Comment: Rust in the Linux kernel – act instead of cheer!
Now Rust is finally taking off!? Linus Torvalds expects it to be integrated into the Linux kernel before the end of this year. The idea has been around for a few years. To be clear, it’s not about replacing C entirely, it’s about opening the way for Rust first. To do this, the language requires suitable interfaces for kernel mutexes and device drivers, among other things. The Linux and Rust communities are jointly responsible for developing these.
Rainald Menge-Sonnentag is senior editor at heise Developer and iX. As a teenager he programmed ZX Spectrum and VC 20 in Basic and Assembler. Pascal, C++, Java and C# were added later, but today he unfortunately largely lacks the time for programming. But that doesn’t stop him from trying a few things with TypeScript, Kotlin and Rust.
Rust in the Linux kernel is a good idea because, unlike C, the programming language was designed for security right from the start. Above all, it avoids memory errors, which are responsible for the majority of security vulnerabilities in software. No garbage collector depresses performance. The strict ownership concept, in which each object has only one owner, not only secures memory management, but also prevents errors in concurrent code. In addition, Rust does not recognize a null value and therefore no null pointer exceptions.
There is broad consensus about the benefits. In June, Rust was named the most popular programming language in the annual Stack Overflow poll for the seventh time in a row. Google, AWS, Microsoft and Meta praise them on their blogs. Numerous projects and companies initially rely on Rust for a few modules or gradually switch from C to Rust.
What is missing, however, is a large lighthouse project beyond the Rust initiator Mozilla. Linux would be exactly the right pioneer: If the operating system layer relies on Rust, other applications will probably follow suit.
Do you already know the free iX newsletter? Register now and don’t miss anything on the monthly release date: heise.de/s/NY1E The next issue will be about the main topic of August-iX: professional hardware from Refurbisher.
Worth the challenge
As expected, there are some prophecies of doom: the planned integration of C++ into the Linux kernel twenty years ago failed. There are two crucial differences to Rust. The object-oriented C++ allows clearer code than C, but it brings overhead. More importantly, memory errors can be programmed in C++ just as fatally as in C, albeit more elegantly.
Others point out that Rust allows insecure code. That’s right. unsafe-Blocks and raw pointers that null exist, among other things, to enable interaction with C. The big difference to other programming languages, however, is that Rust is secure by default and bypassing the defaults requires explicit information in the code.
And yes, learning the concepts of Rust means a certain amount of extra work. But almost every compiler error that is annoying at first is a later prevented runtime error. In the long run, error messages during development hurt significantly less than bugs during operation.
In the Rust community it is said that the use is currently taking place in the background, especially in closed source projects. A large game manufacturer relies on Rust, but not for the game engine, but for the internal backend. Many companies are currently at the starting line waiting for someone else to take the first step.
Maybe these companies will hear the go-ahead as soon as the first step of integration into the Linux kernel comes. Companies should start preparing now, because a team that wants to write productive code next year has to start training today.
