SlideShare une entreprise Scribd logo

Is it time to rewrite the operating system in Rust?

B
bcantrill

Talk given at QConSF in 2018. Video to come.

Logiciels
1  sur  23
Télécharger pour lire hors ligne
Is it time to rewrite the operating system in Rust? CTO bryan@joyent.com Bryan Cantrill @bcantrill
Spoiler alert
What even is the operating system? • The operating system is harder to define than it might seem… • For every definition, it can be easy to come up with exceptions • At minimum: the operating system is the program that abstracts hardware to allow execution of other programs • The operating system defines the liveness of the machine: without it, no program can run • The operating system software that runs with the highest level of architectural privilege is the operating system kernel • …but the kernel is not the entire operating system!
Operating system implementation history • Historically, operating systems — née “executives” — were written entirely in assembly • Starting with the Burroughs B5000 MCP in 1961, operating systems started to be written in higher level languages… • In 1964, when Project MAC at MIT sought to build a successor to their Compatible Timesharing System (CTSS), they selected the language (PL/I) before writing any code (!) • But PL/I had no functioning compiler — and wouldn’t until 1966
PL/I in Multics • The decision to use PL/I in Multics was seen by its creators as a great strength, even when reflecting back in 1971:
 
 
 
 
 
 
 • …but that the compiler was unavailable for so long (and when was available, performed poorly) was a nearly-fatal weakness Source: “Multics: The first seven years,” Corbato et al.
The birth of Unix • Bell Labs pulled out of the Multics project in 1969 • A researcher formerly on the Multics effort, Ken Thompson, implemented a new operating system for the PDP-7 • The system was later ported to the PDP-11/20, where it was named Unix — a play on “eunuchs” and a contrast to the top- down complexity of Multics • Unix was implemented entirely in assembly!
Unix and high-level languages • The interpreted language B (a BCPL derivative), was present in Unix, but only used for auxiliary functionality, e.g. the assembler and an early version of dc(1) • Some of the B that was in use in Unix was replaced with assembly for reasons of performance! • Dennis Ritchie and Thompson developed a B-inspired language focused on better abstracting the machine, naming it “C” • Perhaps contrary to myth, C and Unix were not born at the same instant — they are siblings, not twins!
The C revolution • C is rightfully called “portable assembly”: it is designed to closely match the abstraction of the machine itself • C features memory addressability at its core • Unlike PL/I, C grew as concrete needs arose • e.g., C organically adopted important facilities like macro processing through the C preprocessor • Standardization efforts came late and were contentious: C remains infamous for its undefined behaviors
Operating systems in the 1980s • As the minimal abstraction above the machine, C — despite its blemishes — proved to be an excellent fit for operating systems implementation • With few exceptions, operating systems — Unix or otherwise — were implemented in C throughout the 1980s • Other systems existed as research systems, but struggled to offer comparable performance to C-based systems
Operating systems in the 1990s • In the 1990s, object oriented programming came into vogue, with languages like C++ and Java • By the mid-1990s, C-based systems were thought to be relics • …but the systems putatively replacing them were rewrites — and suffered from rampant Second System Syndrome • They were infamously late (e.g. Apple’s Copland), infamously slow (e.g. Sun’s Spring), or both (Taligent’s Pink) • Java-based operating systems like Sun’s JavaOS fared no better; hard to interact with hardware without unsigned types!
Operating systems in the 2000s • With the arrival of Linux, Unix enjoyed a resurgence — and
 C-based operating systems became deeply entrenched • With only a few exceptions (e.g., Haiku), serious attempts at
 C++-based kernels withered • At the same time, non-Java/non-C++ languages blossomed: first Ruby, and then Python and JavaScript • These languages were focused on ease of development rather than performance — and there appears to be no serious effort to implement an operating system in any of these
Systems software in the 2010s • Systems programmers began pining for something different: the performance of C, but with more powerful constructs as enjoyed in other languages • High-performance JavaScript runtimes allowed for a surprising use in node.js — but otherwise left much to be desired • Bell Labs refugees at Google developed Go, which solves some problems, but with many idiosyncrasies • Go, JavaScript and others are garbage collected, making interacting with C either impossible or excruciatingly slow
Rust? • Rust is a systems software programming language designed around safety, parallelism, and speed • Rust has a novel system of ownership, whereby it can statically determine when a memory object is no longer in use • This allows for the power of a garbage-collected language, but with the performance of manual memory management • This is important because — unlike C — Rust is highly composable, allowing for more sophisticated (and higher performing!) primitives
Rust performance (my experience) Source: http://dtrace.org/blogs/bmc/2018/09/28/the-relative-performance-of-c-and-rust/
Rust: Beyond ownership • Rust has a number of other features that make it highly compelling for systems software implementation: • Algebraic types allow robust, concise error handling • Hygienic macros allow for safe syntax extensions • Foreign function interface allows for full-duplex integration with C without sacrificing performance • “unsafe” keyword allows for some safety guarantees to be surgically overruled (though with obvious peril) • Also: terrific community, thriving ecosystem, etc.
Operating systems in Rust? • If the history of operating systems implementation teaches us anything, it’s that runtime characteristics trump development challenges! • Structured languages (broadly) replaced assembly because they performed as well • Viz., every operating system retains some assembly for reasons of performance! • With its focus on performance and zero-cost abstractions, Rust does represent a real, new candidate programming language for operating systems implementation
Operating systems in Rust: A first attempt • First attempt at an operating system kernel in Rust seems to be Alex Light’s Reenix, ca. 2015: a re-implementation of a teaching operating system in Rust as an undergrad thesis • Biggest challenge in Reenix was that Rust forbids an application from handling allocation failure • The addition of a global allocator API has improved this in that now a C-based system can at least handle pressure… • …but dealing with memory allocation failure is still very much an unsettled area for Rust (see Rust RFC 2116)
Operating systems in Rust since 2015 • Since Reenix’s first efforts, there have been quite a few small systems in Rust, e.g.: Redox, Tifflin, Tock, intermezzOS, RustOS/QuiltOS, Rux, and Philipp Oppermann’s Blog OS • Some of these are teaching systems (intermezzOS, Blog OS), some are unikernels (QuiltOS) and/or targeted at IoT (Tock) • These systems are all de novo, which represents its own challenges, e.g. forsaking binary compatibility with Linux and fighting Second System Syndrome
Operating systems in Rust: The challenges • While Rust’s advantages are themselves clear, it’s less clear what the advantage is when replacing otherwise working code • For in-kernel code in particular, the safety argument for Rust carries less weight: in-kernel C tends to be de facto safe • Rust does, however, presents new challenges for kernel development, esp. with respect to multiply-owned structures • An OS kernel — despite its historic appeal and superficial fit for Rust — may represent more challenge than its worth • But what of hybrid approaches?
Hybrid approach I: Rust in-kernel components • One appeal of Rust is its ability to interoperate with C • One hybrid approach to explore would be to retain a
 C-/assembly-based kernel while allowing for Rust-based
 in-kernel components like device drivers and filesystems • This would allow for an incremental approach — and instead of rewriting, Rust can be used for new development • There is a prototype example of this in FreeBSD; others are presumably possible
Hybrid approach II: Rust OS components • An operating system is not just a kernel! • Operating systems have significant functionality at user-level: utilities, daemons, service-/device-/fault- management facilities, debuggers, etc. • If anything, the definition of the OS is expanding to distributed system that represents a multi-computer control plane — that itself includes many components • These components are much more prone to run-time failure! • Many of these are an excellent candidate for Rust!
Hybrid approach III: Rust-based firmware • Below the operating system lurks hardware-facing special- purpose software: firmware • Firmware is a sewer of unobservable software with a long history of infamous quality problems • Firmware has some of the same challenges as kernel development (e.g., dealing with allocation failures), but may otherwise be more amenable to Rust • This is especially true when/where firmware is in user-space and is network-facing! (e.g., OpenBMC)
Looking forward: Systems software in Rust • Rust represents something that we haven’t seen in a long time: a modern language that represents an alternative throughout the stack of software abstraction • Despite the interest in operating system kernel implementation, that might not be a good first fit for Rust • Rust allows hybrid approaches, allowing for productive kernel incrementalism rather than whole-system rewrites • Firmware and user-level operating system software are two very promising candidates for implementation in Rust!

