SlideShare a Scribd company logo

Is it time to rewrite the operating system in Rust?

B
bcantrill

Rust is a promising systems programming language that could be used to implement operating systems due to its focus on safety, parallelism and performance. However, rewriting existing operating system kernels entirely in Rust may not provide clear advantages over established C-based implementations and could introduce new challenges. More practical approaches include using Rust for new in-kernel components, user-level operating system software, and firmware, which may be better candidates than kernel rewrites. This allows incremental introduction of Rust while retaining existing high-performance C code.

Software
1 of 23
Downloaded 70 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
Is it time to rewrite the operating system in Rust? CTO bryan@joyent.com Bryan Cantrill @bcantrill
Spoiler alert
What even is the operating system? • The operating system is harder to define than it might seem… • For every definition, it can be easy to come up with exceptions • At minimum: the operating system is the program that abstracts hardware to allow execution of other programs • The operating system defines the liveness of the machine: without it, no program can run • The operating system software that runs with the highest level of architectural privilege is the operating system kernel • …but the kernel is not the entire operating system!
Operating system implementation history • Historically, operating systems — née “executives” — were written entirely in assembly • Starting with the Burroughs B5000 MCP in 1961, operating systems started to be written in higher level languages… • In 1964, when Project MAC at MIT sought to build a successor to their Compatible Timesharing System (CTSS), they selected the language (PL/I) before writing any code (!) • But PL/I had no functioning compiler — and wouldn’t until 1966
PL/I in Multics • The decision to use PL/I in Multics was seen by its creators as a great strength, even when reflecting back in 1971:
 
 
 
 
 
