> Some drivers written in Rust instead of C would need to be littered with unsafes, raw pointers, pointer arithmetic, manual memory management, manual layout control, and manual resource management to retain similar behaviors.
Some might, the extent remains to be seen. Of course there needs to be code that has unsafe memory management, but a small amount of very well checked code that creates safe wrappers can eliminate the possibility of bad memory handling in huge chunks of the remaining logic. It doesn't eliminate the errors 100% of course, and that's OK - reducing the quantity, search space, and even possibility of a lot of bugs is still a good thing, as it means correctness can be acheived with less time and effort.
> I’m assuming the goal is to have the entire kernel rewritten in Rust.
Who's goal? Some people may want to see that sure. Plenty of others are happy just because this experiment is allowing Rust itself to improve as the r4l people are effectively pushing rust into territory it hasn't been used in previously. Some people just want to see rust in drivers since they are often a pain to keep porting around as internal kernel apis change, and having safe rust abstractions around the tricky bits makes that porting effort much easier.
> Because you’ll have a lot of the same problems, and it seems you could introduce new ones around timing and performance if you start handling memory differently.
If you have a driver so sensitive to timing and performance that a small amount of memory handling change can break it - you'll have these issues whenever the C code around memory management changes as well. There are regularly changes to memory allocation, scheduling, etc within the kernel anyway, so I think this concept is a bit of a moot concern.
Some might, the extent remains to be seen. Of course there needs to be code that has unsafe memory management, but a small amount of very well checked code that creates safe wrappers can eliminate the possibility of bad memory handling in huge chunks of the remaining logic. It doesn't eliminate the errors 100% of course, and that's OK - reducing the quantity, search space, and even possibility of a lot of bugs is still a good thing, as it means correctness can be acheived with less time and effort.
> I’m assuming the goal is to have the entire kernel rewritten in Rust.
Who's goal? Some people may want to see that sure. Plenty of others are happy just because this experiment is allowing Rust itself to improve as the r4l people are effectively pushing rust into territory it hasn't been used in previously. Some people just want to see rust in drivers since they are often a pain to keep porting around as internal kernel apis change, and having safe rust abstractions around the tricky bits makes that porting effort much easier.
> Because you’ll have a lot of the same problems, and it seems you could introduce new ones around timing and performance if you start handling memory differently.
If you have a driver so sensitive to timing and performance that a small amount of memory handling change can break it - you'll have these issues whenever the C code around memory management changes as well. There are regularly changes to memory allocation, scheduling, etc within the kernel anyway, so I think this concept is a bit of a moot concern.