[andrewstuart]

Pointing at C++ as bad doesn’t address my point.

Kernel code should be easily readable and understandable, shouldn’t it?

If Rust is complex and hard to understand won’t that lead to the kernel source code becoming a giant kablooie of complexity?

Surely the relatively simple nature of C is what makes it suitable for large scale kernel development.

Maybe the answer for more secure kernel code is C with better security analysis tools?

[TypesWillSaveUs]

You're conflating hard/easy and complex/simple.

Rust is hard/simple. The rules aren't complex. The constructs aren't complex. But it's hard to write because the rules are very restrictive.

Rust is also much easier to read than write (for a reader who understands the rules).

It's optimising for exactly the things you want in systems programming:

Easier to read than the write. Simple rules that are easy to understand but hard to follow, and that produce simple programs.

Compare that to C which is easy/complex. It's much easier to write than to read. It's easy to learn and write but produces code that's very complex. The rules are all by convention instead of part of the type system.

[andrewstuart]

>> for a reader who understands the rules

So you’re saying it’s not a problem to understand if you understand it.

[saghm]

That's pretty out of context. Before that, they say this:

> The rules aren't complex. The constructs aren't complex.

So yes, once you understand it, you understand it, but they also specifically said it's not hard to get to the point of understanding it. If we're going to assume that any out-of-context quote is equivalent to the entirety of the content, I'll just cite you on this one:

> it’s not a problem

[bbatchelder]

Think of chess.

Its pretty easy to learn the rules. Once you've done that you can watch a game and know roughly what is happening. But its still a hard game to master.

[duped]

C is not simple. It is small.

> Maybe the answer for more secure kernel code is C with better security analysis tools?

Perhaps like a way of expressing the constraints of a program and automatically checking if portions of a program satisfy those constraints. Aka a type checker.

[constantcrying]

Type checkers are not enough and there are many constraints they can not check.

>C is not simple. It is small.

C is complex because of undefined/unspecified/implementation defined behaviour. Any language which is used on as wide of a range of platforms will have those issues.

[nsonha]

> the relatively simple nature of C is what makes it suitable for large scale kernel development

the relatively simple nature of any language would make it suitable for ANY large scale development

I dont know why you attribute this to kernel development specifically. When you think about kernel development, the uniqe requirement is never "being simple". I would think it has something to do with being closer to bare metal and can do low level instructions performantly.

[dist-epoch]

C has too little abstractions, which means you need more code to express the same things as Rust.

And the number of bugs per line of code is constant, so you will have more bugs in C code than in Rust code simply because you'll have more code.

[onei]

Hard to learn does not necessarily equate to hard to read. You don't need to learn to work with Rust's borrow checker to understand a bit of code, but figuring out how to change it might take longer.