|
Top-level
 Rust doesn't have it all figured out yet, either. The standard library types like `Vec` will, by default, abort on memory allocation failure, which is obviously not acceptable in a kernel. Many of them can report an error in that situation instead, but then you are holding a large-caliber footgun: you have to make sure to never ever call any of the methods that might abort. The compiler will *not* warn you if you, or a library you call, does so. 3 comments
 @argv_minus_one @raulinbonn The Linux kernel uses no_std. Until recently there was an internal fork of the alloc crate with those fallible constructors outright gated off. Now things are switching to custom allocators where the Box types (there are several to allow for different allocators in the kernel) are outright always fallible with the standard constructors. https://lore.kernel.org/lkml/20240816001216.26575-9-dakr@kernel.org/T/ |
Gregory's Server
@argv_minus_one @raulinbonn This is solved in kernel code by disallowing those methods that abort. That was decided early on. The approach has changed a few times but fallible allocation was pretty much always banned.