I find this headline incredibly misleading. Proper non-trivial Rust drivers already exist in the kernel. The entire Apple graphical stack for the ARM M-series SoCs is written in Rust, and it’s beyond excellent
What is wrong with the commenters on Phoronix? There seem to be a bunch of old dudes who can’t accept that C is unsafe and no amount of “skill” will prevent it from being unsafe. They look at 3 decades of unsafe C with thousands of CVEs and still think it’s a skill issue.
There are exactly 3 types of phoronix commenters:
- Trolls
- People falling for the trolling
- Professionals working at intel, red hat, etc who use that site as some kind of communications board for some strange, unknown reason
I love C and C++ and I talk to someone else who does (comp sci grad) but he’s hugely biased against rust and says shit like “rust is cringe it has training wheels, just be good at C”
it’s like a weird tech anti-intellectualism
If you think the comments about Rust are bad, you should check out any article about X11/Wayland or systemd.
Yeah, I don’t understand the wayland and systemd hate. Personally, the alternatives are worse in many areas. managing services before systemd was terrible and I’m very happy it’s here. Making services depend on magic comments is a terrible system IMO. Can’t remember if that’s upstart or rinit or whatever.
Wayland hate I at least understand. Their security model makes it not a 1:1 replacement for X11 yet, but that’s what it’s marketed as.
There’s definitely stuff it breaks. I still miss Autokey.
Old NVIDIA gpu here. Wayland is still completely broken for me. I shouldn’t have to buy specific hardware to make my Linux work.
But that is hardly Waylands fault, be angry about Nvidia for having bare to none Linux support for decades.
And yet works fine for me in x11 where my windows and mouse both don’t run at 1fps. I hobby work with ai models and cuda, someone needs to fix it or I’m sticking with x11. I never said it was waylands fault, but given nvidia never acknowledged x11 either and it works over there maybe accepting reality about who is more likely to fix it would be good for that team.
NVIDIA is a billion (maybe trillion now?) dollar company that leaves it up to people in their free time to support their hardware on linux and you’re blaming the unpaid devs, not NVIDIA?
I’m not blaming anyone. I’m stating a fact that Wayland does not work for me and that as long as that is true, an opinion that x11 is better. I don’t care who fixes it. Especially in the world of running ai models, it’s more and more important that nvidia works in your environment
A Linux user time traveling from the 90s/00s would be elated to know that one day someone could possibly have this opinion.
The C/C++ fandom is…something else. For many, C is perfect for every use case and everything else higher level from C# to JavaScript is nothing but inefficient waste for programmers who aren’t good enough for something like C lol
If you open the comments on Phoronix you have already lost.
Learning that the hard way 😂
Technically, it is a skill issue though, but requires borderline perfection to achieve safe code. It’s still a bad argument and detracts from progress in an area where it’s sorely needed. Correct me if I’m wrong, but my understanding is that everything unsafe is because the logic used left something exposed where rust has rules in the language the prevents those had coding practices. C is inherently unsafe, it just doesn’t have built in safe guards to keep the dev from using it wrong.
Technically, it is a skill issue though, but requires borderline perfection to achieve safe code
If near perfection is the minimum to achieve a goal, then it can’t be a skill issue, IMO. But I agree with the rest. It’s a terrible argument that keeps getting repeated, not only for C but many other places in the tech world.
Well performance is important and Rust is fast on paper afaik but idk how it works in real use cases. I don’t remember seeing performance benefits on Rust compared to other languages that are not C.
There’s a paper about this and with C as the baseline, Rust was 4% slower for the specific tests they ran.
In these tests, Rust is actually faster than C sometimes.
So it really does depend on the workload. However, the safety that rust provides cannot be understated. It’s easy to cut corners like in C, but it’s difficult to do it right. Rust provides the closest result of right and fast.
I do agree with you. Safety is important nowadays. Though if there’s a use case where Rust gets a very noticeable performance disadvantage (like UI), it may be better to just use C.
Like UI? Was that a hypothetical or a real example?
I wrote a GTK application in Rust some time ago and it was filled with macros to deal with lifetime issues. Most issues could only be solved with unsafe macros or Rc<RefCell<T>>. The experience working with it is probably a lot better when using newer declarative frameworks, but using it with a toolkit written for C wasn’t fun.
I personally prefer it for cli programs. The executables are considerably larger than C programs due to static linking, but that does mean that it works regardless of what libraries you have installed without any hassle.
Yeah, I wrote two “plugins” some time ago and the Assembly implementation was shorter than the Rust implementation due to the need to convert from C ABI and back 😅.
I have taken a look at both Slint and Egui before, but they didn’t seem to integrate that well with the Linux desktop last time. I just checked again and it seems like Slint has a Qt backend now which is nice. I don’t really like immediate GUI frameworks, but JavaFX has so far been my favorite framework to work with so maybe I’m just weird.
And yes, I have used min-sized-rust’s tricks for several of my projects, and it’s very effective. However statically compiling just doesn’t compare to using C and linking with the system libraries.
Someone said Rust wasn’t very good at UIs in terms of performance. Though I don’t remember where it was published.
… depending on what you want to do.
Anything useful is still “unsafe.”
Anything useful is still “unsafe.”
So you take care with the bits that have to deal with C, just like you have to with C code itself, and then all the rest of your code is still safe by default. Still a net improvement, yes?
In a driver what else is there? Either you deal with c or hardware.
In a driver, there’s a lot more than just C and hardware interaction. You also have to deal with:
Concurrency and Synchronization – Managing locks, spinlocks, atomic operations, and ensuring safe access to shared resources.
Memory Management – Allocating kernel memory safely, handling DMA buffers, and avoiding memory leaks or invalid accesses.
Interrupt Handling – Dealing with IRQs, deferring work using tasklets, workqueues, or bottom halves.
State Management – Handling suspend, resume, and power states efficiently.
Error Handling and Recovery – Ensuring robustness in the presence of hardware failures or unexpected states.
Device Trees and ACPI – Parsing platform configuration data.
Firmware Communication – Loading and interfacing with device firmware blobs.
Kernel APIs and Subsystems – Interacting with networking, block devices, input devices, and other kernel frameworks.
Performance Optimizations – Managing cache coherency, NUMA awareness, and latency-sensitive operations.
Security Considerations – Preventing privilege escalation, ensuring safe user-space interaction, and sandboxing where applicable.
Yes, interfacing with hardware often requires unsafe Rust or C, but a lot of driver logic isn’t directly interacting with raw hardware registers. Rust can help improve safety in many of these areas by reducing common C pitfalls like use-after-free, null dereferences, and buffer overflows.
Yes, then they shouldn’t say it is “safe” because it isn’t. They should say “more safe”, or be more specific.
