Why Rust for safe systems programming?
drug2004 at bk.ru
Wed Jul 24 08:35:20 UTC 2019
24.07.2019 10:54, IGotD- пишет:
> "Rust provides the performance and control needed to write low-level
> systems, while empowering software developers to write robust, secure
> I have tried to write low level programming with Rust and this is the
> part where Rust is absolutely awful. Rust is fine for application
> programming in an existing OS but for low level stuff it is a dead end.
> Low level programming, system programming, OS programming or whatever
> you want to call often requires another way of programming. Intrusive
> algorithms are common in order reduce memory fragmentation. Pointer
> tricks are common. Look at Linux, loads of pointers pointing around to
> different structures, often in a circular manner. Here Rust will be
> totally lost. You can do raw pointer programming with Rust but then the
> borrow checker is out of commission and you have to manually track the
> memory, then the point of Rust is pretty much gone.
> I tried to write a few algorithms in Rust that I usually use in embedded
> system. It was incredible difficult, even more difficult and less
> verbose than C++. I gave up on Rust. I tried the same algorithms in D
> and it was very easy in comparison, even more easy than C++ and I'm not
> even good D programming.
> I don't really care about the memory management in Rust, as memory
> management is very specialized in embedded systems anyway. What is for
> me much more important are the bounds checking.
One of active user of Rust rewrite one of his bindings to C library from
Rust to C again because:
Currently there is 11 THOUSAND lines of Rust in wlroots-rs. All of this
code is just wrapper code, it doesn’t do anything but memory management.
This isn’t just repeated code either, I defined a very complicated and
ugly macro to try to make it easier.
This wrapper code doesn’t cover even half of the API surface of wlroots.
It’s exhausting writing wlroots-rs code, memory management is constantly
on my mind because that’s the whole purpose of the library. It’s a very
boring problem and it’s always at odds with usability - see the
motivation for the escape from callback hell described above.
To do all of this, and then go write Way Cooler, already a big
undertaking, is too much for me to commit to. When the benefit at the
end of the day is just so I don’t have to write C, that doesn’t really
make it worth it. If I got this out of the box by simply linking to the
library, like I can in C++, then it would be much more tenable.
I can always just use unsafe bindings to wlroots, just like I would with
any other language. However, the entire point of Rust is that it’s safe.
Doing that is not an option because at that point you lose the entire
benefit of the language.
Everything has its price. Rust has both advantages and disadvantages, it
isn't suitable everywhere and anytime. Also there is too much hype about
More information about the Digitalmars-d