Recommandé

Kernel Recipes 2017 - An introduction to the Linux DRM subsystem - Maxime Ripard
Kernel Recipes 2017 - An introduction to the Linux DRM subsystem - Maxime RipardKernel Recipes 2017 - An introduction to the Linux DRM subsystem - Maxime Ripard
Kernel Recipes 2017 - An introduction to the Linux DRM subsystem - Maxime RipardAnne Nicolas
 
CNIT 126: 10: Kernel Debugging with WinDbg
CNIT 126: 10: Kernel Debugging with WinDbgCNIT 126: 10: Kernel Debugging with WinDbg
CNIT 126: 10: Kernel Debugging with WinDbgSam Bowne
 
Velocity 2015 linux perf tools
Velocity 2015 linux perf toolsVelocity 2015 linux perf tools
Velocity 2015 linux perf toolsBrendan Gregg
 
Oracle ASM Training
Oracle ASM TrainingOracle ASM Training
Oracle ASM TrainingVigilant Technologies
 
Backup & restore in windows
Backup & restore in windowsBackup & restore in windows
Backup & restore in windowsJab Vtl
 
BeagleBone Black Bootloaders
BeagleBone Black BootloadersBeagleBone Black Bootloaders
BeagleBone Black BootloadersSysPlay eLearning Academy for You
 
Linux operating system - Overview
Linux operating system - OverviewLinux operating system - Overview
Linux operating system - OverviewAshita Agrawal
 
Incognito 2016 - IoT 펌웨어 추출과 분석
Incognito 2016 - IoT 펌웨어 추출과 분석Incognito 2016 - IoT 펌웨어 추출과 분석
Incognito 2016 - IoT 펌웨어 추출과 분석Benjamin Oh
 

Recommandé

Kernel Recipes 2017 - An introduction to the Linux DRM subsystem - Maxime Ripard
Kernel Recipes 2017 - An introduction to the Linux DRM subsystem - Maxime RipardKernel Recipes 2017 - An introduction to the Linux DRM subsystem - Maxime Ripard
Kernel Recipes 2017 - An introduction to the Linux DRM subsystem - Maxime RipardAnne Nicolas
 
CNIT 126: 10: Kernel Debugging with WinDbg
CNIT 126: 10: Kernel Debugging with WinDbgCNIT 126: 10: Kernel Debugging with WinDbg
CNIT 126: 10: Kernel Debugging with WinDbgSam Bowne
 
Velocity 2015 linux perf tools
Velocity 2015 linux perf toolsVelocity 2015 linux perf tools
Velocity 2015 linux perf toolsBrendan Gregg
 
Oracle ASM Training
Oracle ASM TrainingOracle ASM Training
Oracle ASM TrainingVigilant Technologies
 
