D mentioned on Rust discussions site
Paulo Pinto
pjmlp at progtools.org
Mon May 25 12:09:28 UTC 2020
On Monday, 25 May 2020 at 11:33:21 UTC, Dibyendu Majumdar wrote:
> On Monday, 25 May 2020 at 08:48:33 UTC, Ali Çehreli wrote:
>> On 5/24/20 4:08 AM, Dibyendu Majumdar wrote:
>
>>>
>>> Well the jury is still out on these. Until we see a real OS
>>> written in Rust or D or Zig - he proof is not in claims but
>>> in the doing.
>>
>> It would be wasteful to write an OS to prove the claims.
>> Unless there is a technical impossibility, then it's doable.
>>
>
> Of course that would be silly. My assumption is that someone
> will write an OS in one of these languages because of security
> concerns. I think Google is looking at using Rust in Fuchsia.
> Fuchsia is interesting because the kernel was initially in C,
> but now I believe mostly it is in C++ to gain additional type
> safety.
>
> https://fuchsia.googlesource.com/fuchsia/+/refs/heads/master/docs/project/policy/programming_languages.md
>
>> Let's do it the other way: What proof there is for the claim
>> that those languages cannot be used for writing OSes? I know D
>> enough to know that it can be used to manage a CPU, send
>> electrical signals to all the I/O devices around it, etc.
>>
>
> Well there are several things to consider.
>
> First is memory safety - I believe the only way to write OS in
> D or Rust is to use unsafe constructs in parts. Arguably this
> can be done in C++ too - mostly use smart pointers for example,
> and make restricted use of unsafe code.
>
> Secondly a real world OS that is used can tell us if truly the
> resulting OS was more secure than say Linux which is written in
> C. Right now there are theoretical claims that the OS will be
> more secure.
That one is easy, IBM i and IBM z/OS are written in a mix of
Assembly and PL/S. Modern versions now also include C++, but it
wasn't there during their first 20 years.
Unisys ClearCase MCP, written in NEWP, an almost safe systems
programming language, 10 years older than C, the OS doesn't do
Assembly, all CPU low level features are exposed as compiler
intrisics.
Was one of the first OSes to introduce the concept of unsafe code
already during the 60's, any executable or library with unsafe
code is tainted and requires admin being signed off by the admin
for execution.
Unisys still keeps it around and sells it to governments and
business that need three letter agency security level access for
data processing.
Common to all of them, C is only used on the POSIX containers.
More information about the Digitalmars-d
mailing list