Linked by Thom Holwerda on Sun 26th May 2013 18:48 UTC
OSNews, Generic OSes "A tiny 32 bit kernel written in Rust. I was inspired to download Rust and try to do this after seeing zero.rs - a stub that lets Rust programs run almost freestanding. It paints the screen bright red and then hangs. That's it."
Thread beginning with comment 563011
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[5]: Comment by BBAP
by Vanders on Tue 28th May 2013 11:45 UTC in reply to "RE[4]: Comment by BBAP"
Vanders
Member since:
2005-07-06

No, it's not that: http://static.rust-lang.org/doc/rust.html#unsafe-functions

Unsafe operations are those that potentially violate the memory-safety guarantees of Rust's static semantics. Specifically, the following operations are considered unsafe:

Dereferencing a raw pointer.
Casting a raw pointer to a safe pointer type.
Calling an unsafe function.


So basically, not much different to raw pointer operations in C.

Reply Parent Score: 2

RE[6]: Comment by BBAP
by moondevil on Tue 28th May 2013 14:34 in reply to "RE[5]: Comment by BBAP"
moondevil Member since:
2005-07-08

So basically, not much different to raw pointer operations in C.


Correct, but it makes possible to forbid pointer trick modules in security risk scenarios.

For example, you cannot run unsafe .NET code in IIS, or unsafe Go code in Google App Engine.

Similar unsafe blocks are available in D, Ada, Modula-3 and the Oberon language family.

The whole point is that unsafe operations are only allowed for code that needs to deal directly with the hardware, everywhere else you can you use type safe language constructs.

This allows an increase in the security of the generated code via compiler switches or OS rules.

Of course, this relies on the fact that you cannot change the generated Assembly code, by having the appropriate security access in place.

Reply Parent Score: 2

RE[7]: Comment by BBAP
by Vanders on Tue 28th May 2013 15:20 in reply to "RE[6]: Comment by BBAP"
Vanders Member since:
2005-07-06

The basic point I'm getting at is that in a kernel, I'd be surprised if at least 50% of all the code isn't unsafe (or even just raw assembly). Because the nature of the beast is that you're manipulating raw memory and hardware at its very lowest level.

Checked & safe languages like Rust are nice, but the idea that using such a language for a kernel suddenly makes the kernel less liable to errors is largely unfounded. They can eliminate certain types of errors, but not the errors that are the most likely to bite you in the ass when you're in ring 0.

Having said all that I'd love to see someone expand on the concept and perhaps write a proper kernel in Rust.

Edited 2013-05-28 15:31 UTC

Reply Parent Score: 2