
The claim was that Rust bases its type system on C++ and is far behind it. My point was that Rust, while syntactically in the C family, explicitly breaks away from its type system. And is more powerful thanks to a conscious design and not being a heap of ad-hoc.
Posted Jun 13, 2021 19:28 UTC (Sun)
by ncm (guest, #165)
[Link]
Language purity is a farce. C++ was never promoted as an "object-oriented language". It has always been a language that provides support for an object-oriented style as one among many, and supports promiscuous mixing of styles for anyone not stupidly wedged into just one.
Most of its type operations are inspired by ML, as in Haskell. Algebraic types are just types. There is no paradigm. Paradigms are a farce too.
Posted Jun 13, 2021 14:13 UTC (Sun)
by jezuch (subscriber, #52988)
[Link] (5 responses)
Oh, and I believe that Rust's type system is way more powerful than C++'s, which is a complete mess. So the catch-up goes the other way.
Posted Jun 13, 2021 15:02 UTC (Sun)
by mathstuf (subscriber, #69389)
[Link] (2 responses)
Posted Jun 13, 2021 21:54 UTC (Sun)
by khim (subscriber, #9252)
[Link] (1 responses)
Type system of C++ is built like everything else in that language: 100 stories tall skyscraper with the foundation of quicksand. Yes, I know why, but the fact that Rust have a pretty decent type system. Not perfect but pretty good. Type system of C++ is collection of footguns. Yes, you can make your program misbehave in so many interesting ways… but does anyone finds it fun to explore all these ways when they are debugging something? Back then when C++ at least tried to be compatible with old versions it sounded justified at least, but now, when new versions of C abd C++ are designed to add new and exciting bugs into programs which were perfectly safe yesterday that “compatibility!” excuse just doesn't sound convincing. At least Linus works as good enough brake for that activity in “Kernel C”. But nobody does the same with C++. At least safe Rust doesn't try to pretend that someone may write code in 1990 which obeys rules which are not yet finalized yet in 2021. Unsafe Rust, sadly, inherits that issue because of it's LLVM foundation, but in typical program there are limited amount of unsafe rust code.
Posted Jun 24, 2021 15:24 UTC (Thu)
by nye (subscriber, #51576)
[Link]
Posted Jun 13, 2021 19:35 UTC (Sun)
by ncm (guest, #165)
[Link] (1 responses)
Or, you can look at the actual proposals to strengthen Rust's type system to be able to express more of what can now be expressed in C++ and Haskell but not in Rust.
Posted Jun 14, 2021 12:22 UTC (Mon)
by jezuch (subscriber, #52988)
[Link]
[1] https://sdleffler.github.io/RustTypeSystemTuringComplete/
Posted Jun 11, 2021 12:14 UTC (Fri)
by roc (subscriber, #30627)
[Link] (19 responses)
> the resulting panic cannot be presumed to clean up properly before exiting. This sort of thing is hard to get right, and only comes with maturity.
GNU coreutils can't even be bothered handling SIGPIPE when stdout is a closed pipe. "Graceful exit" is not their forté.
OTOH, in Rust RAII is *the* way to clean up resources, and panics run those drop handlers, so Rust panics generally clean up after themselves quite well.
Posted Jun 11, 2021 13:48 UTC (Fri)
by Sesse (subscriber, #53779)
[Link] (18 responses)
Posted Jun 11, 2021 14:06 UTC (Fri)
by rahulsundaram (subscriber, #21946)
[Link] (17 responses)
https://security.googleblog.com/2021/05/integrating-rust-...
Posted Jun 11, 2021 14:15 UTC (Fri)
by rahulsundaram (subscriber, #21946)
[Link]
https://security.googleblog.com/2021/04/rust-in-linux-ker...
Posted Jun 11, 2021 14:18 UTC (Fri)
by Sesse (subscriber, #53779)
[Link] (15 responses)
Posted Jun 11, 2021 14:27 UTC (Fri)
by rahulsundaram (subscriber, #21946)
[Link] (14 responses)
Which media? Also, integrating Rust into Linux kernel and Android isn't exactly what I would consider small-scale.
