Ask HN: Memory-safe low level languages?

61 点作者 hyperbrainer20 天前

I am looking for memory-safe languages that can be used for systems/graphics programming. I love Rust, but it often feels like too massive a language with too much stuff going on. Is there a language like C, which is simpler (obviously without all the UB and other problems)?This is an especially hard ask, given how useful the FP-like features of Rust are, and I find it almost impossible to live without them. Basically, I am looking for a middle ground between C/Zig and Rust.One such language I have found is Austral[0]. What other such languages are there?[0] https://austral-lang.org/

34 条评论

khaledh19 天前

Check out Nim. I'm using it to build an x86-64 kernel¹ (Fusion OS), and it satisfies a lot of the low-level system programming requirements with an elegant and expressive syntax. For memory management you can choose between ARC/ORC and/or manual. It has two downsides though: small community, and the BDFL can sometimes be rough to interact with.¹<a href="https://0xc0ffee.netlify.app/osdev" rel="nofollow">https://0xc0ffee.netlify.app/osdev</a>I, too, have been looking for a unicorn systems programming language, but it doesn't exit yet. Here's what I looked at so far (only languages that don't rely on a GC):- C: lots of UB, less safe (memory- and type-wise)- C++: too complex, not a big fan of OO- Rust: too complex, gets in the way when writing mostly unsafe kernel code- Zig: Good, but syntax is too noisy; lacks interfaces/dynamic dispatch- Swift: Doesn't have a good bare metal story- D: Seems interesting, I may be looking at it (although need to use betterC mode, i.e. not all language features)- Odin: Game programming focused, small but growing community- Ada: Strong candidate, but it has too much ceremony- Pony: I like the capabilities model, but tiny community- Hare: Also tiny community, lacks polymorphism- Hylo (Val): Experimental (mutable value semantics), too immature- Vale: Experimental (regional memory management), seems stalled- V: Good candidate, but mixed reviews on its claims vs. reality- Austral: Experimental (linear types), tiny community, not much progress- Jakt: Built for Serenity OS, not sure if it's getting enough attention- Jai: Focused on game programming, good reviews, but currently closed source (beta)- Mojo: (Python-like) Seems very interesting and I'd give it a try, but too focused on GPU/parallel programming; also too early for adoption

评论 #43867442 未加载

codr720 天前

There have several attempts at cleaning up C without giving up too much of its simplicity; from what I can see, Zig is the only one even close to reaching critical mass.A programming language is always going to make some kind of compromise; better at some things, worse at others.Simplicity/power and safety pull the design in different directions.

评论 #43828895 未加载

评论 #43819980 未加载

评论 #43811662 未加载

tiffanyh20 天前

SPARK (Ada) is about as memory-safe as it gets.<a href="https://github.com/AdaCore/spark2014">https://github.com/AdaCore/spark2014</a>

评论 #43811998 未加载

shakna20 天前

V [0] aims for something along those lines, but I've had a few issues with the safety aspects of the language. Breaking through the checker isn't that difficult.I absolutely adore Ada [1], but the Pascal-syntax isn't for everyone.I haven't used it yet, but have been hearing rumblings about Odin [2] a fair bit in these kinds of discussions. I tend to avoid too many symbol-heavy langs, but it's probably still less than Rust (I use a screenreader half the time).[0] <a href="https://vlang.io/" rel="nofollow">https://vlang.io/</a>[1] <a href="https://ada-lang.io/" rel="nofollow">https://ada-lang.io/</a>[2] <a href="https://odin-lang.org/" rel="nofollow">https://odin-lang.org/</a>

评论 #43815148 未加载

评论 #43811844 未加载

评论 #43811920 未加载

评论 #43821856 未加载

评论 #43811802 未加载

andrewflnr20 天前

F-star, which was used to build a verified TLS implementation. <a href="https://fstar-lang.org/" rel="nofollow">https://fstar-lang.org/</a> Though I guess that's actually on the far side of Rust relative to what you're looking for.

评论 #43811949 未加载

thih920 天前

(link from the description, clickable)<a href="https://austral-lang.org/" rel="nofollow">https://austral-lang.org/</a>> Austral is a new systems programming language. It uses linear types to provide memory safety and capability-secure code, and is designed to be simple enough to be understood by a single person, with a focus on readability, maintainbility, and modularity.

