zlacker

[parent] [thread] 10 comments
1. throwa+(OP)[view] [source] 2022-10-02 14:35:44
To put things in context, Linus is being reasonable and wise and well-mannered once again. Wouldn't mind reading a few juicy expletives, to be honest.
replies(6): >>miohta+m2 >>mustac+P2 >>darthr+X2 >>boardw+K4 >>static+v5 >>wokwok+99
2. miohta+m2[view] [source] 2022-10-02 14:50:55
>>throwa+(OP)
I would rather believe in Rust than Santa Claus.
3. mustac+P2[view] [source] 2022-10-02 14:54:24
>>throwa+(OP)
As someone else in the thread notes, they seem to be talking past one and other. [0]

Linus may view his job as "Saying No" but the way he does it still leaves a little to be desired, because his reasoning is sound here, but it's less "Follow my reasoning" than "You don't want to get yelled at again do you?"

[0]: https://lore.kernel.org/lkml/CAFRnB2VPpLSMqQwFPEjZhde8+-c6LL...

4. darthr+X2[view] [source] 2022-10-02 14:55:11
>>throwa+(OP)
I wonder if he'll end up regretting opening this particular Pandora's box or will things stabilize eventually.
replies(2): >>thrown+r3 >>detaro+B4
◧◩
5. thrown+r3[view] [source] [discussion] 2022-10-02 14:58:10
>>darthr+X2
If everyone who wrote a blogpost about how rewriting thing x in Rust would be amazing actually rewrote x in Rust it would already be the most popular language ever.
◧◩
6. detaro+B4[view] [source] [discussion] 2022-10-02 15:04:49
>>darthr+X2
What makes you expect it might not stabilize?
replies(1): >>darthr+Ed
7. boardw+K4[view] [source] 2022-10-02 15:05:25
>>throwa+(OP)
Context isn't your opinion.
8. static+v5[view] [source] 2022-10-02 15:08:44
>>throwa+(OP)
How is this context? Also how is it "wise" to get the definition of "safe" wrong while acting like a pedant?
9. wokwok+99[view] [source] 2022-10-02 15:30:09
>>throwa+(OP)
>>>>> For GFP_ATOMIC, we could use preempt_count except that it isn't always enabled. Conveniently, it is already separated out into its own config. How do people feel about removing CONFIG_PREEMPT_COUNT and having the count always enabled?

>>>> No (Linus)

>>> As you know, we're trying to guarantee the absence of undefined behaviour for code written in Rust. And the context is _really_ important, so important that leaving it up to comments isn't enough.

>>> Do you have an opinion on the above?

>> This message. Ie. No. you can’t make everyone play by your rules. (Linus, grumpily)

> While I disagree with some of what you write, the point is taken.

> But I won't give up on Rust guarantees just yet, I'll try to find ergonomic ways to enforce them at compile time.

I mean, it doesn’t sound like he’s being petty or misunderstanding.

They want special rules (which won’t work) to do runtime checking for rust code. That seems weird, right?

Rust safety should be compile time. That’s the point…

I dunno, maybe I don’t understand what’s being said, but I don’t think Linus is particularly wrong here, even if it’s kind of shouty.

replies(1): >>oconno+lr
◧◩◪
10. darthr+Ed[view] [source] [discussion] 2022-10-02 15:56:02
>>detaro+B4
Because Rust people tend to be a bit extreme. But perhaps Rust people who are also kernel programmers are less so.
◧◩
11. oconno+lr[view] [source] [discussion] 2022-10-02 17:07:55
>>wokwok+99
> Rust safety should be compile time. That’s the point…

Array bounds checks are one of the most important safety measures Rust takes, and those have to happen at runtime (if the optimizer can't prove they'll never fire). Similarly, locking types like `Mutex` of course do all their locking and unlocking at runtime, though they also use the type system to express the fact that they will do that.

[go to top]