Ceci est une ancienne révision du document !
This article has been inspired by the recent controversy about the inclusion – or not – of some code written in the Rust programming language inside the Linux kernel.
For some context, I should mention that the Linux kernel, like most other UNIX-like kernels, has been written mostly in a standard dialect of C. To sum up, the basics of the question is that some developers are in favor of including code in Rust in, at the very least, parts of the kernel source code. Device drivers have been mentioned. But there has been some pushback by other developers who do not agree with this move, in at least one case leading to a discussion about whether code written in Rust should even be able to access routines written in C. Linus has come in very clearly on the topic, setting out that developers responsible for parts of the kernel code who wish to write in Rust may do so, while others may prefer to stick to C. But people must be able to access each other’s code with no hindrance.
There are arguments to be made on both sides of this matter. On the one hand, adding an additional programming language to an already complex kernel source code tree further increases complexity. There are no two ways about that.
Also, being able to read and understand the complete source code will be made more complex, since now a working knowledge of both languages would be required. However, it must be said that Rust syntax is actually rather close to C, and, if anything, is slightly more readable. So this argument is actually not really valid, in my view.
On the other hand, Rust is presented as a much more secure programming language than C, specifically as regards memory management. It could be said that Rust has been designed to avoid the typical programming errors that plague beginners coding in C, such as assigning pointers but then not freeing the memory they point to afterwards, or inversely trying to free up too much space, or fringe effects such as modifying what a pointer points to in two code sections at the same time. This is said to be literally impossible in Rust, or, at the very least, much harder to make mistakes. The Rust compiler has very many built-in safeguards to avoid such potentially bad and hard-to-detect mishaps in a critical piece of software as is the kernel.
From the point of view of us *buntu users, what exactly could the potential effects of including more Rust code in the Linux kernel be? These are not very many, in reality. Perhaps the kernel itself would be slightly larger, since it is unavoidable that some routines should be duplicated. We can expect some degree of increase in stability, though it must be said that the current state of affairs is not bad at all from that point of view. What will certainly be impacted is the toolkit one would need to compile a kernel. In addition to the standard GCC compiler suite, one would now need the Rust toolchain as well. In some cases, this may be something of a drawback, such as when porting the kernel for a new physical platform. Preparatory steps will now include not only making sure some version of GCC is available to cross-compile for the new architecture, but we may very well find ourselves also porting the Rust compiler first, or at least some parts of it.
Since the Rust compiler uses LLVM for code generation (see the “Rust Compiler Developer Guide”, available online), it may very well be that the complete Linux kernel project may find it best to slowly go from the GCC compiler to LLVM. There already seem to be projects such as Android or ChromeOS that use this latter toolchain, so it could very well be not only possible, but even relatively easy. Once more, this would probably be an issue that most users would hardly even be aware of.
So, in final analysis, is all this merely but a storm in a teacup? Not really, there is more to it.
For those who are not programmers, I would like to draw a parallel between the different philosophies of the C and Rust programming languages, and using a manual or an automatic transmission in a motor vehicle. People who are used to shifting their own gears by hand are usually rather good at it and may even take some pride in the fact. After some practice, they may gain finer control over their car’s drivetrain and a better feeling for the forces moving through the shafts and into the wheels, and, in general, a better comprehension of the mechanics of shifting gears. This would in general not be the case of the driver of a car who uses an automatic gear shift, and who perhaps is prepared to sacrifice some mastery of the mechanics in exchange for the convenience of just getting from one place to another with minimum fuss. In much the same way, a proficient C programmer will have gained the experience, over the years, to not make specific mistakes. For this person, the Rust compiler’s very many nanny-helping mechanisms will not be much of a practical help, and may actually constitute a hindrance for getting things done in an efficient manner. But a Rust compiler will avoid many mistakes and may actually be easier on younger programmers, empowering them to build complex pieces of software without having to previously take some hits over arcane types of bugs.
Is this a good thing? Perhaps so, and perhaps not. But consider: we are speaking of open-source development that is mostly done on a voluntary basis. The average age of contributors may be difficult to ascertain, but some key figures of this world are clearly not going any younger. When current leaders need to step down and hand the reins to the next generation, we will probably have to talk about programming style and whether the more hard-core C language with pointers and whatnot is really suited to the newer programmers’ style or vision of kernel programming. In that sense, Rust may very well be a suitable middle ground to build a bridge between generations. It still retains some of the quirks of C, but there is now a handrail between the walkway and the drop down into the abyss of kernel panic.
Also, have you noticed how some youngsters nowadays are quite incapable of handling a manual transmission properly?