From: cross@spitfire.i.gajendra.net   
      
   In article <4O84M.509173$cKvc.254869@fx42.iad>,   
   Scott Lurndal  wrote:   
   >cross@spitfire.i.gajendra.net (Dan Cross) writes:   
   >>In article ,   
   >>Luke A. Guest  wrote:   
   >>>On 02/05/2023 02:30, Dan Cross wrote:   
   >>>> For decades the operating system development landscape has been   
   >>>> dominated by C; specifically in the kernel space.  In so many   
   >>>> ways, this makes sense, as C was created to build an operating   
   >>>> system, but it's also become an increasingly hostile language   
   >>>> for its original purpose (e.g., https://arxiv.org/abs/2201.07845   
   >>>> and https://queue.acm.org/detail.cfm?id=3212479; others).   
   >>>   
   >>>It was always a hostile language.   
   >>   
   >>I can see why people say this, but what I mean is that compiler   
   >>writers have become somewhat hostile to OS developers by really   
   >>stretching what "Undefined Behavior" allows them to do.  I get   
   >>that on some level, but on another, it means that one cannot   
   >>treat C as a portable macro assembler.  Indeed, this has been   
   >>the case for decades.   
   >   
   >The C compilers generally used for OS development have flags   
   >to disable the aggressive optimizations.   GCC is, after all,   
   >still used to build linux and several other operating systems   
   >and hypervisors.   
      
   This is true.  However, once one goes that route, one finds that   
   one is no longer writing in C, but in a dialect of C specific to   
   some project.  Granted, that dialect shares syntax and _most_ of   
   the semantics of C, but it's a dialect nonetheless.   
      
   Thus Linux, as one example, is not written in C so much as   
   "Linux C", which is the dialect created by the various flags   
   that they pass to GCC and Clang to make whatever undefined or   
   implementation-defined behaviors they rely on well-defined.   
   As Ted Ts'o has said, no one really loses sleep over this, and   
   that's fine: Linux is too important for it to every really   
   change.   
      
   But personally, I'd rather program in a language that requires   
   well-defined behavior by default, coupled with semantics that   
   make it aggressively optimizable.  In Rust, for example, the   
   compiler simply prohibits UB outside of `unsafe` blocks: it is a   
   compile-time error.  Moreover, `unsafe` blocks aren't permitted   
   to contain UB; rather, the compiler simply gives the programmer   
   a little more leeway to perform actions that it cannot tell are   
   safe, and shifts the onus onto the programmer to ensure that   
   the program is well-defined.   
      
   	- Dan C.   
      
      
      
   	- Dan C.   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)