Moving the kernel to modern C

Posted Feb 27, 2022 7:57 UTC (Sun) by camhusmj38 (subscriber, #99234)
In reply to: Moving the kernel to modern C by Wol
Parent article: Moving the kernel to modern C

That is not a technical argument. The fact is it’s perfectly possible to write C++ code that behaves well in Kernel mode and is safer and more reliable than emulating the same features in C using macros etc.

Moving the kernel to modern C

Posted Feb 28, 2022 11:00 UTC (Mon) by farnz (subscriber, #17727) [Link] (4 responses)

It is a technical argument; both Apple and Microsoft are able to enforce a subset of C++ that their kernel developers are happy with, and have CI setups that prohibit the use of features that do not behave well in kernel mode. On top of that, when new features appear (C++17, C++20, C++2x), Apple and Microsoft change the one acceptable kernel compiler to not support those features when compiling for the kernel.

One of the "superpowers" technically of compiled languages is that the compiler does not accept programs that will misbehave at runtime. We accept that, as a side effect of this, there are some programs that will behave at runtime that the compiler also does not accept.

If we have to rely on humans to spot use of "bad" features at runtime, we're putting mental effort onto reviewers, which is a scarce resource in kernel land. Thus, it's better for the kernel to use a compiler that puts the mental effort onto code authors (a C compiler) rather than one that simplifies coding, but puts much more mental strain on reviewers.

A Linux kernel C++ dialect could be created, but it would need buy-in from GCC and Clang to enforce that dialect, so that reviewer time is not spent on something the machine can enforce.

Moving the kernel to modern C

Posted Feb 28, 2022 13:04 UTC (Mon) by Cyberax (✭ supporter ✭, #52523) [Link] (1 responses)

> It is a technical argument; both Apple and Microsoft are able to enforce a subset of C++ that their kernel developers are happy with, and have CI setups that prohibit the use of features that do not behave well in kernel mode.

I wrote quite a bit of code in Windows kernel space, and most of Windows kernel is written in pure C. With few notable exceptions like the bad old GDI code.

Apple's kernel code is also mostly C, and you can download it and check yourself: https://github.com/apple/darwin-xnu

Moving the kernel to modern C

Posted Feb 28, 2022 15:09 UTC (Mon) by camhusmj38 (subscriber, #99234) [Link]

The situation has changed. The Windows Implementation Library includes C++ RAII helpers which are used in the operating system and drivers. They take care of closing handles etc. MSVC also has a kernel mode C++ switch which disables RTTI and Exceptions as well as floating point.
Apple's driver kit has always been C++.

Moving the kernel to modern C

Posted Feb 28, 2022 14:59 UTC (Mon) by adobriyan (subscriber, #30858) [Link] (1 responses)

checkpath.pl can take care of operator overloading if you're too scared.

Hey, even grep can do it.

Moving the kernel to modern C

Posted Feb 28, 2022 19:13 UTC (Mon) by farnz (subscriber, #17727) [Link]

I'm not scared of C++ at all. But I understand why the kernel developers might be, and I respect their position.

Looking at checkpatch.pl, it doesn't even know about operator overloading, or any other C++ feature - and the problem is not limited to operator overloading, but to any other C++ feature the kernel developers don't want to review.