Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Open Source Linux

Linus Torvalds Prepares to Move the Linux Kernel to Modern C (zdnet.com) 114

"We all know Linux is written in C," writes ZDNet. "What you may not know is that it's written in a long-outdated C dialect: The 1989 version of the C language standard, C89."

But that's about to change, explains long-time Slashdot reader UnknowingFool: Linus Torvalds has decided that Linux will move to the C11 standard starting with kernel 5.18.... Linux had planned to move to a newer standard eventually with C99 being the next version. However a recent patch to a security problem revealed that there could be problems with C99.

In order to patch a potential security problem with Linux's linked-list primitive speculative-execution functions, it was found that C99 would require the iterator must be declared outside the loop which would expose it to another security problem. Since C99 was not very popular, it was agreed to skip it and use C11. Backwards compatibility with most compilers like gcc should allow for an easily transition of most of the code.

ZDNet adds that "This isn't as big a transition as it may seem. C89 still has almost universal support. Because any C compiler is backward compatible with earlier versions, you won't have any trouble compiling or running a C89 program. So, a C11 compliant compiler won't have any trouble with any C89 legacy code."
This discussion has been archived. No new comments can be posted.

Linus Torvalds Prepares to Move the Linux Kernel to Modern C

Comments Filter:
  • by Krishnoid ( 984597 ) on Sunday February 27, 2022 @10:47AM (#62308733) Journal
    I'm guessing existing code will stay as-is, but new code can use C1911 features, and compiles will require a C1911-compliant and C1989-backward compatible compiler? Probably gcc's C compiler but maybe Intel's compiler would also work if they still make one.
    • That kind of typo, between C11 and C99, is precisely why such updates need to be done cautiously and with rigorous testing. A few typos like that, lost among thousands of lines of changes of things like indenting structures or subtle syntax shifts, are easily missed.

    • I'm guessing existing code will stay as-is

      I normally use C11 and I've never had to make changes to legacy code. Sometimes there are slight adjustments to the headers, so that new and old work together.

  • by phantomfive ( 622387 ) on Sunday February 27, 2022 @10:49AM (#62308737) Journal

    It hasn't been a huge problem because the Linux kernel uses the GCC variant of C89, which has many of the advantages of C99 and C11 already. So there wasn't any serious reason to upgrade before.

  • So Modern means that you move away from a 33-year-old standard, consider and reject a 23-year-old standard, then settle on an 11-year-old standard.

    • In another couple of decades we might be able to use C++. Who Knows?

      • Not in the core kernel they wont. The C++ memory model relies heavily on the heap which is often unavailable in the kernel so new, delete, copy constructor assembler etc would need to be different for kernel code. Also implicit memory allocation and function calling in the kernel is a no no so out goes the STL. Also C++ name mangling makes its use in dynamic libraries awkward as anyone who has had to write one knows since it needs a C wrapper.

        • The C++ memory model relies heavily

          It does not.

          on the heap which is often unavailable in the kernel so new, delete, copy constructor assembler etc would need to be different for kernel code.

          To a first approximation new and delete are the C++ analogues of malloc and free, and as such C++ relies on the heap as much as C does in that context. C++ runs just fine on an ATtiny with positively bytes of RAM and no heap.

          Also implicit memory allocation

          C++ doesn't have "implicit memory allocation" any more than C do

          • So C++ doesnt do hidden object creation and hence memory allocation during copies then? Really?

            As for extern C, good luck using that with overloaded functions or duplicate functions in different namespace.

            • It's not required to.

              C++ can do anything that C can, just as efficiently. It can also do a whole lot more.

              • by Viol8 ( 599362 )

                Congrats on not understanding the differences between kernel and application development.

            • So C++ doesnt do hidden object creation and hence memory allocation during copies then?

              No.

              Really?

              Yes, really. The reason is that C++ is not C.

              In C if you saw the code:


              struct funky_type a, b;

              // ...
              assign_funky_type(&a, &b);

              you wouldn't complain about "hidden object creation and hence memory allocation". Well the way you write that in C++ is:

              funky_type a, b;

              // ...
              a=b;

              In C++, = means a call to a function called operator=. It is no more hidden than calling a C funct

          • C++ vector has some implicit allocation if the vector grows in size.

