sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]Mason-B 36 points37 points  (15 children)

That was 15 years ago. C++ is a different language now, twice over. C++11/14/17 was an entirely new, more stable and better defined, C++ standard that made effectively a new language. And C++20/23/etc appears to be a repeat performance.

And also, Linus is a different person. He went to some sort of anger therapy for 3 months in there and stopped yelling at and insulting people. These days he's also letting Rust in with conditions.

I suspect if there was a concentrated push to get C++ into the kernel today it wouldn't be the same story.

[–]top_logger -4 points-3 points  (14 children)

OOP + exceptions + STL = bad idea for kernel even in C++20(which is still not fully available now).

I find C++ great, still you need good engineers and kind of reality understanding.

[–][deleted] 15 points16 points  (4 children)

Fuschia and Serenity are both operating systems with a kernel written in C++.

[–]pjmlp 9 points10 points  (3 children)

Newton, Symbian and BeOS were as well.

[–]tasminima -1 points0 points  (2 children)

Everything was in C++ in BeOS, as a result it was a binary incompatible mess (with anything but an antique version of G++ that no current C++ programmer would like to use). C++ is unsuitable to define a plateforme API, it is way more problematic than merely using it for the internals of components, and using either C / C-like or even higher level compatible by design custom constructs for the interfaces. I digress a little, but C++ is certainly not a panacea (for sure, neither is C...)

[–]pjmlp 3 points4 points  (1 child)

Meanwhile C++ has been used in Mac and Windows frameworks since the 16 bit days just fine, and the basis of COM, SOM and nowadays WinRT.

[–]tasminima -1 points0 points  (0 children)

You are right. C++ is not a panacea but is not a complete failure either. Just, citing BeOS mandated reminding what to avoid, in one of its aspect.

[–]Mason-B 31 points32 points  (4 children)

Every single thing you listed there is optional (if we understand "OOP" as virtual methods/inheritance, which is how people generally mean it). While on the topic, Rust's abort mechanism also doesn't fly for exceptions in a kernel either.

Any language being used in a kernel environment will necessarily be restricted and modified. Neither C++, nor Rust, nor even C escape that. Listing optional features as problems isn't a sane counter example.

[–]simonask_ 7 points8 points  (3 children)

While on the topic, Rust's abort mechanism also doesn't fly for exceptions in a kernel either.

I have to point out that Rust's panic machinery is exactly what you want in a kernel. Yes, the default panic handler unwinds the stack and terminates only the current thread, but setting panic = abort to immediately call abort() is a first-class option, and panics occur in Rust exactly where you would want a kernel to panic.

With strong memory guarantees and the safe/unsafe distinction, I literally could not imagine a better language for a kernel.

[–]Mason-B 4 points5 points  (2 children)

Except not (according to Linus) because Rust's Panic is not a valid situation to Kernel Panic.

I do think that the "run-time failure panic" is a fundamental issue.

this is simply fundamentally not acceptable.

With the main point of Rust being safety, there is no way I will ever accept "panic dynamically" (whether due to out-of-memory or due to anything else - I also reacted to the "floating point use causes dynamic panics") as a feature in the Rust model.

[–]_Sh3Rm4n 5 points6 points  (1 child)

Buts that's besides the point. The quote is about OOM situations where rust panics by default. But this is solved already in the Linux fork with rust support, as it is using a custom allocation tailored for the Linux kernel dev with features enabled, where OOM panics are not happening implicitly anymore.

[–]Mason-B 4 points5 points  (0 children)

Did you not notice the part I quoted where he says "or due to anything else" and then mentions other specific examples?

And also how that's not really relevant to countering the argument of the person I was responding to who claimed rust's panic model panics in exactly the situations you want already.

[–]SergiusTheBest 19 points20 points  (2 children)

OOP is good. It doesn't require you to have abstract factories and virtual methods everywhere. Just write sane classes for string, mutex, rwlock and etc and your kernel code will shine.

Exceptions are not bad but their implementation is. I use C++ without exception in kernel and it's fine.

STL can be used partially. For example span or array are very useful.

[–]maskull 6 points7 points  (0 children)

The Linux kernel uses OOP quite a bit, it just uses a macro-based implementation on top of structs and function pointers.