[Mesa-dev] Rust drivers in Mesa

timur.kristof at gmail.com timur.kristof at gmail.com
Fri Oct 2 22:51:37 UTC 2020

On Fri, 2020-10-02 at 12:53 -0500, Jason Ekstrand wrote:
> On Fri, Oct 2, 2020 at 11:34 AM Eric Anholt <eric at anholt.net> wrote:
> > On Thu, Oct 1, 2020 at 6:36 PM Alyssa Rosenzweig
> > <alyssa.rosenzweig at collabora.com> wrote:
> > > Hi all,
> > > 
> > > Recently I've been thinking about the potential for the Rust
> > > programming
> > > language in Mesa. Rust bills itself a safe system programming
> > > language
> > > with comparable performance to C [0], which is a naturally fit
> > > for
> > > graphics driver development.
> > > 
> [...]
> That said, I really do like Rust as a language.  I'm not sure I'd go
> quite as far as Anholt but I feel like it has everything I like about
> C++ without most of what I dislike.  I'm not sure how we would do
> things like ANV's GenXML multi-compile magic but I'm sure we could
> figure out a way.  I'd love to see someone build something in Rust
> and
> figure out some best practices.
> --Jason

The good thing about C++ is that you can pick a subset of features that
you like, and stick to them. Then you'll never have to deal with other
the stuff if you don't want to. There exists a subset of the language
which helps get rid of most memory management issues.

I would also argue that there exist a bunch of tools that can help make
C/C++ code stay safe, for example our collegaue Tony has recently
addressed some findings by an undefined behaviour sanitizer. There are
also free and open source static analyzers.

I like the idea of Rust, especially their intention to focus on safety,
but honestly, I don't like how they realized it.

The Rust syntax is slightly annoying. They departed from C/C++ enough
to make Rust look different, but then they got lazy and for some reason
they chose to keep the most annoying parts from C/C++ like curly braces
and semicolons, so even if we switch to Rust we can still enjoy
debating important topics like where to put curly braces, how many
spaces or tabs are best, and so on.

My main concern is that memory is just one of many resources that we
need to use safely, but it's the only one that Rust concerns itself
with. Memory safety can give you a false sense of security. It's
possible to write insecure apps that are perfectly memory safe.

That said, I think it's perfectly okay to give it a try, write a
backend compiler in Rust and see what happens. However, I don't think
it is feasible or desireable to rewrite complicated parts from C/C++ to
Rust. I think Daniel Steinberg's thoughts apply:

Best regards,

More information about the mesa-dev mailing list