            • Sure, but it has a function called "reserve()" and a second parameter so that you can supply your own memory allocator if you want to.

              You want to use alloca() with std::vector? Not a problem.

              https://stackoverflow.com/ques... [stackoverflow.com]

            • C++ vector has some implicit allocation if the vector grows in size.

              That's utter bullshit while being at a very pedantic level correct.

              The claim is that C++ has "implicit" allocation, as compared to C. This is manifestly not the case. If you call a function in either language, it may allocate memory inside the function. C++ is no different from C in this regard. The one difference is that C++ has a number of syntactic elements for calling functions that C lacks.

              A function allocating memory is not the same a

        • Embedded-C++ maybe. It's a different language. Ie, if you aren't allowed to have exceptions at all then you're stuck unable to be C++ standard compliant.

          • It's still far better than C.

          • by Megane ( 129182 )

            "Embedded C++" was defined as a subset of C++ simply because compiler companies in the '90s were having trouble getting templates and exceptions to work. Once that crisis was over, it went away. The thing is, it happens to be a perfectly valid subset of C++ that is in fact useful for low-memory embedded programming. By avoiding templates (which literally compiles a fresh variant of each function for every combination of types it is invoked with, hello bloat), you end up closer to the old "C with classes" co

            • Using "new" generally requires an exception. Ie, "new" either succeeds, or it throws an exception, it cannot return a null pointer like earlier versions of C++ did. Though you can work around this by having a pool of constructed objects instead of a pool of memory, and you can use malloc if you need to and then construct the object into that, but after awhile it's just tedious and the templates get more and more complex as you pass in allocators and the like.

              So you can do all this stuff in C++, it's must mo

        • by Megane ( 129182 )

          The C++ memory model relies heavily on the heap

          Sure, the STL does, but there is nothing inherent about C++ the language (other than the default new/delete) that requires the heap, not even templates. "But muh copy constructors!" If you're not using heap objects, those never use the heap, just like avoiding malloc/free in regular C. In (low-memory) embedded programming, you simply don't want to be using a heap. And yes, iostreams goes out the window along with the STL.

          It's also possible to override what new does. I did something once where it was a cont

      • Not really. C++ is a different beast which is why C in used in kernel programming and embedded systems. Rust is more favored than C++ as a replacement for C.
      • by gweihir ( 88907 )

        Nope. C++ is unfit for a kernel.

        • by Megane ( 129182 )
          It wouldn't be a bad idea except for some of the deep dark nasal demons lurking in C++, like the fragile base class [wikipedia.org] problem. (Not that the kernel doesn't have its own equivalent to make non-GPL drivers practically impossible.) Well, that and the tendency of C++ programmers to use every bloaty language feature they can just because it's there.
          • by gweihir ( 88907 )

            Not only. To begin with, OO in a kernel is a pretty bad idea unless you do not mind losing lots and lots of performance. But the second problem is that C++ does OO really badly. Sure, it is possible to do it even worse (Java, e.g.).

    • So Modern means that you move away from a 33-year-old standard, consider and reject a 23-year-old standard, then settle on an 11-year-old standard.

      Considering that the Newest standrad is C17, and how conservative the Kernel Peple are, I guess is a sane choice.

      You may think that C17 is 6 years more modern, but the Kernel guys may see i as C11 having 6 more years of testing, and modern features too boot.

      • Remember Linux can be used on very old and varied computer systems, not just PCs. Some older hardware may not support it as their C compilers may not support C17. While gcc generally supports C17, I am not sure if it supports it for all hardware.
        • Remember Linux can be used on very old and varied computer systems, not just PCs. Some older hardware may not support it as their C compilers may not support C17. While gcc generally supports C17, I am not sure if it supports it for all hardware.

          A while ago there was a microarchitecture purge on the linux kernel. That took care of the more obscure systems.

          As for the old systems, I doubt those can run a 5.16 kernel, no matter if it is compiled on C89.

          So, going forward, I guess it does not matter much.

