* Peter Zijlstra <peterz@xxxxxxxxxxxxx> wrote: > On Tue, Apr 30, 2019 at 07:03:37AM +0200, Ingo Molnar wrote: > > So the question IMHO isn't whether it's "valid C", because we already > > have the Linux kernel's own C syntax variant and are enforcing it with > > varying degrees of success. > > I'm not getting into the whole 'safe' fight here; but you're under > selling things. We don't have a C syntax, we have a full blown C > lanugeage variant. > > The 'Kernel C' that we write is very much not 'ANSI/ISO C' anymore in a > fair number of places. And if I can get my way, we'll only diverge > further from the standard. Yeah, but I think it would be fair to say that random style variations aside, in the kernel we still allow about 95%+ of 'sensible C'. > And this is quite separate from us using every GCC extention under the > sun; which of course also doesn't help. It mostly has to do with us > treating C as a portable assembler and the C people not wanting to > commit to sensible things because they think C is a high-level > language. Indeed, and also because there's arguably somewhat of a "if the spec allows it then performance first, common-sense semantics second" mindset. Which is an understandable social dynamic, as compiler developers tend to distinguish themselves via the optimizations they've authored. Anyway, the main point I tried to make is that I think we'd still be able to allow 95%+ of "sensible C" even if executed in a "safe runtime", and we'd still be able to build and run without such strong runtime type enforcement, i.e. get kernel code close to what we have today, minus a handful of optimizations and data structures. (But the performance costs even in that case are nonzero - I'm not sugarcoating it.) ( Plus even that isn't a fully secure solution with deterministic outcomes, due to parallelism and data races. ) Thanks, Ingo
