|
Borrow checker semantics only apply to Rust, not C. When you write the bindings you're also responsible for mapping the C code's preconditions and postconditions to something the borrow checker can understand. For example, the semi-common pattern of reference-counted objects sitting behind opaque pointers would call for a transparent wrapper type around a bare pointer, with appropriate implementations of Drop and Clone to decrement and increment the reference count, and inlined wrapper methods to call any C methods associated with the object. You can, of course, call C directly without worrying about writing any of those types; but now you have to write a bunch of unsafe blocks to call those functions all over your non-binding code. This isn't great. In fact, that's basically the underlying argument surrounding R4L right now: the Rust people want to write nice Rust bindings that let the borrow checker do the work, while the C people[0] want Rust to just call C directly. To be clear, both approaches have the same runtime performance, the only implication is on whether or not Rust will be able to verify correctness of the code. The unsoundness you mentioned specifically refers to taking variadic arguments when called from C, which are a bit of a hack even before you talk about Rust interop. In ISO C, you have to call va_end in the current function, with the current stack frame. Rust's compiler doesn't guarantee that Drop implementations are inlined, so your code might wind up calling something else that calls va_end, which isn't good enough. However, this is a moot point, because LLVM/clang treat va_end as a no-op and thus can't get screwed up by Rust not following ISO C spec. I doubt LLVM is going to add optimizer passes specifically to break code that uses va_end wrong if they aren't even using it themselves. If they did, rustc could be modified specifically to support forcibly inlined Drop, just for std::ffi, if needs be. It wouldn't break any code to add this. In other words, it doesn't matter unless you're trying to make Rust code link with, say, stuff compiled by ancient C compilers like Metrowerks CodeWarrior[1] or something; and that stuff makes use of varargs. As for Zig, I haven't used it. I trust that it also has good interop facilities. But that doesn't matter since we're talking about Rust for Linux, not Zig for Linux. [0] Or at least the ones willing to entertain a multi-language Linux [1] I have no clue if that compiler ships a va_end that depends on being called in the current stack frame or not. |
But the bindings still require expertise in both languages to write, don't they? And knowledge of both codebases?
And I haven't followed the specifics of the mailing list debate closely, but couldn't the nice bindings be copied or vendored into each Rust driver or something? I could be wrong, and it wouldn't be neat at all, and be a lot of bloat, but would enable having bindings. Some people argued the Rust code could be maintained out-of-tree, like some other projects were, even though it would take extra effort and also probably require tooling and processes.
>In other words, it doesn't matter unless you're trying to make Rust code link with, say, stuff compiled by ancient C compilers like Metrowerks CodeWarrior[1] or something; and that stuff makes use of varargs.
I did mention that it might not be an issue in practice, given some assumptions. However, if LLVM changes, or if for instance the Rust standard library is reused or copied over to GCC Rust, then the code would need to be changed. For GCC Rust, I wonder if part or all of the standard library could be forked, to have a GCC specific Rust standard library implementation, similar to what happens with C++'s standard library.
>As for Zig, I haven't used it. I trust that it also has good interop facilities. But that doesn't matter since we're talking about Rust for Linux, not Zig for Linux.
Sorry, but it does matter, since claiming that a language like Rust has good C interop of course leads to relative comparisons with other languages in similar spaces and how well they do relative to Rust. And if the promises by Zig holds, and the experience people talk about with Zig holds, then Zig appears to have a substantially better track record in regards to C interop than Rust. Which isn't surprising, since Zig is a less advanced and more primitive language than Rust, and while that has drawbacks, it can also have benefits, possibly like in this case with having much better C interop than Rust. In the same vein that the interop between Rust and C is likely way better than (unless confined to the C subset) the interop between Rust and C++.