Backup & restore in windows
Backup & restore in windowsBackup & restore in windows
Backup & restore in windowsJab Vtl
 
BeagleBone Black Bootloaders
BeagleBone Black BootloadersBeagleBone Black Bootloaders
BeagleBone Black BootloadersSysPlay eLearning Academy for You
 
Linux operating system - Overview
Linux operating system - OverviewLinux operating system - Overview
Linux operating system - OverviewAshita Agrawal
 
Incognito 2016 - IoT 펌웨어 추출과 분석
Incognito 2016 - IoT 펌웨어 추출과 분석Incognito 2016 - IoT 펌웨어 추출과 분석
Incognito 2016 - IoT 펌웨어 추출과 분석Benjamin Oh
 
CNIT 126: 10: Kernel Debugging with WinDbg
CNIT 126: 10: Kernel Debugging with WinDbgCNIT 126: 10: Kernel Debugging with WinDbg
CNIT 126: 10: Kernel Debugging with WinDbgSam Bowne
 
9: OllyDbg
9: OllyDbg9: OllyDbg
9: OllyDbgSam Bowne
 
4. linux file systems
4. linux file systems4. linux file systems
4. linux file systemsMarian Marinov
 
Practical Malware Analysis: Ch 15: Anti-Disassembly
Practical Malware Analysis: Ch 15: Anti-DisassemblyPractical Malware Analysis: Ch 15: Anti-Disassembly
Practical Malware Analysis: Ch 15: Anti-DisassemblySam Bowne
 
Software Security
Software SecuritySoftware Security
Software SecurityRoman Oliynykov
 
Server Management
Server ManagementServer Management
Server ManagementDell World
 
GUIDE HARDWARE AND SOFTWARE MAINTENANCE English
GUIDE HARDWARE AND SOFTWARE MAINTENANCE EnglishGUIDE HARDWARE AND SOFTWARE MAINTENANCE English
GUIDE HARDWARE AND SOFTWARE MAINTENANCE EnglishFelipe Luis Garcia C
 
Code injection
Code injectionCode injection
Code injectionGayatri Patel
 
Modern Kernel Pool Exploitation: Attacks and Techniques
Modern Kernel Pool Exploitation: Attacks and TechniquesModern Kernel Pool Exploitation: Attacks and Techniques
Modern Kernel Pool Exploitation: Attacks and TechniquesMichael Scovetta
 
Introduction to linux ppt
Introduction to linux pptIntroduction to linux ppt
Introduction to linux pptOmi Vichare
 
Linux seminar
Linux seminarLinux seminar
Linux seminarBuntha Chhay
 
CTSS - Compatible Time Sharing System
CTSS - Compatible Time Sharing SystemCTSS - Compatible Time Sharing System
CTSS - Compatible Time Sharing SystemSebastian Woinar
 
How fun of privilege escalation Red Pill2017
How fun of privilege escalation Red Pill2017How fun of privilege escalation Red Pill2017
How fun of privilege escalation Red Pill2017Ammarit Thongthua ,CISSP CISM GXPN CSSLP CCNP
 
Computer virus !!!!!
Computer virus !!!!!Computer virus !!!!!
Computer virus !!!!!pratikpandya18
 
Mac Forensics
Mac ForensicsMac Forensics
Mac ForensicsCTIN
 
Integrating Veeam Backup with NimbleStorage
Integrating Veeam Backup with NimbleStorageIntegrating Veeam Backup with NimbleStorage
Integrating Veeam Backup with NimbleStorageJorge de la Cruz
 
Linux Porting
Linux PortingLinux Porting
Linux PortingChamp Yen
 
Kali linux os
Kali linux osKali linux os
Kali linux osSamantha Lawrence
 
All You Need is One - A ClickOnce Love Story - Secure360 2015
All You Need is One - A ClickOnce Love Story - Secure360 2015All You Need is One - A ClickOnce Love Story - Secure360 2015
All You Need is One - A ClickOnce Love Story - Secure360 2015NetSPI
 
OWASP Mobile Top 10
OWASP Mobile Top 10OWASP Mobile Top 10
OWASP Mobile Top 10NowSecure
 
Operating Systems As a Product
Operating Systems As a ProductOperating Systems As a Product
Operating Systems As a ProductHarshit Srivastava
 
Linux forensics
Linux forensicsLinux forensics
Linux forensicsSantosh Khadsare
 

Contenu connexe

Tendances

CNIT 126: 10: Kernel Debugging with WinDbg
CNIT 126: 10: Kernel Debugging with WinDbgCNIT 126: 10: Kernel Debugging with WinDbg
CNIT 126: 10: Kernel Debugging with WinDbgSam Bowne
 
Practical Malware Analysis: Ch 15: Anti-Disassembly
Practical Malware Analysis: Ch 15: Anti-DisassemblyPractical Malware Analysis: Ch 15: Anti-Disassembly
Practical Malware Analysis: Ch 15: Anti-DisassemblySam Bowne
 
Server Management
Server ManagementServer Management
Server ManagementDell World
 
GUIDE HARDWARE AND SOFTWARE MAINTENANCE English
GUIDE HARDWARE AND SOFTWARE MAINTENANCE EnglishGUIDE HARDWARE AND SOFTWARE MAINTENANCE English
GUIDE HARDWARE AND SOFTWARE MAINTENANCE EnglishFelipe Luis Garcia C
 
Modern Kernel Pool Exploitation: Attacks and Techniques
Modern Kernel Pool Exploitation: Attacks and TechniquesModern Kernel Pool Exploitation: Attacks and Techniques
Modern Kernel Pool Exploitation: Attacks and TechniquesMichael Scovetta
 