评论 #43816550 未加载

efficax20 天前

<a href="https://dlang.org/articles/safed.html" rel="nofollow">https://dlang.org/articles/safed.html</a> check out the safed subset of the D language

评论 #43812045 未加载

评论 #43811985 未加载

sn919 天前

You might try OCaml [0] or SML [1] if you want speed, memory safety, and an expressive type system.[0] <a href="https://ocaml.github.io/ocamlunix/index.html" rel="nofollow">https://ocaml.github.io/ocamlunix/index.html</a>[1] <a href="https://matt.might.net/articles/best-programming-languages/#ml" rel="nofollow">https://matt.might.net/articles/best-programming-languages/#...</a>

modeless19 天前

C can be memory safe now! <a href="https://github.com/pizlonator/llvm-project-deluge">https://github.com/pizlonator/llvm-project-deluge</a>Yes, this is a real project that really works. It can compile real and widely used software written in C including SQLite, OpenSSL, and CPython, giving them true memory safety without escape hatches.

评论 #43824989 未加载

jedimastert19 天前

Side question and possibly off topic, but is there a formal definition to the term "memory safe"? It seems to mean different things to different people and I'm unsure if I'm just out of the loop and there is an actual definition.

评论 #43816382 未加载

fpoling19 天前

Vale is interesting, <a href="https://vale.dev/" rel="nofollow">https://vale.dev/</a>For memory safety compared with Rust it does not use a borrow checker for the price of more checks and extra memory usage at runtime while avoiding GC or even reference counting.I think this is very interesting trade off. Plus there are plans to implement few interesting ideas that even Rust type system cannot implement while keeping the language simple.

gwbas1c11 天前

> I am looking for memory-safe languages that can be used for systems/graphics programming.C# was kinda-sorta for this; as long as you're targeting an environment where GC is acceptable. (IE, as long as you're running in user-mode, as opposed to writing a kernel or a driver.)It does allow for C-style pointers, which might be useful if you need to call a lower-level system API. (Unfortunately, you can't just suck in a header file.)One thing you might miss is how errors, in Rust, are 0-cost. C# encourages exceptions over error codes, and throwing an exception has a much higher overhead than panic, because it captures a stack trace and allocates an object. (I must admit that I like Rust's error handling over C# because it differentiates cleanly "anticipated" errors versus exceptional situations.)

oconnor66319 天前

Can you give some examples of Rust features that you don't need? Unfortunately a lot of common answers (the borrow checker, traits, move semantics) are things that are fundamental to the safety story. I guess one thing you could definitely subtract is async (Rust shipped without it after all).

评论 #43823618 未加载

pjmlp20 天前

GCC nowadays offers Modula-2, Ada and D in the box.Then you have FreePascal, as FOSS ObjectPascal dialect.On Apple's turf, Swift naturally, given its bindings for all Metal anything frameworks.

评论 #43816235 未加载

carterschonwald20 天前

So one kinda cool direction is what they do for the sel4 prject. They have a sequence of high to low level impls and prove correctness wrt spec of the high level etc and prove that each lowering is an implementation of a refinement of the higher level implementation

mparis19 天前

I also love rust and we use it heavily at our startup, but I agree with you and wish there were a mainstream alternative that kept much of the type system, pervasive expressions, and pattern matching while being smaller. I’d accept “very fast” even if it’s not as fast as rust.One project I’ve seen that I don’t think is particularly active but that I really like the ideas behind is borgo. It compiles to go (thus GC) but is decidedly more rustacean.Check it out. I hope someone makes something like this wide spread.<a href="https://borgo-lang.github.io/" rel="nofollow">https://borgo-lang.github.io/</a>PS. I have no affiliation with borgo, just an online fan.

sargstuff19 天前

Very old school:ASP[0] was old way to do character animations for unix finger command .plan.Recall HN post using python to do the same (handled animation independent of serial terminal speed).Related HN post "John Carmack's .plan file" [3]hascii mation [1]; Use standard graphics techniques and run through [2] or .plan with unscii[4]"sheltered code" via mindcraft : <a href="https://youtu.be/7sNge0Ywz-M" rel="nofollow">https://youtu.be/7sNge0Ywz-M</a>------ascii animation tutorial : <a href="https://www.youtube.com/watch?v=o5v-NS9o4yc" rel="nofollow">https://www.youtube.com/watch?v=o5v-NS9o4yc</a>[0] :Ah, ASP link has been merged with /dev/null. :(<pre><code> ASP and related things for animated .plan : https://superuser.com/questions/253308/scrolling-plan-file </code></pre> [1] : <a href="https://github.com/octobanana/asciimation">https://github.com/octobanana/asciimation</a>[2] : <a href="https://www.geeksforgeeks.org/converting-image-ascii-image-python/" rel="nofollow">https://www.geeksforgeeks.org/converting-image-ascii-image-p...</a>[3] : "John Carmack's .plan file" : <a href="https://news.ycombinator.com/item?id=3367230\">https://news.ycombinator.com/item?id=3367230\</a>[4] : unscii : <a href="http://viznut.fi/unscii/" rel="nofollow">http://viznut.fi/unscii/</a>

