To strongman the "anti" case: I believe that FreeBSD still nominally supports a number of architectures that have immature or no Rust support, which seems like a major blocker to (at least) rewriting major system components like devd in Rust. And build times are already a problem -- the joke five years ago was that the FreeBSD build was a wart on the side of Clang. Doubling that isn't ideal.
That said, I'm a big Rust believer and think it's the right tool for the job in a lot of situations where the historical answer was C or C++. Maybe it's the right tool for FreeBSD, too.
Yeah, the architecture point comes up in lost of rust in core type discussions, but I think when it comes to the BSD's it's actually a critical argument. I'm not particularly excited by limping along unusual architectures that most of the contributors can't perform reproductions on, but the BSD's are a bastion in this space and something probably has to be. Addressing this issue in both Rust and LLVM would be valuable at large.
Even arm32 and x86 are Tier 2. Not exactly unusual architectures. The only Tier 1 architectures are amd64 and arm64, i.e. only the absolute mainstream. Not exactly a bastion of architecture support.
> Even arm32 and x86 are Tier 2. Not exactly unusual architectures.
There is 32-bit x86 tier 1 targets like i686-unknown-linux-gnu.
> The only Tier 1 architectures are [...] only the absolute mainstream. Not exactly a bastion of architecture support.
Tier 1 means that the target has the full testsuite run against it for each single pull request. Running the CI is computationally extremely complex, and it is hard to provide a reliable and fast CI service for most architectures.
It seems actually FreeBSD has dropped a lot of old platforms in recent versions, so this may not be a problem anymore. I imagine it would be with some other BSD's.
Honestly, after being in the software industry for a couple of decades and seeing how many times folks attempt to reinvent the wheel (for commercial or other reasons), I am beginning to sigh when I see how many language zealots there are (not you, just in general). The reality is, Rust does not need to replace everything. Nor should it be held on some kind of pedestal.
E.G. Curiosity rover is doing just fine running on millions of lines of C.
If it's going to impact OS stability and decrease performance and portability of the humble, dependable, simple C, it doesn't belong in the core. C is better than Rust for OS development.
Rust is not immune to security vulnerabilities. And at the end of the day, social engineering will steal more data than "hacking the mainframe". Why break in when you can just ask to be let in?
OpenBSD has a great security track record because they resist excessive change and prefer simplicity. For those who want to add Rust to the core of FreeBSD my primary question: is it really necessary? Or is it just because a bunch of Rustaceans want to?
Not solving all security issues isn't the same as not solving security issues. I'd rather my financial data be handled by software written in something that solves many whole classes of vulnerabilities than something that solves none of them.
Apart from the fact that it doesn't only solve a lot of security vulnerabilities, but also avoids a lot of bugs, by virtue of having a stricter type system and memory safety.
Remember we are talking about putting it into the core OS and overall what will the impact be on the stability of said OS. What folks here tend to describe is userspace applications which languages like Go/Java/C#/Erlang/Etc... already solve. In fact, most banks probably already use safer languages for the bulk of the workloads and it works just fine.
I want to point out one more thing: Rust is not a simple language by any stretch. It's equal to in complexity to C++ (yet without decades of established "good practices"). It is much preferable to have an easier to understand core and move the complexity outward—for improved stability and robustness. The core OS by nature of what it does needs to access raw resources in an "unsafe" manner. Rust kernel code will be littered with unsafe blocks and unnecessary complexity.
> For those who want to add Rust to the core of FreeBSD my primary question: is it really necessary? Or is it just because a bunch of Rustaceans want to?
Bfha... the link is a thread by the FreeBSD devs. Stop it with this language evangelist strawman.
> Right—and maybe those places ought to install OpenBSD.
Sure.
But running on OpenBSD doesn't solve application level vulnerabilities. And sure - OpenBSD may help limit the ability of an attacker to leverage one vuln into compromising the entire system. But if the original attack was important enough, that's cold comfort.
OpenBSD? So lower scalability, limited hardware support, less features and a culture that screams "screw you" at anyone who doesn't think their world view is the only One True Way. Yeah...that'd be awesome. I mean, I'm as skeptical of Rust as anyone who's been around for more than a decade, but seriously.
