Re: C aggregate passing (Rust kernel policy)

From: H. Peter Anvin
Date: Tue Feb 25 2025 - 15:42:13 EST

Next message: Ingo Molnar: "Re: [PATCH] x86/reboot: Don't corrupt memory on non-BIOS systems"
Previous message: Arnd Bergmann: "Re: [PATCH] orangefs: move s_kmod_keyword_mask_map[] into debugfs.c"
In reply to: Kent Overstreet: "Re: C aggregate passing (Rust kernel policy)"
Next in thread: Ventura Jack: "Re: C aggregate passing (Rust kernel policy)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On February 25, 2025 12:21:06 PM PST, Kent Overstreet <kent.overstreet@xxxxxxxxx> wrote:
>On Tue, Feb 25, 2025 at 10:16:17AM -0800, H. Peter Anvin wrote:
>> On February 25, 2025 9:36:07 AM PST, Alice Ryhl <aliceryhl@xxxxxxxxxx> wrote:
>> >On Tue, Feb 25, 2025 at 6:21 PM Ventura Jack <venturajack85@xxxxxxxxx> wrote:
>> >> On the topic of difficulty, even if there was a full specification,
>> >> it might still be difficult to work with aliasing in unsafe Rust.
>> >> For C "restrict", I assume that "restrict" is fully specified, and
>> >> C developers still typically avoid "restrict". And for unsafe
>> >> Rust, the Rust community helpfully encourages people to
>> >> avoid unsafe Rust when possible due to its difficulty.
>> >
>> >This I will not object to :)
>> >
>> >Alice
>> >
>> >
>>
>> I do have to say one thing about the standards process: it forces a
>> real specification to be written, as in a proper interface contract,
>> including the corner cases (which of course may be "undefined", but
>> the idea is that even what is out of scope is clear.)
>
>Did it, though?
>
>The C standard didn't really define undefined behaviour in a
>particularly useful way, and the compiler folks have always used it as a
>shield to hide behind - "look! the standard says we can!", even though
>that standard hasn't meaninfully changed it decades. It ossified things.
>
>Whereas the Rust process seems to me to be more defined by actual
>conversations with users and a focus on practicality and steady
>improvement towards meaningful goals - i.e. concrete specifications.
>There's been a lot of work towards those.
>
>You don't need a standards body to have specifications.

Whether a spec is "useful" is different from "ill defined."

I know where they came from – wanting to compete with Fortran 77 for HPC, being a very vocal community in the compiler area. F77 had very few ways to have aliasing at all, so it happened to make a lot of things like autovectorization relatively easy. Since vectorization inherently relies on hoisting loads above stores this really matters in that context.

Was C the right place to do it? That's a whole different question.

Next message: Ingo Molnar: "Re: [PATCH] x86/reboot: Don't corrupt memory on non-BIOS systems"
Previous message: Arnd Bergmann: "Re: [PATCH] orangefs: move s_kmod_keyword_mask_map[] into debugfs.c"
In reply to: Kent Overstreet: "Re: C aggregate passing (Rust kernel policy)"
Next in thread: Ventura Jack: "Re: C aggregate passing (Rust kernel policy)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]