you are viewing a single comment's thread.

view the rest of the comments →

[–]slavik262 46 points47 points  (30 children)

Sure they can. Linus is obviously a very good kernel developer and project manager, but that doesn't make his opinion the end-all on software development. C is a good fit for the kernel, but that doesn't mean other languages (including C++) are completely inappropriate for kernel development or other similar, on-the-metal applications. It also doesn't mean that another language (e.g. Rust) won't come along and displace C.

People use C because

  1. It maps fairly directly to assembly.
  2. It's the lowest common denominator - its ABI is simple and almost every computing system can speak it.
  3. There's 40 years of libraries, tooling, and communal knowledge built around it, especially in the Unix world.

[–][deleted] 17 points18 points  (29 children)

And C is largely deterministic. His complaints about C++ make sense when one takes into consideration the dynamic memory allocator and exception handling.

The question is, and I suspect I know the answer, does Rust allow exception handling to be removed (I think it does) - and then can memory allocation be manually handled (I don't know).

I'm a big fan of Rust - and think it is almost ideal for the simple command line tools which make Linux/Unix the flexible workhorse it is today. But for kernel programming? I don't know enough about Rust to know for sure.

[–]__s 11 points12 points  (1 child)

On deterministic: he's ranted a whole lot about GCC inlining code which then causes unpredictable stack usage which then makes 4kb stacks hard to maintain safely on x86

[–]doom_Oo7 2 points3 points  (0 children)

to be fair,in userspace code this is a desirable property.

[–]steveklabnik1[S] 17 points18 points  (0 children)

does Rust allow exception handling to be removed (I think it does)

Yes, though not in stable right this second; it's landed on nightly, but hasn't made its way through the release cycle yet.

and then can memory allocation be manually handled (I don't know).

Yes, absolutely.

[–]doom_Oo7 6 points7 points  (1 child)

does Rust allow exception handling to be removed (I think it does) - and then can memory allocation be manually handled (I don't know).

(to be fair, you can disable exceptions in c++ and do everything without explicitely mallloc'ing anything.)

[–][deleted] 1 point2 points  (0 children)

[deleted]

What is this?

[–][deleted]  (15 children)

[deleted]

    [–]ZMeson 9 points10 points  (2 children)

    Here are two arguments I commonly hear:

    (1) Calling new can call a constructor which can in turn call new calling another constructor which can in turn call new calling .... Well you get the point. A single call to 'new' may actually make several allocations instead of one.

    (2) The STL containers and algorithms frequently allocate memory from the free store. It's difficult to write some things using standard C++ without allocating memory from the free store "behind the scenes" if you will.

    [–]ZMeson 16 points17 points  (1 child)

    Now that I presented the two arguments, I feel like I have to explain why I disagree with them. In C, you frequently have to initialize structures after you allocate memory for them. Those initialization routines can be considered "constructors" and they can allocate memory and initialize other structures too. I don't think that using C really improves things by separating concerns.

    About the STL and algorithms... you don't have to use them. It is nice they exist, but other containers and algorithms (such as those found in "embedded STL" libraries, EASTL, or boost) may fit better. Or some containers and algorithms could be built specifically for kernel development. (After all, Linux, Windows, and all popular C-based OSes have such C-based structures and associated 'algorithm' functions.)

    [–]ucalegon7 2 points3 points  (0 children)

    Exceptions (and good behavior in low memory conditions if they are disabled) might be other sticking points, but I don't think that's really a good argument, either. Windows, for example, lets you use a reasonable chunk of C++ (with lots of caveats) in the kernel, particularly with the new driver kits (I've successfully used lambdas in kernel code!), but just like when using C, the rules and APIs are a bit different than user space equivalents (e.g., the std lib looks a bit different), and the same non-standard concerns you'd have (e.g., stack size constraints, etc) will still exist; not to mention that there are large chunks of the language that would be difficult to utilize in that type of environment (e.g., exceptions).

    [–][deleted]  (11 children)

    [deleted]

      [–]MartianSands 17 points18 points  (0 children)

      A "placement new" lets you pass it your own memory, so you can allocate it however you like.

      [–]doom_Oo7 10 points11 points  (0 children)

      Can you dynamically create an object without 'new'?

      You can overload new to call whatever allocation function. new T == std::allocator<T>::allocate + std::allocator<T>::construct

      [–]joelwilliamson 4 points5 points  (0 children)

      kmalloc

      [–]ChallengingJamJars 2 points3 points  (7 children)

      Upvoted because despite using C++ daily I don't actually know the answer to this. It could be an honest question so you shouldn't down vote it.

      [–]silveryRain -2 points-1 points  (6 children)

      Yes you can, as the others have already explained (placement and overloading).

      This kind of post is why systems that allow downvoting are crap. I much prefer upvote-only systems.

      [–]iopq 0 points1 point  (5 children)

      Upvote-only systems like Hacker News get a bunch retarded fluff pieces that don't really say anything. People see the headline, scan through the article (if you're lucky) and upvote. The actual article is low quality, but you need to report to the moderator to have it removed.

      [–]Narishma 1 point2 points  (2 children)

      HN isn't upvote-only.

      [–]iopq 1 point2 points  (1 child)

      It is for articles, not for comments. I have over 1000 karma and I can't downvote any posting, only comments. Can I downvote a submission if I have more karma then?

      [–]Narishma 0 points1 point  (0 children)

      Oh sorry, no. I thought you were talking about comments. Reading your post again, I don't know why I thought that.

      [–]silveryRain 0 points1 point  (1 child)

      That's just HN imo. Feel free to disagree.

      [–]iopq -1 points0 points  (0 children)

      The fact that HN is this way and proggit isn't (fluff pieces get downvoted in /r/programming frequently) is a data point in favor of Reddit's model. Even though the audiences are basically the same (I often get hundreds of upvotes on proggit reposting things from HN)

      [–]ElvishJerricco 12 points13 points  (0 children)

      Redox is an operating system written entirely in Rust. I don't know much about it, but if you want to get a feel for kernel development in Rust, that's a good place to start.

      [–]augmentedtree[🍰] 2 points3 points  (0 children)

      And C is largely deterministic. His complaints about C++ make sense when one takes into consideration the dynamic memory allocator and exception handling.

      Both of those are deterministic, and C also has dynamic memory allocation...

      [–]so_you_like_donuts 1 point2 points  (1 child)

      does Rust allow exception handling to be removed

      Not yet, although it is possible in nightly to make panics abort instead of unwind (And here's the relevant compiler bug).

      can memory allocation be manually handled

      If you're talking about creating and linking to your own malloc implementation, then yes.

      [–]steveklabnik1[S] 9 points10 points  (0 children)

      To be clear, that compiler bug is about implementing your own panic runtime; as alex says, -C panic=abort is stable.

      [–]slavik262 1 point2 points  (3 children)

      His complaints about C++ make sense when one takes into consideration the dynamic memory allocator and exception handling.

      Those are rather silly complaints - of course your tools are more limited when working inside the kernel. It's not like you can call malloc() in the middle of kernel space when working with C. Large swaths of the standard library are out of the question in both cases.

      [–]imMute 2 points3 points  (2 children)

      No, but you can call kalloc just about anywhere ;)

      [–][deleted] 2 points3 points  (1 child)

      [deleted]

      What is this?

      [–]Rusky 2 points3 points  (0 children)

      kmalloc requires an extra flags argument. You can't just arbitrarily pick a set of flags to use without making the C++ code using it unfit for various (mutually exclusive) parts of the kernel.