Asterinas: OS kernel written in Rust and providing Linux-compatible ABI

(github.com)

325 points Klasiaster | 1 comments | 15 Oct 24 12:01 UTC | HN request time: 0.203s | source

Show context

akira2501 ◴[15 Oct 24 18:58 UTC] No.41851912[source]▶

I personally dislike rust, but I love kernels, and so I'll always check these projects out.

This is one of the nicer ones.

It looks pretty conservative in it's use of Rust's advanced features. The code looks pretty easy to read and follow. There's actually a decent amount of comments (for rust code).

Not bad!

replies(2): >>41852794 #>>41855386 #

wg0 ◴[16 Oct 24 03:40 UTC] No.41855386[source]▶

>>41851912 #

Otherwise is a decent language but what makes it difficult is the borrow semantics and lifetimes. Lifetimes are more complicated to get your head around.

But then there's this Arc, Ref, Pinning and what not - how deep is that rabbit hole?

replies(5): >>41855987 #>>41855995 #>>41856204 #>>41856306 #>>41856588 #

KingOfCoders ◴[16 Oct 24 05:51 UTC] No.41855995[source]▶

>>41855386 #

I always feel Arc is the admission that the borrow checker with different/overlapping lifetimes is too difficult, despite what many Rust developers - who liberally use Arc - claim.

replies(5): >>41856058 #>>41857157 #>>41857254 #>>41857856 #>>41859332 #

jeroenhd ◴[16 Oct 24 09:27 UTC] No.41857157[source]▶

>>41855995 #

Lifetime tracking and ownership are very difficult. That's why languages like C and C++ don't do it. It's also why those languages needs tons of extra validation steps and analysis tools to prevent bugs.

Arc is nothing more than reference counting. C++ can do that too, and I'm sure there are C libraries for it. That's not an admission of anything, it's actually solving the problem rather than ignoring it and hoping it doesn't crash your program in fun and unexpected ways.

Using Arc also comes with a performance hit because validation needs to be done at runtime. You can go back to the faster C/C++ style data exchange by wrapping your code in unsafe {} blocks, though, but the risks of memory corruption, concurrent access, and using deallocated memory are on you if you do it, and those are generally the whole reason people pick Rust over C++ in the first place.

replies(1): >>41857894 #

GoblinSlayer ◴[16 Oct 24 11:30 UTC] No.41857894[source]▶

>>41857157 #

Looking at the code, it consists of long chains of get().unwrap().to_mut().unwrap().get() noise. Looks like coping with library design than ownership tacking. Also why Result<Option<T>>? Isn't Result already Option by itself? I guess that's why you need get().unwrap().to_mut() to get a value from Result<Option<T>> from an average function call?

replies(2): >>41858336 #>>41858604 #

LinXitoW ◴[16 Oct 24 12:33 UTC] No.41858336[source]▶

>>41857894 #

If I ask my repository (backed by an sql db) to get a user, there might be 3 different scenarios I'm interested in:

- Technical problem (like connection problems) means I don't know what's in the db

- No technical problem, but no user entry

- No technical problem, and a user entry

You need the Result for the technical problems, and the Option for whether there's a user entry or not.

replies(1): >>41859945 #

1. GoblinSlayer ◴[16 Oct 24 15:07 UTC] No.41859945[source]▶

>>41858336 #

Surely Result is supposed to hold both system errors and business errors.

↑