Introduction to linux ppt
Introduction to linux pptIntroduction to linux ppt
Introduction to linux pptOmi Vichare
 
CTSS - Compatible Time Sharing System
CTSS - Compatible Time Sharing SystemCTSS - Compatible Time Sharing System
CTSS - Compatible Time Sharing SystemSebastian Woinar
 
Mac Forensics
Mac ForensicsMac Forensics
Mac ForensicsCTIN
 
Integrating Veeam Backup with NimbleStorage
Integrating Veeam Backup with NimbleStorageIntegrating Veeam Backup with NimbleStorage
Integrating Veeam Backup with NimbleStorageJorge de la Cruz
 
Linux Porting
Linux PortingLinux Porting
Linux PortingChamp Yen
 
All You Need is One - A ClickOnce Love Story - Secure360 2015
All You Need is One - A ClickOnce Love Story - Secure360 2015All You Need is One - A ClickOnce Love Story - Secure360 2015
All You Need is One - A ClickOnce Love Story - Secure360 2015NetSPI
 
OWASP Mobile Top 10
OWASP Mobile Top 10OWASP Mobile Top 10
OWASP Mobile Top 10NowSecure
 

Tendances (20)

CNIT 126: 10: Kernel Debugging with WinDbg
CNIT 126: 10: Kernel Debugging with WinDbgCNIT 126: 10: Kernel Debugging with WinDbg
CNIT 126: 10: Kernel Debugging with WinDbg
 
9: OllyDbg
9: OllyDbg9: OllyDbg
9: OllyDbg
 
4. linux file systems
4. linux file systems4. linux file systems
4. linux file systems
 
Practical Malware Analysis: Ch 15: Anti-Disassembly
Practical Malware Analysis: Ch 15: Anti-DisassemblyPractical Malware Analysis: Ch 15: Anti-Disassembly
Practical Malware Analysis: Ch 15: Anti-Disassembly
 
Software Security
Software SecuritySoftware Security
Software Security
 
Server Management
Server ManagementServer Management
Server Management
 
GUIDE HARDWARE AND SOFTWARE MAINTENANCE English
GUIDE HARDWARE AND SOFTWARE MAINTENANCE EnglishGUIDE HARDWARE AND SOFTWARE MAINTENANCE English
GUIDE HARDWARE AND SOFTWARE MAINTENANCE English
 
Code injection
Code injectionCode injection
Code injection
 
Modern Kernel Pool Exploitation: Attacks and Techniques
Modern Kernel Pool Exploitation: Attacks and TechniquesModern Kernel Pool Exploitation: Attacks and Techniques
Modern Kernel Pool Exploitation: Attacks and Techniques
 
Introduction to linux ppt
Introduction to linux pptIntroduction to linux ppt
Introduction to linux ppt
 
Linux seminar
Linux seminarLinux seminar
Linux seminar
 
CTSS - Compatible Time Sharing System
CTSS - Compatible Time Sharing SystemCTSS - Compatible Time Sharing System
CTSS - Compatible Time Sharing System
 
How fun of privilege escalation Red Pill2017
How fun of privilege escalation Red Pill2017How fun of privilege escalation Red Pill2017
How fun of privilege escalation Red Pill2017
 
Computer virus !!!!!
Computer virus !!!!!Computer virus !!!!!
Computer virus !!!!!
 
Mac Forensics
Mac ForensicsMac Forensics
Mac Forensics
 
Integrating Veeam Backup with NimbleStorage
Integrating Veeam Backup with NimbleStorageIntegrating Veeam Backup with NimbleStorage
Integrating Veeam Backup with NimbleStorage
 
Linux Porting
Linux PortingLinux Porting
Linux Porting
 
Kali linux os
Kali linux osKali linux os
Kali linux os
 
All You Need is One - A ClickOnce Love Story - Secure360 2015
All You Need is One - A ClickOnce Love Story - Secure360 2015All You Need is One - A ClickOnce Love Story - Secure360 2015
All You Need is One - A ClickOnce Love Story - Secure360 2015
 
OWASP Mobile Top 10
OWASP Mobile Top 10OWASP Mobile Top 10
OWASP Mobile Top 10
 

Similaire à Is it time to rewrite the operating system in Rust?

Operating Systems As a Product
Operating Systems As a ProductOperating Systems As a Product
Operating Systems As a ProductHarshit Srivastava
 
Introducing Plan9 from Bell Labs
Introducing Plan9 from Bell LabsIntroducing Plan9 from Bell Labs
Introducing Plan9 from Bell LabsAnant Narayanan
 
Manta: a new internet-facing object storage facility that features compute by...
Manta: a new internet-facing object storage facility that features compute by...Manta: a new internet-facing object storage facility that features compute by...
Manta: a new internet-facing object storage facility that features compute by...Hakka Labs
 
Introduction about linux
Introduction about linuxIntroduction about linux
Introduction about linuxABHISHEK KUMAR
 
Presentation on o s for bca iv
Presentation on o s for bca ivPresentation on o s for bca iv
Presentation on o s for bca ivAjit Singh
 
Unix++: Plan 9 from Bell Labs
Unix++: Plan 9 from Bell LabsUnix++: Plan 9 from Bell Labs
Unix++: Plan 9 from Bell LabsAnant Narayanan
 
