Hacker News new | ask | show | jobs
by bsder 938 days ago
I like Rust, but you are going to be writing a lot of unsafe Rust for a filesystem implementation. Multiple processes are writing to the filesystem simultaneously. "Ownership" is fuzzy and is moving around.

At that point, is Rust buying you anything for how much it's going to get in your way?

I really don't see an advantage to Rust when operating at these kinds of low levels.
4 comments
steveklabnik 938 days ago
We have concrete data on this at this point, and it’s just not true that, even in these sorts of low level programs, everything ends up unsafe.

And beyond that, rust has many features that are useful separate from memory safety.

https://asahilinux.org/2022/11/tales-of-the-m1-gpu/ being just one example.

That said I have no opinion if they should write this driver in Rust or not, I simply do not know about the details. But in general, “it’s too low level and so tons of unsafe and so therefore Rust is useless” is at least arguable, if not just fully incorrect, as a general point.

link
duped 938 days ago
Have you ever written a file system? Most of the work is conforming to the semantics of the interface to the kernel/programs calling it. Very little of that requires unsafe code, and the bulk of the provably unsafe stuff (physically writing to memory/disk) is very simple.

The complex stuff can and should be written at a higher level than C.

link
bsder 936 days ago
> Have you ever written a file system? Most of the work is conforming to the semantics of the interface to the kernel/programs calling it.

Yes, I have. And I have implemented partial file locking semantics. And I can painfully remember what I went through to validate it.

Quite a few of those pointers are write pointers which are simultaneously active with a lot of read pointers and they have different owners. That is a task which is screaming "Rust is going to make your life miserable."

link
dralley 938 days ago
There are entire kernels written in Rust with 10% or less unsafe code.
link
rollcat 938 days ago
"Just rewrite it in Rust" is a bit meme-y, but what I wanted to highlight is how you can look at ZFS itself for inspiration. ZFS has checksums to detect bit rot; maybe you want a language with better support for contracts / static analysis. ZFS has zvols to expose virtual block devices for use with other filesystems; maybe you want a language with safe C interop; etc. Any improvement in safety over plain old C would be desirable, and even unsafe Rust is safer.
link