Linked by Thom Holwerda on Sun 26th May 2013 18:48 UTC
OSNews, Generic OSes "A tiny 32 bit kernel written in Rust. I was inspired to download Rust and try to do this after seeing zero.rs - a stub that lets Rust programs run almost freestanding. It paints the screen bright red and then hangs. That's it."
Thread beginning with comment 563025
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[6]: Comment by BBAP
by moondevil on Tue 28th May 2013 14:34 UTC in reply to "RE[5]: Comment by BBAP"
moondevil
Member since:
2005-07-08

So basically, not much different to raw pointer operations in C.


Correct, but it makes possible to forbid pointer trick modules in security risk scenarios.

For example, you cannot run unsafe .NET code in IIS, or unsafe Go code in Google App Engine.

Similar unsafe blocks are available in D, Ada, Modula-3 and the Oberon language family.

The whole point is that unsafe operations are only allowed for code that needs to deal directly with the hardware, everywhere else you can you use type safe language constructs.

This allows an increase in the security of the generated code via compiler switches or OS rules.

Of course, this relies on the fact that you cannot change the generated Assembly code, by having the appropriate security access in place.

Reply Parent Score: 2

RE[7]: Comment by BBAP
by Vanders on Tue 28th May 2013 15:20 in reply to "RE[6]: Comment by BBAP"
Vanders Member since:
2005-07-06

The basic point I'm getting at is that in a kernel, I'd be surprised if at least 50% of all the code isn't unsafe (or even just raw assembly). Because the nature of the beast is that you're manipulating raw memory and hardware at its very lowest level.

Checked & safe languages like Rust are nice, but the idea that using such a language for a kernel suddenly makes the kernel less liable to errors is largely unfounded. They can eliminate certain types of errors, but not the errors that are the most likely to bite you in the ass when you're in ring 0.

Having said all that I'd love to see someone expand on the concept and perhaps write a proper kernel in Rust.

Edited 2013-05-28 15:31 UTC

Reply Parent Score: 2

RE[8]: Comment by BBAP
by moondevil on Tue 28th May 2013 16:35 in reply to "RE[7]: Comment by BBAP"
moondevil Member since:
2005-07-08

I advise you to inform yourself of operating systems done in such languages, in case you find the subject interesting.

Lilith was done in Modula-2. AS/400 also had a part of Modula-2 on its kernel on the first versions, but it has been replaced by C++ in more recent versions.

A very good reading about such systems is the book Niklaus Wirth wrote about how Native Oberon was designed, freely available from Zurich's university:

http://www.ethoberon.ethz.ch/WirthPublProjectOberon.pdf

It was quite usable system back in the late 90's.

Or the Mirage OS done by Citrix and the Xen Project,

http://www.cl.cam.ac.uk/projects/ocamllabs/tasks/mirage.html

Back when C appeared, kernel safe languages were already starting to be explored, but like everything in computing, many concepts take decades before they become accepted in the industry.

Granted, others never managed to mostly due to the famous "Worse is Better" axiom.

Reply Parent Score: 2