Unix lecture1
Unix lecture1Unix lecture1
Unix lecture1dolleyj
 
introduction.pdf
introduction.pdfintroduction.pdf
introduction.pdfxiso
 
2015 bioinformatics python_introduction_wim_vancriekinge_vfinal
2015 bioinformatics python_introduction_wim_vancriekinge_vfinal2015 bioinformatics python_introduction_wim_vancriekinge_vfinal
2015 bioinformatics python_introduction_wim_vancriekinge_vfinalProf. Wim Van Criekinge
 
Topic_2_Introduction_to_Unix.pptx
Topic_2_Introduction_to_Unix.pptxTopic_2_Introduction_to_Unix.pptx
Topic_2_Introduction_to_Unix.pptxdulala3
 
Linux [2005]
Linux [2005]Linux [2005]
Linux [2005]Raul Soto
 
Introduction to Linux
Introduction to LinuxIntroduction to Linux
Introduction to Linuxsureskal
 

Similaire à Is it time to rewrite the operating system in Rust? (20)

Operating Systems As a Product
Operating Systems As a ProductOperating Systems As a Product
Operating Systems As a Product
 
Linux forensics
Linux forensicsLinux forensics
Linux forensics
 
Introducing Plan9 from Bell Labs
Introducing Plan9 from Bell LabsIntroducing Plan9 from Bell Labs
Introducing Plan9 from Bell Labs
 
Linux basics
Linux basicsLinux basics
Linux basics
 
Manta: a new internet-facing object storage facility that features compute by...
Manta: a new internet-facing object storage facility that features compute by...Manta: a new internet-facing object storage facility that features compute by...
Manta: a new internet-facing object storage facility that features compute by...
 
Plan 9: Not (Only) A Better UNIX
Plan 9: Not (Only) A Better UNIXPlan 9: Not (Only) A Better UNIX
Plan 9: Not (Only) A Better UNIX
 
Introduction about linux
Introduction about linuxIntroduction about linux
Introduction about linux
 
Presentation on o s for bca iv
Presentation on o s for bca ivPresentation on o s for bca iv
Presentation on o s for bca iv
 
Os concepts
Os conceptsOs concepts
Os concepts
 
Unix++: Plan 9 from Bell Labs
Unix++: Plan 9 from Bell LabsUnix++: Plan 9 from Bell Labs
Unix++: Plan 9 from Bell Labs
 
Unix lecture1
Unix lecture1Unix lecture1
Unix lecture1
 
Ch1-Unix.pptx
Ch1-Unix.pptxCh1-Unix.pptx
Ch1-Unix.pptx
 
introduction.pdf
introduction.pdfintroduction.pdf
introduction.pdf
 
Linux
LinuxLinux
Linux
 
2015 bioinformatics python_introduction_wim_vancriekinge_vfinal
2015 bioinformatics python_introduction_wim_vancriekinge_vfinal2015 bioinformatics python_introduction_wim_vancriekinge_vfinal
2015 bioinformatics python_introduction_wim_vancriekinge_vfinal
 
RTOS [Autosaved].pptx
RTOS [Autosaved].pptxRTOS [Autosaved].pptx
RTOS [Autosaved].pptx
 
os_1.pdf
os_1.pdfos_1.pdf
os_1.pdf
 
Topic_2_Introduction_to_Unix.pptx
Topic_2_Introduction_to_Unix.pptxTopic_2_Introduction_to_Unix.pptx
Topic_2_Introduction_to_Unix.pptx
 
Linux [2005]
Linux [2005]Linux [2005]
Linux [2005]
 
Introduction to Linux
Introduction to LinuxIntroduction to Linux
Introduction to Linux
 

Plus de bcantrill

Predicting the Present
Predicting the PresentPredicting the Present
Predicting the Presentbcantrill
 
Sharpening the Axe: The Primacy of Toolmaking
Sharpening the Axe: The Primacy of ToolmakingSharpening the Axe: The Primacy of Toolmaking
Sharpening the Axe: The Primacy of Toolmakingbcantrill
 
Coming of Age: Developing young technologists without robbing them of their y...
Coming of Age: Developing young technologists without robbing them of their y...Coming of Age: Developing young technologists without robbing them of their y...
Coming of Age: Developing young technologists without robbing them of their y...bcantrill
 
I have come to bury the BIOS, not to open it: The need for holistic systems
I have come to bury the BIOS, not to open it: The need for holistic systemsI have come to bury the BIOS, not to open it: The need for holistic systems
I have come to bury the BIOS, not to open it: The need for holistic systemsbcantrill
 
Towards Holistic Systems
Towards Holistic SystemsTowards Holistic Systems
Towards Holistic Systemsbcantrill
 
The Coming Firmware Revolution
The Coming Firmware RevolutionThe Coming Firmware Revolution
The Coming Firmware Revolutionbcantrill
 
Hardware/software Co-design: The Coming Golden Age
Hardware/software Co-design: The Coming Golden AgeHardware/software Co-design: The Coming Golden Age
Hardware/software Co-design: The Coming Golden Agebcantrill
 
Tockilator: Deducing Tock execution flows from Ibex Verilator traces
Tockilator: Deducing Tock execution flows from Ibex Verilator tracesTockilator: Deducing Tock execution flows from Ibex Verilator traces
Tockilator: Deducing Tock execution flows from Ibex Verilator tracesbcantrill
 
No Moore Left to Give: Enterprise Computing After Moore's Law
No Moore Left to Give: Enterprise Computing After Moore's LawNo Moore Left to Give: Enterprise Computing After Moore's Law
No Moore Left to Give: Enterprise Computing After Moore's Lawbcantrill
 