noam_k20 天前

You may want to look at Lua[0]. It's often used as an embedded scripting language in larger projects (and games), has good performance, is memory safe, and is extensible in the same manner as Python (write your performance bottleneck in C/C++).I don't remember specifics, but there are some odd footguns to look out for.[0] <a href="https://www.lua.org/" rel="nofollow">https://www.lua.org/</a>

tiu20 天前

See <a href="https://wiki.alopex.li/SurveyOfSystemLanguages2024" rel="nofollow">https://wiki.alopex.li/SurveyOfSystemLanguages2024</a>and the related discussion <a href="https://lobste.rs/s/c3dbkh" rel="nofollow">https://lobste.rs/s/c3dbkh</a>Serious total MSLs that have a defined memory model to allow "low level" operations seem to be scarce if not any. Hence I do not think there is any single one that comes between C/Zig and Rust.I would have said <a href="https://www.hylo-lang.org/" rel="nofollow">https://www.hylo-lang.org/</a> but, personal opinion, seems like there is too much going on as well. See also <a href="https://vale.dev/" rel="nofollow">https://vale.dev/</a>P.S Mind mentioning what FP-like features are in Rust? (Genuinely have not looked into Rust that much but I am interested).

pron20 天前

If you love Rust -- use Rust. Trying to find a language that's just right for you risks it being just that: right for you and few others.Just remember that even if writing memory-safe programs is your goal, using a memory-safe language is just a means to that goal, and even Rust isn't really memory-safe. Many Rust programs try to achieve memory safety while using a non-memory-safe language (be it C or unsafe Rust), and there's an entire spectrum of combining language features that offer sound guarantees with careful analysis and testing of unsafe code to achieve a safe program. On that spectrum, Zig is much closer to Rust than to C, even though it offers fewer guarantees than Rust (but more than C).

评论 #43811896 未加载

评论 #43816676 未加载

评论 #43817481 未加载

评论 #43812215 未加载

SloopJon20 天前

Personally, I don't know what you mean about Rust being too massive. One thing I am wary of is using a truly massive language like C++ on a multi-programmer project without consensus on which features to use and how to use them. Maybe you have in mind something like that?If you want the simplicity of C with more safety, maybe tooling like Frama-C, a MISRA C conformance checker, or just aggressive use of static and dynamic analysis tools like ASAN and UBSAN. You can also disable certain optimizations (e.g., strict aliasing) to steer away from some of the major pitfalls of UB.

hardwaregeek20 天前

If performance is not ultra critical, I'd use Go. It's simple and a small-ish language. Otherwise there's not many options. Not to belittle your question, because it's a good one, but it's a little like asking if there's a simpler aircraft. There can be, but there's a certain amount of required machinery to keep it in the air. Rust's memory safety rules are as simple as we can get it for now. Maybe in a few years it'll be different!

SkiFire1320 天前

Have you considered trying one of the older Rust versions (e.g. 1.0.0 or a bit after that) without all the new shiny features?

markus_zhang19 天前

What I dream about is a C with less UB, range based loops, array slicing (supporting negative slicing too), safer and easier string functions (because my pet project is a compiler so gotta write a scanner), pattern matching switch, and maybe a few other stuffs.Oh maybe less preprocessing black magics :/

评论 #43819724 未加载

musicale18 天前

C is improving a bit with things like -fbounds-safety<a href="https://clang.llvm.org/docs/BoundsSafety.html" rel="nofollow">https://clang.llvm.org/docs/BoundsSafety.html</a>

lproven19 天前

Pascal (e.g. FreePascal).Modula-2 (e.g. GCC).Oberon (e.g. Oberon, Oberon 2, Oberon-07, Oberon+.)

gus_massa20 天前

Have you tried "modern" Fortran? I've seen horrible "old" Fortran programs, but once you add modules it get's much better.

评论 #43813913 未加载

cyrc19 天前

<a href="https://cyclone.thelanguage.org/" rel="nofollow">https://cyclone.thelanguage.org/</a>How about Cyclone?

评论 #43819303 未加载

qwke20 天前

<a href="https://gleam.run/" rel="nofollow">https://gleam.run/</a>

foota20 天前

It's not really recommended for us, but maybe Carbon?

MelodyUwU20 天前

i was actually looking for an answer to a similiar question, so this thread is very much useful! as of now, i looked somewhat at odin

farseer18 天前

Use a subset of C++, STL maybe Boost and avoid raw pointers. You will avoid most memory related problems.

p_ing20 天前

C# has been used as the primary language in various hobby/research kernels.

评论 #43811745 未加载

frizlab20 天前

Swift can now be used on embedded platforms