Most active commenters
  • baq(3)

←back to thread

Asterinas: OS kernel written in Rust and providing Linux-compatible ABI

(github.com)
364 points Klasiaster | 14 comments | 15 Oct 24 12:01 UTC | HN request time: 1.279s | source | bottom
Show context
akira2501 ◴[15 Oct 24 18:58 UTC] No.41851912[source]
I personally dislike rust, but I love kernels, and so I'll always check these projects out.

This is one of the nicer ones.

It looks pretty conservative in it's use of Rust's advanced features. The code looks pretty easy to read and follow. There's actually a decent amount of comments (for rust code).

Not bad!

replies(2): >>41852794 #>>41855386 #
wg0 ◴[16 Oct 24 03:40 UTC] No.41855386[source]
Otherwise is a decent language but what makes it difficult is the borrow semantics and lifetimes. Lifetimes are more complicated to get your head around.

But then there's this Arc, Ref, Pinning and what not - how deep is that rabbit hole?

replies(5): >>41855987 #>>41855995 #>>41856204 #>>41856306 #>>41856588 #
1. baq ◴[16 Oct 24 06:36 UTC] No.41856204[source]
If you’re writing C and don’t track ownership of values, you’re in a world of hurt. Rust makes you do from day one what you could do in C but unless you have years of experience you think it isn’t necessary.
replies(2): >>41856314 #>>41856786 #
2. metalloid ◴[16 Oct 24 06:59 UTC] No.41856314[source]
It was true until LLMs arrive. Feature compilers + IDEs can be integrated with LLMs to help programmers.

Rust was a great idea, before LLMs, but I don't see the motivation for Rust when LLMs can be the solution initial for C/C++ 'problems'.

replies(3): >>41856391 #>>41856419 #>>41858422 #
3. baq ◴[16 Oct 24 07:13 UTC] No.41856391[source]
On the contrary LLMs make using safe but constraining languages easier - you can just ask it how to do what you want in Rust, perhaps even by asking it to translate C-ish pseudocode.
4. smolder ◴[16 Oct 24 07:18 UTC] No.41856419[source]
Relying on LLMs to code for you in no way solves the safety problem of C/C++ and probably worsens it.
replies(1): >>41863848 #
5. wg0 ◴[16 Oct 24 08:20 UTC] No.41856786[source]
Okay, I think it is is more like Typescript. You hate it but one day you just write small JS program and convert it to Typescript to discover that static analysis alone had so many code paths revealed that would have resulted in uncaught errors and then you always feel very uncomfortable writing plain Javascript.

But what about tools like valgrind in context of C?

replies(5): >>41857436 #>>41857484 #>>41858152 #>>41858386 #>>41864741 #
6. badmintonbaseba ◴[16 Oct 24 10:19 UTC] No.41857436[source]
Valgrind is great, especially if you write extensive tests and you actually run them through it regularly. And even then, it does not prove the absence of any kind of bugs. Safe rust has strong guarantees.
7. baq ◴[16 Oct 24 10:26 UTC] No.41857484[source]
You probably should run your rust programs through valgrind regardless. Rust is safer than C, but any unsafe code drops you to approximately C level of safety and any C FFI calls are obviously outside of rust's control or responsibility.
8. rcxdude ◴[16 Oct 24 12:10 UTC] No.41858152[source]
Valgrind can only tell you about issues that your testcases exercise. It doesn't provide the same guarantees as static checking of memory safety invariants. But, if you're really concerned (especially about unsafe code), belt-and-bracers is a good strategy, and valgrind will work with rust binaries as well. Rust also has a tool called MIRI which can similarly flag up issues in testcases (it's effectively an interpreter for the intermediate representation in the compiler, and it can detect undefined behaviour even if the compiled assembly would happen to look OK. Still has the same limitation of needing extensive testcases though)
9. tracker1 ◴[16 Oct 24 12:39 UTC] No.41858386[source]
A few years ago I was worrying on a Byzantine mess of a JS project. I converted everything to TS for the sole reason of somewhat safely refactoring the project as a whole.

There was so little trust in the fragility of the original, it took a few months to convince everyone the refactored TS branch was safe.

After that, feature development was a lot faster in terms of productivity again.

10. ulbu ◴[16 Oct 24 12:44 UTC] No.41858422[source]
Rust compiler checks things for you. People trust the Rust compiler because it enforces rules they want, so people don’t have to be in its place. Your suggestion is to be that checker to LLM-generated code. Back to square one.
11. BrainInAJar ◴[16 Oct 24 21:04 UTC] No.41863848{3}[source]
probably?

even if the LLM is trained on flawless C code (which it isn't) it still has no way of reasoning about a complex system, it's just "what token is statistically most likely to come next"

replies(1): >>41866874 #
12. jimbomins ◴[16 Oct 24 22:59 UTC] No.41864741[source]
frama-c
replies(1): >>41869041 #
13. smolder ◴[17 Oct 24 06:10 UTC] No.41866874{4}[source]
I said that because it's very possible for someone to write a more flawed program without an LLMs help. The exact probabilities weren't central to my point.
14. junon ◴[17 Oct 24 12:32 UTC] No.41869041{3}[source]
Which is terrible for kernel development, and is generally very hard to work with, unfortunately.