It seems like this isn’t actionable for me - I don’t have much sway over people’s choice of install. Given this, I think my best course of action are to push for regulation, or for standards bodies to accelerate the transition to memory safe languages.
I don’t think it was your intention, but what you just said makes me want to applaud more heavy-handed efforts to make the switch away from C/C++.
> According to research, up to 850 billion lines of COBOL code are currently running in nearly 30,000 organizations, typically in critical production environments. 90 percent of Fortune 500 companies rely on it. Never has there been this much COBOL in circulation and the volume is only likely to increase for the foreseeable future.
That's stupid the language you write in has a huge effect on how you test and ensure quality results. They aren't separate things.
E.g. at one end of the spectrum you have Python where you have to write explicit tests for typos and type errors.
At the other end of the spectrum you have formal verification languages like Dafny that may not require any tests to be written.
Rust is somewhere in-between. It has a very strong type system and lots of features that make memory errors and business errors less likely than in most other languages. You still need some tests, but not as many as with C/C++, Python, JavaScript, etc.
The amount of budget and time you have for the all project is finished, and in practice it's much easier for management to skip testing and QA than to reduce the scope of the project / the amount of features.hence the terrible quality that's plaguing this entire industry.
Besides LLVM, there's been progress for a GCC backend, and in google summer of code, a suggested project is a c backend, so that all c compilers may be leveraged.
If these architectures can't muster enough manpower to keep up with modern toolchains then they are living on borrowed time. Maintainers of active, modern development projects have a limited tolerance for anachronism before they say
"get a modern toolchain up and running or get left behind, we're sick and tired of C89".
I feel like that might leave embedded devices without an upgrade path, and those are the devices that needs to longest "warning". So yes, borrowed time, but that might be a decade.
That no to say that Rust shouldn't be considered, but maybe initially for new development or selective rewrites. Some of the mentioned, like nscd or devd in particular, shouldn't be that high on the list. The ZFSd should be fairly safe, as that's mainly needed on the larger platforms.
If those devices really need updates then the vendor can fork BSD and do the updates they need. It's not like the existing code will stop working on them.
I feel like those are the kinds of devices that never get manufacturer updates anyway. And even if they did, the manufacturer likely is no longer supporting them.
Sure, it's nice to be able to tinker and hack to see if you can upgrade them yourselves, but is it worth maintaining architecture support for that kind of use case? Not asserting that is definitely not, but I think it's worth considering.
If by "modern" you mean "LLVM" then I'm sure the chip vendors will get right on it when they have a GCC backend that works and all of their customers use it.
There is a Rust front-end for GCC that is under active development [1]. If the chip vendors are not willing to develop and upstream a LLVM back-end then they can start contributing to it as an alternative.
Not necessarily. C isn't a great language to target, since it's full of fun undefined behavior quirks that you will trip over if you look at it slightly cross-eyed. And part of the problem with the long tail platforms is that they can have issues that you don't expect (e.g., function pointers and data pointers might have different representation!).
So the main set of platforms you're looking at are ones that are functional enough to have modern, stable C compilers, aren't too quirky that reasonably portable C code would "just" work, and yet ones that you don't already have support for in Rust. Outside of the embedded space, there's like... fewer than 5 architectures left, the most notable of which probably being Alpha.
They might be Amigans which seems like a pretty bad outcome. Look forward to an hour or more of someone who is enthusiastically wrong about a broad range of topics and has been scammed for thousands of dollars without learning a thing from the experience. Oh the new one is faster and cheaper, but you had to get in early to lock in the price? And the delays have really only been a couple of years? Right, yes...
There's always the mrustc[1] compiler that compiles Rust to C source files. So any platform that can compile C, can also compile Rust (with caveats of course).
Of course, this only means we could, it doesn't necessarily mean we should.
That said, I'm a big Rust believer and think it's the right tool for the job in a lot of situations where the historical answer was C or C++. Maybe it's the right tool for FreeBSD, too.