Received: by 2002:a05:6a10:17d3:0:0:0:0 with SMTP id hz19csp459207pxb; Fri, 16 Apr 2021 09:37:00 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwHKkhDdsPZNjrzJBIxeFYmJDgWN+FPgOKO7ZjfHKeOY9jjEJ8uOg3hvaWBTCPSNfZRS6jt X-Received: by 2002:a17:906:4a90:: with SMTP id x16mr9233875eju.44.1618591020270; Fri, 16 Apr 2021 09:37:00 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1618591020; cv=none; d=google.com; s=arc-20160816; b=Ckb+14DxVkd6S+Nicvxdf8M9/xRcxBLIBVc/F3oE5u8Ezp4Byd6n4wmcgnX1TSE/Q5 +eHNSQnRcXz3KLsCyIjlGOboMEFgMreBW4VsqUYXwFkqaSaK6W3mPRq8qWmEe+BNBFGq qpJWaibfJmGFBlzp5LCvUT9Hji+7T99mzzBU3PEjl/6lQM3A9CiV6whRht7/s/KWGJNv 5ArlNc382uANmjslP4ieQkqZBEElxX8haInu171qUMWJqLZ09lQa2N//gUdDsHO7sZQo Kf417mC4ReLZOW3qGxs3tvDdWktLNtgWfGmsdqkKKDK2nL5QbPhWI5YlQpJigSDB1JLa gzZA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:user-agent:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date; bh=J1skMihghQDdrVza3lRh7UyVTkdP0uLORMpXUhyTAs8=; b=YJXqL8CSiQUpaNG3X9JXlQ38kLvjvfQZxpb8pyHJy6WcmqT/ca3ZvhwEigpyonaiHe SN/+KPvhmm0XKIdH8O2sdTNZjjsFA+XssVOJi6ihQUoVj0lDSdf7uzzXjC5gwwweQfCc yi7fyEZT/JPcvsnj+S89BnYJcW8Boge0OSZpMDqPYtNujmSk51o5gTAWCPLgjjF/tdOG j3fC6oWI7jRPLoGCpfKULKstfZRWIOW2FKNdV53AeMlsl8Eg+U/79Tj864u3K87ynntk 8HXYPnO8j+ccuGsJc6pA1ms0u0TcOy/mjnaWBFH+/1MIHh46kLnCj/m+0FEGhc6hBCCX saUQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id j22si5468621edq.584.2021.04.16.09.36.36; Fri, 16 Apr 2021 09:37:00 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S241555AbhDPQPc (ORCPT + 99 others); Fri, 16 Apr 2021 12:15:32 -0400 Received: from wtarreau.pck.nerim.net ([62.212.114.60]:51720 "EHLO 1wt.eu" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S240604AbhDPQPX (ORCPT ); Fri, 16 Apr 2021 12:15:23 -0400 Received: (from willy@localhost) by pcw.home.local (8.15.2/8.15.2/Submit) id 13GGEiXu010592; Fri, 16 Apr 2021 18:14:44 +0200 Date: Fri, 16 Apr 2021 18:14:44 +0200 From: Willy Tarreau To: Wedson Almeida Filho Cc: Peter Zijlstra , ojeda@kernel.org, Linus Torvalds , Greg Kroah-Hartman , rust-for-linux@vger.kernel.org, linux-kbuild@vger.kernel.org, linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH 00/13] [RFC] Rust support Message-ID: <20210416161444.GA10484@1wt.eu> References: <20210414184604.23473-1-ojeda@kernel.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.10.1 (2018-07-13) Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Apr 16, 2021 at 04:33:51PM +0100, Wedson Almeida Filho wrote: > On Fri, Apr 16, 2021 at 04:19:07PM +0200, Peter Zijlstra wrote: > > Does this also not prohibit constructs where modification must be done > > while holding two locks, but reading can be done while holding either > > lock? > > I don't believe it does. Remember that we have full control of the abstractions, > so we can (and will when the need arises) build an abstraction that provides the > functionality you describe. For the read path, we can have functions that return > a read-only guard (which is the gateway to the data in Rust) when locking either > of the locks, or when showing evidence that either lock is already locked (i.e., > by temporarily transferring ownership of another guard). But will this remain syntactically readable/writable by mere humans ? I mean, I keep extremely bad memories of having tried to write a loop oconcatenating at most N times a string to another one, where N was a number provided on the command line, with the compiler shouting at me all the time until I blindly copy-pasted random pieces of unreadable code from the net with a horribly complicated syntax that still resulted in the impossibility for me to check for memory allocation before failing. So I'm wondering how complicated that can become after adding all sort of artificial protections on top of this :-/ > Note that this is > another area where Rust offers advantages: read-only guards (in C, if you take a > read lock, nothing prevents you from making changes to fields you should only be > allowed to read); But I'm happily doing that when I know what I'm doing. What you call a read lock usually is in fact a shared lock as opposed to an exclusive lock (generally used for writes). For me it's perfectly valid to perform atomic writes under a read lock instead of forcing everyone to wait by taking a write lock. You may for example take a read lock on a structure to make sure that a field you're accessing in it points to stable memory that is only modified under the write lock, but the pointer itself is atomically accessed and swapped under the read lock. > In fact, this is also an advantage of Rust. It would *force* developers to > lock/unlock the RCU lock before they can access the protected data. I'm really afraid by languages which force developers to do this or that. Many bugs in C come from casts because developers know their use case better than the compiler's developers, and result in lack of warnings when the code evolves, leaving pending bugs behind. What is important in my opinion is to let developers express what they want and report suspicious constructs, not to force them to dirtily work around rules that conflict with their use case :-/ Willy