Andreessen's Corollary: Ethical Dilemmas in Software Engineering
Andreessen's Corollary: Ethical Dilemmas in Software EngineeringAndreessen's Corollary: Ethical Dilemmas in Software Engineering
Andreessen's Corollary: Ethical Dilemmas in Software Engineeringbcantrill
 
Visualizing Systems with Statemaps
Visualizing Systems with StatemapsVisualizing Systems with Statemaps
Visualizing Systems with Statemapsbcantrill
 
Platform values, Rust, and the implications for system software
Platform values, Rust, and the implications for system softwarePlatform values, Rust, and the implications for system software
Platform values, Rust, and the implications for system softwarebcantrill
 
dtrace.conf(16): DTrace state of the union
dtrace.conf(16): DTrace state of the uniondtrace.conf(16): DTrace state of the union
dtrace.conf(16): DTrace state of the unionbcantrill
 
The Hurricane's Butterfly: Debugging pathologically performing systems
The Hurricane's Butterfly: Debugging pathologically performing systemsThe Hurricane's Butterfly: Debugging pathologically performing systems
The Hurricane's Butterfly: Debugging pathologically performing systemsbcantrill
 
Papers We Love: ARC after dark
Papers We Love: ARC after darkPapers We Love: ARC after dark
Papers We Love: ARC after darkbcantrill
 
Principles of Technology Leadership
Principles of Technology LeadershipPrinciples of Technology Leadership
Principles of Technology Leadershipbcantrill
 
Zebras all the way down: The engineering challenges of the data path
Zebras all the way down: The engineering challenges of the data pathZebras all the way down: The engineering challenges of the data path
Zebras all the way down: The engineering challenges of the data pathbcantrill
 
Platform as reflection of values: Joyent, node.js, and beyond
Platform as reflection of values: Joyent, node.js, and beyondPlatform as reflection of values: Joyent, node.js, and beyond
Platform as reflection of values: Joyent, node.js, and beyondbcantrill
 
Debugging under fire: Keeping your head when systems have lost their mind
Debugging under fire: Keeping your head when systems have lost their mindDebugging under fire: Keeping your head when systems have lost their mind
Debugging under fire: Keeping your head when systems have lost their mindbcantrill
 
Down Memory Lane: Two Decades with the Slab Allocator
Down Memory Lane: Two Decades with the Slab AllocatorDown Memory Lane: Two Decades with the Slab Allocator
Down Memory Lane: Two Decades with the Slab Allocatorbcantrill
 

Plus de bcantrill (20)

Predicting the Present
Predicting the PresentPredicting the Present
Predicting the Present
 
Sharpening the Axe: The Primacy of Toolmaking
Sharpening the Axe: The Primacy of ToolmakingSharpening the Axe: The Primacy of Toolmaking
Sharpening the Axe: The Primacy of Toolmaking
 
Coming of Age: Developing young technologists without robbing them of their y...
Coming of Age: Developing young technologists without robbing them of their y...Coming of Age: Developing young technologists without robbing them of their y...
Coming of Age: Developing young technologists without robbing them of their y...
 
I have come to bury the BIOS, not to open it: The need for holistic systems
I have come to bury the BIOS, not to open it: The need for holistic systemsI have come to bury the BIOS, not to open it: The need for holistic systems
I have come to bury the BIOS, not to open it: The need for holistic systems
 
Towards Holistic Systems
Towards Holistic SystemsTowards Holistic Systems
Towards Holistic Systems
 
The Coming Firmware Revolution
The Coming Firmware RevolutionThe Coming Firmware Revolution
The Coming Firmware Revolution
 
Hardware/software Co-design: The Coming Golden Age
Hardware/software Co-design: The Coming Golden AgeHardware/software Co-design: The Coming Golden Age
Hardware/software Co-design: The Coming Golden Age
 
Tockilator: Deducing Tock execution flows from Ibex Verilator traces
Tockilator: Deducing Tock execution flows from Ibex Verilator tracesTockilator: Deducing Tock execution flows from Ibex Verilator traces
Tockilator: Deducing Tock execution flows from Ibex Verilator traces
 
No Moore Left to Give: Enterprise Computing After Moore's Law
No Moore Left to Give: Enterprise Computing After Moore's LawNo Moore Left to Give: Enterprise Computing After Moore's Law
No Moore Left to Give: Enterprise Computing After Moore's Law
 
Andreessen's Corollary: Ethical Dilemmas in Software Engineering
Andreessen's Corollary: Ethical Dilemmas in Software EngineeringAndreessen's Corollary: Ethical Dilemmas in Software Engineering
Andreessen's Corollary: Ethical Dilemmas in Software Engineering
 
Visualizing Systems with Statemaps
Visualizing Systems with StatemapsVisualizing Systems with Statemaps
Visualizing Systems with Statemaps
 
Platform values, Rust, and the implications for system software
Platform values, Rust, and the implications for system softwarePlatform values, Rust, and the implications for system software
Platform values, Rust, and the implications for system software
 
dtrace.conf(16): DTrace state of the union
dtrace.conf(16): DTrace state of the uniondtrace.conf(16): DTrace state of the union
dtrace.conf(16): DTrace state of the union
 
The Hurricane's Butterfly: Debugging pathologically performing systems
The Hurricane's Butterfly: Debugging pathologically performing systemsThe Hurricane's Butterfly: Debugging pathologically performing systems
The Hurricane's Butterfly: Debugging pathologically performing systems
 
Papers We Love: ARC after dark
Papers We Love: ARC after darkPapers We Love: ARC after dark
Papers We Love: ARC after dark
 
Principles of Technology Leadership
Principles of Technology LeadershipPrinciples of Technology Leadership
Principles of Technology Leadership
 
