Speculative: Rust for base system components

Cy Schubert Cy.Schubert at cschubert.com
Tue Jan 1 08:00:30 UTC 2019 

In message <CAJm2B-=o8xtCDcN38mcwDTToxS8zw6twyfgQQEWqdj3eLwcB=A at mail.gma
il.com>
, Damjan Jovanovic writes:
> --000000000000caa538057e5f7945
> Content-Type: text/plain; charset="UTF-8"
>
> Kernel modules in Rust might benefit from the better type checking and thus
> less memory leaks, less memory corruption, etc. but they are usually small
> anyway so it's probably not worth it.
>
> The bigger benefit of running Java applications (not device drivers) in the
> kernel is performance. If applications run in kernel mode, context
> switching between kernel threads is much faster than user threads, system
> calls just become function calls, etc. Unlike C, Java can be sandboxed (at
> least in theory), and lack of native pointers and memory safety ensure it
> cannot access hardware directly anyway, so the rest of the system is still
> protected. Around 2005, Microsoft Research made Singularity OS, which used
> such techniques to run safely C# applications in the kernel, and it was
> about 20% faster than C in user space.

Microsoft renders fonts in the kernel too. Look at the (security) 
trouble that that's caused them.

C++ exception handling (which can be "muted" and not recommended) isn't 
best practice for kernel programming. Are you sure you want C++, C#, 
Java, Javascript (also discussed at OpenHack), or rust in the kernel. 
Really?

Not being rhetorical here but Microsoft isn't a great a example of we 
should strive for.

I'm with Warner. No. Rust should remain in ports. Apps that depend on 
rust should be in ports. Optional kernel modules should also be in 
ports.


-- 
Cheers,
Cy Schubert <Cy.Schubert at cschubert.com>
FreeBSD UNIX:  <cy at FreeBSD.org>   Web:  http://www.FreeBSD.org

	The need of the many outweighs the greed of the few.