Posted Jun 11, 2021 14:33 UTC (Fri)
by Sesse (subscriber, #53779)
[Link] (13 responses)
Google's scale is staggering. Around 100B of lines of C++ by now (I don't have updated numbers). In comparison, the Linux kernel with its ~30M LOC is a drop in the ocean; assigning one or two engineers onto looking at the prospect of maybe writing device drivers in Rust one day, even more so.
Posted Jun 11, 2021 15:16 UTC (Fri)
by mathstuf (subscriber, #69389)
[Link] (1 responses)
- Rust isn't used anywhere at Google. <shown uses>
As if on day 1 there has to be millions of lines of code for it to be meaningful. There is massive momentum for these kinds of things and it takes time. Google having their pet language probably has way more buy-in from management and whatnot, so that specific comparison isn't really useful in my mind.
Posted Jun 11, 2021 18:08 UTC (Fri)
by Sesse (subscriber, #53779)
[Link]
Posted Jun 11, 2021 17:08 UTC (Fri)
by rahulsundaram (subscriber, #21946)
[Link] (10 responses)
Too vague. Which article(s) are you referring to?
> Google's scale is staggering.
Yes and the fact that they have shown significant interest and movement towards integrating Rust into projects with massive user bases like Linux and Android is yet another evidence of growing large scale adoption by multiple companies across many different industries. This is the only realistic way you are ever going to see adoption of any new(er) language. It won't be massive code dumps of millions of lines of code one fine day.
Posted Jun 12, 2021 9:39 UTC (Sat)
by ncm (guest, #165)
[Link] (9 responses)
Posted Jun 12, 2021 10:19 UTC (Sat)
by rahulsundaram (subscriber, #21946)
[Link] (5 responses)
Calling all the existing adoption and momentum from several major players as zero evidence or fooling around is pretty dismissive. This isn't remotely comparable to Forth or Haskell. We are talking about code in production from Mozilla, npm, discord, dropbox, cloudfare and so on. I can't think of any other language comparable to C or C++ that has gotten this level of traction in this timeframe. Feel free to continue overlooking this and we will find out even more conclusively in a few years.
Posted Jun 13, 2021 18:47 UTC (Sun)
by ncm (guest, #165)
[Link] (4 responses)
Posted Jun 13, 2021 19:11 UTC (Sun)
by rahulsundaram (subscriber, #21946)
[Link] (3 responses)
I just don't agree with your opinion. There is no confusion around that.
Posted Jun 13, 2021 20:07 UTC (Sun)
by ncm (guest, #165)
[Link] (2 responses)
Your relationship with truth is duly noted. I will not need any further information.
Posted Jun 13, 2021 20:14 UTC (Sun)
by rahulsundaram (subscriber, #21946)
[Link]
That's not accurate. My comments weren't limited to Google.
Posted Jun 13, 2021 20:36 UTC (Sun)
by nix (subscriber, #2304)
[Link]
Posted Jun 12, 2021 23:24 UTC (Sat)
by khim (subscriber, #9252)
[Link] (1 responses)
Posted Jun 15, 2021 19:43 UTC (Tue)
by Wol (subscriber, #4433)
[Link]
And of course, Forth also has the reputation of producing executables that are smaller than well-written assembler :-)
Writing a KLOC and more program in Forth would probably be a bit of a nightmare.
Cheers,
Posted Jun 13, 2021 7:26 UTC (Sun)
by Cyberax (✭ supporter ✭, #52523)
[Link]
I don't work in Amazon, but I've heard from my friends there that Rust in practice turns out to be a more productive language than C++ and much easier to pick up. One major advantage is that you don't have to learn the particular subset of C++ and its libraries that is in use in your new workplace.
Posted Jun 11, 2021 19:51 UTC (Fri)
by notriddle (subscriber, #130608)
[Link]
Posted Jun 10, 2021 13:15 UTC (Thu)
by moltonel (guest, #45207)
[Link] (1 responses)
Assigning priorities should be done at the system and kernel level, not at the process level. It's nice to have `-jN` style options with a "-j$(nproc)" default, but they remain a bit of a kludge. Instead we have nice, cgroups, etc. It'd be great if something like Apple's grand central dispatch became ubiquitous on Linux.
