[alkonaut]

The idea of passing around function pointers like raw values that way, or having a language+runtime without array bounds checks or checks for dereferencing invalid pointers is just frightening. We have tools now such that if they had been around in the 60's/70's we wouldn't have these problems. So why not start rebuilding low level systems using better tools? Granted, if we rewrite kernels, drivers, encryption etc in tools preventing stupid low-level bugs, we likely end up creating new high level bugs that were squashed years ago in the old C code. Still, isn't this something that has to be done?

[gilgoomesh]

> We have tools now such that if they had been around in the 60's/70's we wouldn't have these problems

Not for kernel development we don't.

The only modern, memory-safe language that gets close(-ish) to the performance of C for kernel development is Rust and it's a long way from being stable enough for mainstream kernel development.

And even a safe language like Rust won't prevent escalation problems like this if you're placing too much trust in incoming data. That's a design problem that has nothing to do with languages or memory safety.

[pjmlp]

Yes we have. Xerox PARC systems were mainly developed in Mesa after some bootstrap work in BCPL.

ETHZ OS were done in Modula-2, Oberon, Active Oberon.

Olivetti and DEC were using Modula-3.

Several OS were being done in Algol and PL/I dialects back when UNIX was being born.

C's ubiquity is a consequence of UNIX adoption by some successful startups in the workstation market.

If one of the other systems had enjoyed a similar adoption another safer systems programming language would have taken C's adoption.

[illumen]

If Minix had used something else, then Linus probably/might have used that.

[alkonaut]

The thing is; Rust could have been implemented long ago. It was triggered by Mozillas need for a parallell browser engine that is safe and doesn't crash all the time. One would have thought the same need would have existed for other code such as kernels and drivers for many years.

[ajkjk]

This is my opinion as well. I know C is the only option right now. I'm amazed that we still find ourselves in that situation in 2014.

[alkonaut]

Also: C is the only option for parts of an OS. Writing it all in C because 10 or 25% needs it is a strange choice.

[digi_owl]

Rust looks sexy. And i think Mozilla is using it to implement an alternative render/JS engine or something.

[adrianN]

Ada is a modern language that allows for very low level code and is about as fast as C.

[digi_owl]

Thats what the US military use on mission critical systems, right? Seem to recall reading that it is a pain to work with.

[pjmlp]

Ada is used in environments were human lifes are at risk life like life support systems, traffic control and so on.

From FOSDEM talks its use has been increasing thanks to C lack of safety, even with MISRA C.

[digi_owl]

Yeah i guess that having the language enforce the rules makes for safer code than trying to impose safety externally.

[pjmlp]

Because UNIX was embraced by the enterprise and brought C along.

Algol 68, Modula-2, Mesa, Cedar were all options back when UNIX was being brought to life.

[alkonaut]

That's also a pet peeve of mine: the amalgamation of OS and compiler/language still feels like an odd design (of course, for me who arrived with time machine in the 2000's, so does teletypes and tape archives).