          I guess/hope going to C11 is a stopgap meassure to go to C17, and latter on, to C2x

          • The purge of architectures were those that no one uses like Itanium, not ones that are just old. For example, IBM Power mainframes can run Linux. But again Linux runs on everything from tiny embedded systems to room filling super computers. Not all architectures have compilers that support C17.
            • In my experience, die hard C programmers refuse to use any language that can't compile on the PDP-11. At least, that is the main thing they hate about Rust. That, and they abhor strings that aren't null terminated, because they believe strings should be free to extend to the end of the universe if they want to, and adding a length value wastes precious memory.

        • by Megane ( 129182 )
          I've had code that I was requested to leave as C (the code could have been much cleaner if re-written using method calls) because people were successfully using it on, shall we say, "antique" architectures. And I understood, because I'm quite into retro-computing, though I was a bit surprised.
      • C17 adds a lot of stuff, though. Most of the difference between C99 and C11 is the new types, and a few naughty things being clarified as undefined.

        In my applications I use C11. As do most people who aren't using IDE defaults.

        It isn't just kernel people, C in general there is the attitude, if you don't need it, don't use it.

        • C17 added nothing no new language features, it was just a bug fix of the C11 spec. C11 was the one that added lots of stuff.
      • More modern is not the same thing as better.

      • by narcc ( 412956 )

        Conservatism actually makes sense when it comes to programming. If you're following fads, you're going to leave a maintenance nightmare behind you. Technologies with a long history and multiple implementations are much more likely to stick around than the current flavor-of-the-month. Languages with just a single implementation should terrify you.

        Sticking with C89 makes a lot of sense. I hoping that they keep their use of C11 features to a minimum.

  • Why not HolyC?
  • Itâ(TM)s a wonder more people per day arenâ(TM)t being shanked.
    • Your comment reminded me of how I’ve felt whenever I tried to read a PD James mystery. In her stories, for me the mystery wasn’t that someone got murdered - it was how more of the obnoxious, thoroughly unpleasant characters avoided getting murdered themselves.

  • ... it was found that C99 would require the iterator must be declared outside the loop which would expose it to another security problem.

    Things that end in 99 often have problems [wikipedia.org]. Using C99 would might cause the loop to explode and break away from the code ... probably taking the iterator with it.

  • I found this discussion on StackOverflow helpful to understand this issue and the working of C compilers better.
    Declaring variables inside loops, good practice or bad practice? [stackoverflow.com]

    • Can someone explain the rest of it though? The first post in the thread [lwn.net] explains it to someone who already understands it anyway, but the nature of the problem being addressed is pretty opaque for anyone else.
      • Answering my own question: It's related to Spectre/Meltdown-style attacks.
      • by Megane ( 129182 )

        For me, the basic reason is that it's safer in terms of keeping things in as small of a scope as possible, to prevent accidentally reusing them in bad ways, thus better for maintenance and safety.

        Technically, it just adds an update of the stack frame pointer each time you enter the new scope. Looking at the thread, I see there are times when you really don't want to declare something inside the loop, such as object variables. Creating an object variable each time through the loop could have much constructi

        • I have no idea where you got the Spectre/Meltdown thing,

          From reading the lwn post I linked to.

          and you didn't even mention which way would be better.

          Definitely with lubricant.

          • by Megane ( 129182 )
            I was actually looking at the SO link, but looking now at the LWN article, I still can't find either of them mentioned. Are you sure you understand what Meltdown is? I still can't see how it relates to anything in either link.
    • by Megane ( 129182 )

      The issue is mentioned in that thread, but as it's not the subject of the thread, it's not obvious what you were referring to. Apparently "for (int i=0; ...) {...}" might declare i in the scope outside the for() loop, so you can't do it twice.

      Apparently C99 can put i in the outside scope. I've always thought I was being C99 compliant when doing that, so probably it's only enforced in "strict" compliance mode, because it's stupid. This means a C99 compiler is allowed (if not required) to put i in the outsid

  • the question I have is, why not C17?

  • in case it said Cobol.

As you will see, I told them, in no uncertain terms, to see Figure one. -- Dave "First Strike" Pare

Working...