Posted Jun 10, 2021 15:07 UTC (Thu)
by Sesse (subscriber, #53779)
[Link]
Rewriting the GNU Coreutils in Rust
Rewriting the GNU Coreutils in Rust
Rewriting the GNU Coreutils in Rust
If there's multiple io commands in flight, waiting a little to process one of them won't hurt.
Rewriting the GNU Coreutils in Rust
Rewriting the GNU Coreutils in Rust
Wol
Rewriting the GNU Coreutils in Rust
Rewriting the GNU Coreutils in Rust
Rust lacunae
Rust lacunae
Rust lacunae
Rust lacunae
Rust lacunae
Rust lacunae
> But it is not the only, and often enough not the wisest choice.
Rust lacunae
Rust lacunae
Ada for the win
Rust lacunae
Rust lacunae
Rust lacunae
- It's not fun, so no one is doing it.
[2] ... that everyone should absolutely use despite their limitations
Rust lacunae
When bugs do trap, such as array indexing errors, the resulting panic cannot be presumed to clean up properly before exiting.
OK, I'm curious: what sort of clean up would be reasonable for a coreutils utility beyond just dying?
Rust lacunae
Rust lacunae
Rust lacunae
If anything goes wrong it is nice if mv deletes any temporary copy it had made in the process of moving a file across filesystems.
I've no idea if any version of mv actually does this, but I understand it's possible to open an un-named, unlinked temporary file and write to it, then when you've finished create a link to the file (meaning it has a name and isn't temporary any more), fsync as necessary, and then delete the original file. If the program crashes before the file is linked, then Linux will automatically delete it.
> All of the core utilities, and many others, could be switched over to build with a C++ compiler and then incrementally modernized with overwhelmingly smaller effort than a wholesale rewrite, at much less risk of introducing new bugs, and without abandoning those targets LLVM poorly serves.
Rust lacunae
Rust lacunae
> Meanwhile, thousands of pages of C++ code that you will come to depend upon every day, suitable or not, are coded for every single page of Rust.
Rust lacunae
Rust lacunae
Rust lacunae
Rust lacunae
Rust lacunae
Wol
Rust lacunae
Rust lacunae
> Working with a language like Rust - which has a real type system unlike C/C++, the benefit of which flows through your entire codebase - would be a lot more compelling though.
Rust lacunae
Not sure why you mention Sun for C++. Bjarne Stroustroup worked at AT&T Bell Labs from 1979 to 2002.
Rust lacunae
Rust lacunae
Rust lacunae
Rust lacunae
Rust lacunae
Rust lacunae
Rust lacunae
Rust lacunae
Rust lacunae
Rust lacunae
size > -1 is always false if size is unsigned with no warnings or errors caused far more real-world problems than anything related to issues with references. The fact that uint32_t, uint64_t and size_t are not distinct is seriously problematic, too.
> Rust lacunae
size > -1 is always false if size is unsigned with no warnings
$ clang++ -Weverything /tmp/test.cpp
/tmp/test.cpp:4:14: warning: result of comparison 'unsigned int' > 4294967295 is always false [-Wtautological-type-limit-compare]
if (size > -1) {
~~~~ ^ ~~
/tmp/test.cpp:4:16: warning: implicit conversion changes signedness: 'int' to 'unsigned int' [-Wsign-conversion]
if (size > -1) {
~ ^~
Even if you don't like using -Weverything because you don't want to opt in to newly added warnings, I do think that -Wsign-conversion is something that should always be turned on for code under active development. If you have substantial legacy codebase then you will doubtless need to add a lot of explicit casts to silence false positives, but, well, that's what you asked for.
Rust lacunae
Rust lacunae
Rust lacunae
Rust lacunae
Rust lacunae
Rust lacunae
Rust lacunae
Rust lacunae
Rust lacunae
Rust lacunae
- Oh, it's being looked at for Linux drivers, that's meaningless at the scale of Google.
Rust lacunae
Rust lacunae
Rust lacunae
Rust lacunae
Rust lacunae
Rust lacunae
Rust lacunae
Rust lacunae
Rust lacunae
Rust lacunae
Rust lacunae
Wol
Rust lacunae
Rust lacunae
except in signed types in non-release builds
In non-release builds, unsigned integer overflow also traps. There is no difference between signed and unsigned integer overflow in Rust.
Rewriting the GNU Coreutils in Rust
Rewriting the GNU Coreutils in Rust