Zebras all the way down: The engineering challenges of the data path
Zebras all the way down: The engineering challenges of the data pathZebras all the way down: The engineering challenges of the data path
Zebras all the way down: The engineering challenges of the data path
 
Platform as reflection of values: Joyent, node.js, and beyond
Platform as reflection of values: Joyent, node.js, and beyondPlatform as reflection of values: Joyent, node.js, and beyond
Platform as reflection of values: Joyent, node.js, and beyond
 
Debugging under fire: Keeping your head when systems have lost their mind
Debugging under fire: Keeping your head when systems have lost their mindDebugging under fire: Keeping your head when systems have lost their mind
Debugging under fire: Keeping your head when systems have lost their mind
 
Down Memory Lane: Two Decades with the Slab Allocator
Down Memory Lane: Two Decades with the Slab AllocatorDown Memory Lane: Two Decades with the Slab Allocator
Down Memory Lane: Two Decades with the Slab Allocator
 

Dernier

8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech studentsHimanshiGarg82
 
WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2
 
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidDirect Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidPhilip Schwarz
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️Delhi Call girls
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsJhone kinadey
 
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024VictoriaMetrics
 
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...masabamasaba
 
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...masabamasaba
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Steffen Staab
 
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...masabamasaba
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisamasabamasaba
 
Architecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastArchitecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastPapp Krisztián
 
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfonteinmasabamasaba
 
%in Harare+277-882-255-28 abortion pills for sale in Harare
%in Harare+277-882-255-28 abortion pills for sale in Harare%in Harare+277-882-255-28 abortion pills for sale in Harare
%in Harare+277-882-255-28 abortion pills for sale in Hararemasabamasaba
 
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesAI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesVictorSzoltysek
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplatePresentation.STUDIO
 
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...WSO2
 
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfonteinmasabamasaba
 
Define the academic and professional writing..pdf
Define the academic and professional writing..pdfDefine the academic and professional writing..pdf
Define the academic and professional writing..pdfPearlKirahMaeRagusta1
 

Dernier (20)

8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students
 
WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?
 
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidDirect Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
 
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
 
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
 
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
 
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
 
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
 
Architecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastArchitecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the past
 
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
 
%in Harare+277-882-255-28 abortion pills for sale in Harare
%in Harare+277-882-255-28 abortion pills for sale in Harare%in Harare+277-882-255-28 abortion pills for sale in Harare
%in Harare+277-882-255-28 abortion pills for sale in Harare
 
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesAI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation Template
 
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
 
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
 
Define the academic and professional writing..pdf
Define the academic and professional writing..pdfDefine the academic and professional writing..pdf
Define the academic and professional writing..pdf
 

Is it time to rewrite the operating system in Rust?

  • 1. Is it time to rewrite the operating system in Rust? CTO bryan@joyent.com Bryan Cantrill @bcantrill
  • 3. What even is the operating system? • The operating system is harder to define than it might seem… • For every definition, it can be easy to come up with exceptions • At minimum: the operating system is the program that abstracts hardware to allow execution of other programs • The operating system defines the liveness of the machine: without it, no program can run • The operating system software that runs with the highest level of architectural privilege is the operating system kernel • …but the kernel is not the entire operating system!
  • 4. Operating system implementation history • Historically, operating systems — née “executives” — were written entirely in assembly • Starting with the Burroughs B5000 MCP in 1961, operating systems started to be written in higher level languages… • In 1964, when Project MAC at MIT sought to build a successor to their Compatible Timesharing System (CTSS), they selected the language (PL/I) before writing any code (!) • But PL/I had no functioning compiler — and wouldn’t until 1966
  • 5. PL/I in Multics • The decision to use PL/I in Multics was seen by its creators as a great strength, even when reflecting back in 1971:
 
 
 
 
 
