On Fri, Mar 07, 2008 at 03:06:26PM +0100, Die Gestalt wrote: > Sorry my answer was perhaps a bit aggressive. I tend to get a bit... > unsettled as I hear very often "C++ is crap and a nonsense in the > kernel" from people who never seriously studied the language.
I have studied it and used it on many projects. I never got used to dealing with its inherent flaws. It is a language that always has a surprise. Kind of like a diaper with poo in it. > > I wrote several drivers in Windows NT using C++/STL/Boost and they had > excellent performances and reliability. > > The first driver was a test driver to read whatever memory you want > on your system, ie, you give a process and a virtual address, and the > driver will copy the memory (if the address if valid) bypassing all OS > protection. > > The other driver was a mini-file system to demonstrate the benefits of > the STL in terms of concision, performance, security and reliability. > There is no possible buffer overflow in the code. Granted, buffer > overflows are not the only security issue that exists. If it doesn't have buffer overflows it means you did a good job writing your code. C++ doesn't get any cookies. Are you sure that all the garbage you linked against also doesn't have any buffer overflows? > > I also modified an existing cryptographic filter driver to use > std::vector and it worked flawlessly (no performance change). I have > not pushed the changes further as I lacked time to validate the > non-regression. 0 * 1000 is still 0. > > My personal experience with smart pointers in kernel mode is also good > as it saves the stack and prevents unneeded allocation. However it > breaks when you need to give the pointer to a callback (you need to > manually add a reference or do something of the like). What you really are saying is that magic happens behind the scenes. If you are ok with trusting the compiler to do all that stuff right then I guess that would be a good thing. Considering the quality of gcc I'll just chuckle at the idea. > > The main advantage of C++ in kernel mode is the increased verification > by the compiler. In using intensively templates, type traits, static > assertions and lambda functions you can have a certain degree of > static code verification. You also have a very high reusability. I call malarkey on all this. I have to this day see C++ re-use. Honestly the only useful application I have ever seen for C++ is to encapsulate windows calls. Borland did an amazing job with RTL. I would never ever even dare to think about using any of that stuff in kernel code though. The other things you mentioned are straight from the marketing play-book. They sound good but really have no value add. > > I have not done C++ drivers in BSD for the moment. I wrote two FreeBSD > drivers in my whole life so I have less experience with the whole > "chain". > > If I had to start a new OS, I think I would write the micro-kernel in > C++ (and assembly where needed). Give a powerful template API to talk > to this micro-kernel. Then there would be a higher level part written > in a lisp-like language for all the formal verifications. This part > would not necessarily run in kernel-mode (benchmarks would tell). This > is just a complete improvisation as I never actually gave it some > serious thoughts, again, time is missing. ;) > > -- > > Die Gestalt > > > On Fri, Mar 7, 2008 at 2:22 PM, Otto Moerbeek <[EMAIL PROTECTED]> wrote: > > On Fri, Mar 07, 2008 at 01:16:16PM +0100, Die Gestalt wrote: > > > > > > > I don't think it is relevant or even polite to question one's > > > abilities when discussing technical matters. > > > > > > If you have a point to make, please proceed. > > > > You state an opinion without backing it up by referring to either > > existing projects or by personal experience. > > > > I do not know any succesful project using "template style C++" and > > functional languges for OS development, so I'm asking if you have any > > experience using these for OS develpment. > > > > -Otto > > > > > > > > > > > Have you ever been involved in OS design and implementation? And I do > > > > not mean academic exercises, but a real world project producing actual > > > > working stuff. > > > > > > > > -Otto