> On Tue, Jan 1, 2019 at 6:59 AM Cy Schubert <Cy.Schubert at cschubert.com>
> wrote:
>
> > What would having another language in base buy us? This reminds me of a
> > couple of months ago at OpenHack Victoria someone was trying to convince me
> > that the kernel needed a JavaVM. (Sure we each had a few beers) but the
> > similarity of this discussion doesn't escape me. Kernel modules and
> > functions written in java^H^H^H^H rust: why?
> >
> > ---
> > Sent using a tiny phone keyboard.
> > Apologies for any typos and autocorrect.
> > Also, this old phone only supports top post. Apologies.
> >
> > Cy Schubert
> > <Cy.Schubert at cschubert.com> or <cy at freebsd.org>
> > The need of the many outweighs the greed of the few.
> > ---
> >
> > -----Original Message-----
> > From: Peter Jeremy
> > Sent: 31/12/2018 18:48
> > To: Igor Mozolevsky
> > Cc: Hackers freeBSD
> > Subject: Re: Speculative: Rust for base system components
> >
> > On 2019-Jan-01 00:53:48 +0000, Igor Mozolevsky <igor at hybrid-lab.co.uk>
> > wrote:
> > >Quite frankly the compile time isn't really *that* important,
> >
> > I disagree.  FreeBSD seems to be heading back to the batch days - you
> > submit your buildworld request and come back tomorrow to see if it worked.
> > That is a significant hinderance to development and, based on various
> > mailing list comments, is causing breakage because developers are cutting
> > corners due to the pain involved in running "make universe" before they
> > make a large change.
> >
> > >longer (if not much longer) build times might push toward a better
> > >modularisation and compartmentalisation of the OS and the kernel so a
> > >small change in the kernel, for example, doesn't require the
> > >recompilation of the whole damn thing when nothing else is affected.
> >
> > Two problems here:
> > 1) make doesn't seem to be sufficient to correctly describe a dependency
> > tree to allow incremental/partial builds (at, everyone I'm aware of who
> > has a successful incremental build system has started by migrating off
> > make).  This means that a significant part of the work will be re-writing
> > the FreeBSD build system into something else like (eg) Bazel.
> > 2) The bottleneck very quickly turns into the linker.
> >
> > --
> > Peter Jeremy
> > _______________________________________________
> > freebsd-hackers at freebsd.org mailing list
> > https://lists.freebsd.org/mailman/listinfo/freebsd-hackers
> > To unsubscribe, send any mail to "freebsd-hackers-unsubscribe at freebsd.org"
> >
>
> --000000000000caa538057e5f7945
> Content-Type: text/html; charset="UTF-8"
> Content-Transfer-Encoding: quoted-printable
>
> <div dir=3D"ltr"><div>Kernel modules in Rust might benefit from the better =
> type checking and thus less memory leaks, less memory corruption, etc. but =
> they are usually small anyway so it's probably not worth it.<br></div><=
> div><br></div><div>The bigger benefit of running Java applications (not dev=
> ice drivers) in the kernel is performance. If applications run in kernel mo=
> de, context switching between kernel threads is much faster than user threa=
> ds, system calls just become function calls, etc. Unlike C, Java can be san=
> dboxed (at least in theory), and lack of native pointers and memory safety =
> ensure it cannot access hardware directly anyway, so the rest of the system=
>  is still protected. Around 2005, Microsoft Research made Singularity OS, w=
> hich used such techniques to run safely C# applications in the kernel, and =
> it was about 20% faster than C in user space.<br></div><br><div class=3D"gm=
> ail_quote"><div dir=3D"ltr">On Tue, Jan 1, 2019 at 6:59 AM Cy Schubert <=
> <a href=3D"mailto:Cy.Schubert at cschubert.com">Cy.Schubert at cschubert.com</a>&=
> gt; wrote:<br></div><blockquote class=3D"gmail_quote" style=3D"margin:0px 0=
> px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">What =
> would having another language in base buy us? This reminds me of a couple o=
> f months ago at OpenHack Victoria someone was trying to convince me that th=
> e kernel needed a JavaVM. (Sure we each had a few beers) but the similarity=
>  of this discussion doesn't escape me. Kernel modules and functions wri=
> tten in java^H^H^H^H rust: why?<br>
> <br>
> ---<br>
> Sent using a tiny phone keyboard.<br>
> Apologies for any typos and autocorrect.<br>
> Also, this old phone only supports top post. Apologies.<br>
> <br>
> Cy Schubert<br>
> <<a href=3D"mailto:Cy.Schubert at cschubert.com" target=3D"_blank">Cy.Schub=
> ert at cschubert.com</a>> or <<a href=3D"mailto:cy at freebsd.org" target=
> =3D"_blank">cy at freebsd.org</a>><br>
> The need of the many outweighs the greed of the few.<br>
> ---<br>
> <br>
> -----Original Message-----<br>
> From: Peter Jeremy<br>
> Sent: 31/12/2018 18:48<br>
> To: Igor Mozolevsky<br>
> Cc: Hackers freeBSD<br>
> Subject: Re: Speculative: Rust for base system components<br>
> <br>
> On 2019-Jan-01 00:53:48 +0000, Igor Mozolevsky <<a href=3D"mailto:igor at h=
> ybrid-lab.co.uk" target=3D"_blank">igor at hybrid-lab.co.uk</a>> wrote:<br>
> >Quite frankly the compile time isn't really *that* important,<br>
> <br>
> I disagree.=C2=A0 FreeBSD seems to be heading back to the batch days - you<=
> br>
> submit your buildworld request and come back tomorrow to see if it worked.<=
> br>
> That is a significant hinderance to development and, based on various<br>
> mailing list comments, is causing breakage because developers are cutting<b=
> r>
> corners due to the pain involved in running "make universe" befor=
> e they<br>
> make a large change.<br>
> <br>
> >longer (if not much longer) build times might push toward a better<br>
> >modularisation and compartmentalisation of the OS and the kernel so a<b=
> r>
> >small change in the kernel, for example, doesn't require the<br>
> >recompilation of the whole damn thing when nothing else is affected.<br=
> >
> <br>
> Two problems here:<br>
> 1) make doesn't seem to be sufficient to correctly describe a dependenc=
> y<br>
> tree to allow incremental/partial builds (at, everyone I'm aware of who=
> <br>
> has a successful incremental build system has started by migrating off<br>
> make).=C2=A0 This means that a significant part of the work will be re-writ=
> ing<br>
> the FreeBSD build system into something else like (eg) Bazel.<br>
> 2) The bottleneck very quickly turns into the linker.<br>
> <br>
> -- <br>
> Peter Jeremy<br>
> _______________________________________________<br>
> <a href=3D"mailto:freebsd-hackers at freebsd.org" target=3D"_blank">freebsd-ha=
> ckers at freebsd.org</a> mailing list<br>
> <a href=3D"https://lists.freebsd.org/mailman/listinfo/freebsd-hackers" rel=
> =3D"noreferrer" target=3D"_blank">https://lists.freebsd.org/mailman/listinf=
> o/freebsd-hackers</a><br>
> To unsubscribe, send any mail to "<a href=3D"mailto:freebsd-hackers-un=
> subscribe at freebsd.org" target=3D"_blank">freebsd-hackers-unsubscribe at freebs=
> d.org</a>"<br>
> </blockquote></div></div>
>
> --000000000000caa538057e5f7945--

More information about the freebsd-hackers mailing list