 
 • …but that the compiler was unavailable for so long (and when was available, performed poorly) was a nearly-fatal weakness Source: “Multics: The first seven years,” Corbato et al.
  • 6. The birth of Unix • Bell Labs pulled out of the Multics project in 1969 • A researcher formerly on the Multics effort, Ken Thompson, implemented a new operating system for the PDP-7 • The system was later ported to the PDP-11/20, where it was named Unix — a play on “eunuchs” and a contrast to the top- down complexity of Multics • Unix was implemented entirely in assembly!
  • 7. Unix and high-level languages • The interpreted language B (a BCPL derivative), was present in Unix, but only used for auxiliary functionality, e.g. the assembler and an early version of dc(1) • Some of the B that was in use in Unix was replaced with assembly for reasons of performance! • Dennis Ritchie and Thompson developed a B-inspired language focused on better abstracting the machine, naming it “C” • Perhaps contrary to myth, C and Unix were not born at the same instant — they are siblings, not twins!
  • 8. The C revolution • C is rightfully called “portable assembly”: it is designed to closely match the abstraction of the machine itself • C features memory addressability at its core • Unlike PL/I, C grew as concrete needs arose • e.g., C organically adopted important facilities like macro processing through the C preprocessor • Standardization efforts came late and were contentious: C remains infamous for its undefined behaviors
  • 9. Operating systems in the 1980s • As the minimal abstraction above the machine, C — despite its blemishes — proved to be an excellent fit for operating systems implementation • With few exceptions, operating systems — Unix or otherwise — were implemented in C throughout the 1980s • Other systems existed as research systems, but struggled to offer comparable performance to C-based systems
  • 10. Operating systems in the 1990s • In the 1990s, object oriented programming came into vogue, with languages like C++ and Java • By the mid-1990s, C-based systems were thought to be relics • …but the systems putatively replacing them were rewrites — and suffered from rampant Second System Syndrome • They were infamously late (e.g. Apple’s Copland), infamously slow (e.g. Sun’s Spring), or both (Taligent’s Pink) • Java-based operating systems like Sun’s JavaOS fared no better; hard to interact with hardware without unsigned types!
  • 11. Operating systems in the 2000s • With the arrival of Linux, Unix enjoyed a resurgence — and
 C-based operating systems became deeply entrenched • With only a few exceptions (e.g., Haiku), serious attempts at
 C++-based kernels withered • At the same time, non-Java/non-C++ languages blossomed: first Ruby, and then Python and JavaScript • These languages were focused on ease of development rather than performance — and there appears to be no serious effort to implement an operating system in any of these
  • 12. Systems software in the 2010s • Systems programmers began pining for something different: the performance of C, but with more powerful constructs as enjoyed in other languages • High-performance JavaScript runtimes allowed for a surprising use in node.js — but otherwise left much to be desired • Bell Labs refugees at Google developed Go, which solves some problems, but with many idiosyncrasies • Go, JavaScript and others are garbage collected, making interacting with C either impossible or excruciatingly slow
  • 13. Rust? • Rust is a systems software programming language designed around safety, parallelism, and speed • Rust has a novel system of ownership, whereby it can statically determine when a memory object is no longer in use • This allows for the power of a garbage-collected language, but with the performance of manual memory management • This is important because — unlike C — Rust is highly composable, allowing for more sophisticated (and higher performing!) primitives
  • 14. Rust performance (my experience) Source: http://dtrace.org/blogs/bmc/2018/09/28/the-relative-performance-of-c-and-rust/
  • 15. Rust: Beyond ownership • Rust has a number of other features that make it highly compelling for systems software implementation: • Algebraic types allow robust, concise error handling • Hygienic macros allow for safe syntax extensions • Foreign function interface allows for full-duplex integration with C without sacrificing performance • “unsafe” keyword allows for some safety guarantees to be surgically overruled (though with obvious peril) • Also: terrific community, thriving ecosystem, etc.
  • 16. Operating systems in Rust? • If the history of operating systems implementation teaches us anything, it’s that runtime characteristics trump development challenges! • Structured languages (broadly) replaced assembly because they performed as well • Viz., every operating system retains some assembly for reasons of performance! • With its focus on performance and zero-cost abstractions, Rust does represent a real, new candidate programming language for operating systems implementation
  • 17. Operating systems in Rust: A first attempt • First attempt at an operating system kernel in Rust seems to be Alex Light’s Reenix, ca. 2015: a re-implementation of a teaching operating system in Rust as an undergrad thesis • Biggest challenge in Reenix was that Rust forbids an application from handling allocation failure • The addition of a global allocator API has improved this in that now a C-based system can at least handle pressure… • …but dealing with memory allocation failure is still very much an unsettled area for Rust (see Rust RFC 2116)
  • 18. Operating systems in Rust since 2015 • Since Reenix’s first efforts, there have been quite a few small systems in Rust, e.g.: Redox, Tifflin, Tock, intermezzOS, RustOS/QuiltOS, Rux, and Philipp Oppermann’s Blog OS • Some of these are teaching systems (intermezzOS, Blog OS), some are unikernels (QuiltOS) and/or targeted at IoT (Tock) • These systems are all de novo, which represents its own challenges, e.g. forsaking binary compatibility with Linux and fighting Second System Syndrome
  • 19. Operating systems in Rust: The challenges • While Rust’s advantages are themselves clear, it’s less clear what the advantage is when replacing otherwise working code • For in-kernel code in particular, the safety argument for Rust carries less weight: in-kernel C tends to be de facto safe • Rust does, however, presents new challenges for kernel development, esp. with respect to multiply-owned structures • An OS kernel — despite its historic appeal and superficial fit for Rust — may represent more challenge than its worth • But what of hybrid approaches?
  • 20. Hybrid approach I: Rust in-kernel components • One appeal of Rust is its ability to interoperate with C • One hybrid approach to explore would be to retain a
 C-/assembly-based kernel while allowing for Rust-based
 in-kernel components like device drivers and filesystems • This would allow for an incremental approach — and instead of rewriting, Rust can be used for new development • There is a prototype example of this in FreeBSD; others are presumably possible
  • 21. Hybrid approach II: Rust OS components • An operating system is not just a kernel! • Operating systems have significant functionality at user-level: utilities, daemons, service-/device-/fault- management facilities, debuggers, etc. • If anything, the definition of the OS is expanding to distributed system that represents a multi-computer control plane — that itself includes many components • These components are much more prone to run-time failure! • Many of these are an excellent candidate for Rust!
  • 22. Hybrid approach III: Rust-based firmware • Below the operating system lurks hardware-facing special- purpose software: firmware • Firmware is a sewer of unobservable software with a long history of infamous quality problems • Firmware has some of the same challenges as kernel development (e.g., dealing with allocation failures), but may otherwise be more amenable to Rust • This is especially true when/where firmware is in user-space and is network-facing! (e.g., OpenBMC)
  • 23. Looking forward: Systems software in Rust • Rust represents something that we haven’t seen in a long time: a modern language that represents an alternative throughout the stack of software abstraction • Despite the interest in operating system kernel implementation, that might not be a good first fit for Rust • Rust allows hybrid approaches, allowing for productive kernel incrementalism rather than whole-system rewrites • Firmware and user-level operating system software are two very promising candidates for implementation in Rust!