On Wed, Apr 14, 2021 at 9:45 PM Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx> wrote: > > With the main point of Rust being safety, there is no way I will ever > accept "panic dynamically" (whether due to out-of-memory or due to > anything else - I also reacted to the "floating point use causes > dynamic panics") as a feature in the Rust model. Agreed on all your points. As I mentioned in the other message (we crossed emails), we have a lot of work to do regarding `alloc` and slicing `core` for things that are not needed for the kernel (floating-point, etc.). We haven't done it just yet because it is not a trivial amount of work and we wanted to have some overall sentiment from you and the community overall before tackling everything. But it is doable and there isn't any fundamental reason that prevents it (in fact, the language supports no-allocation code). Worst case, we may need to request a few bits here and there to the `rustc` and standard library teams, but that should be about it. In summary, to be clear: - On allocation: this is just our usage of `alloc` in order to speed development up -- it will be replaced (or customized, we have to decide how we will approach it) with our own allocation and data structures. - On floating-point, 128-bit, etc.: the main issue is that the `core` library is a single big blob at the moment. I have already mentioned this to some Rust team folks. We will need a way to "cut" some things out, for instance with the "feature flags" they already have for other crates (or they can split `core` in to several, like `alloc` is for similar reasons). Or we could do it on our side somehow, but I prefer to avoid that (we cannot easily customize `core` like we can with `alloc`, because it is tied to the compiler too tightly). Thanks a lot for having taken a look so quickly, by the way! Cheers, Miguel