 
 • …but that the compiler was unavailable for so long (and when was available, performed poorly) was a nearly-fatal weakness Source: “Multics: The first seven years,” Corbato et al.
The birth of Unix • Bell Labs pulled out of the Multics project in 1969 • A researcher formerly on the Multics effort, Ken Thompson, implemented a new operating system for the PDP-7 • The system was later ported to the PDP-11/20, where it was named Unix — a play on “eunuchs” and a contrast to the top- down complexity of Multics • Unix was implemented entirely in assembly!
Unix and high-level languages • The interpreted language B (a BCPL derivative), was present in Unix, but only used for auxiliary functionality, e.g. the assembler and an early version of dc(1) • Some of the B that was in use in Unix was replaced with assembly for reasons of performance! • Dennis Ritchie and Thompson developed a B-inspired language focused on better abstracting the machine, naming it “C” • Perhaps contrary to myth, C and Unix were not born at the same instant — they are siblings, not twins!
The C revolution • C is rightfully called “portable assembly”: it is designed to closely match the abstraction of the machine itself • C features memory addressability at its core • Unlike PL/I, C grew as concrete needs arose • e.g., C organically adopted important facilities like macro processing through the C preprocessor • Standardization efforts came late and were contentious: C remains infamous for its undefined behaviors
Operating systems in the 1980s • As the minimal abstraction above the machine, C — despite its blemishes — proved to be an excellent fit for operating systems implementation • With few exceptions, operating systems — Unix or otherwise — were implemented in C throughout the 1980s • Other systems existed as research systems, but struggled to offer comparable performance to C-based systems
Operating systems in the 1990s • In the 1990s, object oriented programming came into vogue, with languages like C++ and Java • By the mid-1990s, C-based systems were thought to be relics • …but the systems putatively replacing them were rewrites — and suffered from rampant Second System Syndrome • They were infamously late (e.g. Apple’s Copland), infamously slow (e.g. Sun’s Spring), or both (Taligent’s Pink) • Java-based operating systems like Sun’s JavaOS fared no better; hard to interact with hardware without unsigned types!
Operating systems in the 2000s • With the arrival of Linux, Unix enjoyed a resurgence — and
 C-based operating systems became deeply entrenched • With only a few exceptions (e.g., Haiku), serious attempts at
 C++-based kernels withered • At the same time, non-Java/non-C++ languages blossomed: first Ruby, and then Python and JavaScript • These languages were focused on ease of development rather than performance — and there appears to be no serious effort to implement an operating system in any of these
Systems software in the 2010s • Systems programmers began pining for something different: the performance of C, but with more powerful constructs as enjoyed in other languages • High-performance JavaScript runtimes allowed for a surprising use in node.js — but otherwise left much to be desired • Bell Labs refugees at Google developed Go, which solves some problems, but with many idiosyncrasies • Go, JavaScript and others are garbage collected, making interacting with C either impossible or excruciatingly slow
Rust? • Rust is a systems software programming language designed around safety, parallelism, and speed • Rust has a novel system of ownership, whereby it can statically determine when a memory object is no longer in use • This allows for the power of a garbage-collected language, but with the performance of manual memory management • This is important because — unlike C — Rust is highly composable, allowing for more sophisticated (and higher performing!) primitives
Rust performance (my experience) Source: http://dtrace.org/blogs/bmc/2018/09/28/the-relative-performance-of-c-and-rust/
Rust: Beyond ownership • Rust has a number of other features that make it highly compelling for systems software implementation: • Algebraic types allow robust, concise error handling • Hygienic macros allow for safe syntax extensions • Foreign function interface allows for full-duplex integration with C without sacrificing performance • “unsafe” keyword allows for some safety guarantees to be surgically overruled (though with obvious peril) • Also: terrific community, thriving ecosystem, etc.
Operating systems in Rust? • If the history of operating systems implementation teaches us anything, it’s that runtime characteristics trump development challenges! • Structured languages (broadly) replaced assembly because they performed as well • Viz., every operating system retains some assembly for reasons of performance! • With its focus on performance and zero-cost abstractions, Rust does represent a real, new candidate programming language for operating systems implementation
Operating systems in Rust: A first attempt • First attempt at an operating system kernel in Rust seems to be Alex Light’s Reenix, ca. 2015: a re-implementation of a teaching operating system in Rust as an undergrad thesis • Biggest challenge in Reenix was that Rust forbids an application from handling allocation failure • The addition of a global allocator API has improved this in that now a C-based system can at least handle pressure… • …but dealing with memory allocation failure is still very much an unsettled area for Rust (see Rust RFC 2116)
Operating systems in Rust since 2015 • Since Reenix’s first efforts, there have been quite a few small systems in Rust, e.g.: Redox, Tifflin, Tock, intermezzOS, RustOS/QuiltOS, Rux, and Philipp Oppermann’s Blog OS • Some of these are teaching systems (intermezzOS, Blog OS), some are unikernels (QuiltOS) and/or targeted at IoT (Tock) • These systems are all de novo, which represents its own challenges, e.g. forsaking binary compatibility with Linux and fighting Second System Syndrome
Operating systems in Rust: The challenges • While Rust’s advantages are themselves clear, it’s less clear what the advantage is when replacing otherwise working code • For in-kernel code in particular, the safety argument for Rust carries less weight: in-kernel C tends to be de facto safe • Rust does, however, presents new challenges for kernel development, esp. with respect to multiply-owned structures • An OS kernel — despite its historic appeal and superficial fit for Rust — may represent more challenge than its worth • But what of hybrid approaches?
Hybrid approach I: Rust in-kernel components • One appeal of Rust is its ability to interoperate with C • One hybrid approach to explore would be to retain a
 C-/assembly-based kernel while allowing for Rust-based
 in-kernel components like device drivers and filesystems • This would allow for an incremental approach — and instead of rewriting, Rust can be used for new development • There is a prototype example of this in FreeBSD; others are presumably possible
Hybrid approach II: Rust OS components • An operating system is not just a kernel! • Operating systems have significant functionality at user-level: utilities, daemons, service-/device-/fault- management facilities, debuggers, etc. • If anything, the definition of the OS is expanding to distributed system that represents a multi-computer control plane — that itself includes many components • These components are much more prone to run-time failure! • Many of these are an excellent candidate for Rust!
Hybrid approach III: Rust-based firmware • Below the operating system lurks hardware-facing special- purpose software: firmware • Firmware is a sewer of unobservable software with a long history of infamous quality problems • Firmware has some of the same challenges as kernel development (e.g., dealing with allocation failures), but may otherwise be more amenable to Rust • This is especially true when/where firmware is in user-space and is network-facing! (e.g., OpenBMC)
Looking forward: Systems software in Rust • Rust represents something that we haven’t seen in a long time: a modern language that represents an alternative throughout the stack of software abstraction • Despite the interest in operating system kernel implementation, that might not be a good first fit for Rust • Rust allows hybrid approaches, allowing for productive kernel incrementalism rather than whole-system rewrites • Firmware and user-level operating system software are two very promising candidates for implementation in Rust!

More Related Content

PPTX
Introduction to Apache Kafka
AIMDek Technologies
 
PPTX
Introduction to Java -unit-1
RubaNagarajan
 
PDF
gVisor, Kata Containers, Firecracker, Docker: Who is Who in the Container Space?
ArangoDB Database
 
PDF
Cloudsim_openstack_aws_lastunit_bsccs_cloud computing
MrSameerSTathare
 
PDF
Introduction to Qt programming
Dragos Tudor Acostachioaie
 
PDF
Understanding performance aspects of etcd and Raft
Hitoshi Mitake
 
PPTX
REST vs gRPC: Battle of API's
Luram Archanjo
 
PPTX
Classes and objects
Anil Kumar
 
Introduction to Apache Kafka
AIMDek Technologies
 
Introduction to Java -unit-1
RubaNagarajan
 
gVisor, Kata Containers, Firecracker, Docker: Who is Who in the Container Space?
ArangoDB Database
 
Cloudsim_openstack_aws_lastunit_bsccs_cloud computing
MrSameerSTathare
 
Introduction to Qt programming
Dragos Tudor Acostachioaie
 
Understanding performance aspects of etcd and Raft
Hitoshi Mitake
 
REST vs gRPC: Battle of API's
Luram Archanjo
 
Classes and objects
Anil Kumar
 

What's hot (20)

PPTX
Typescript ppt
akhilsreyas
 
PDF
Inter-Process Communication in Microservices using gRPC
Shiju Varghese
 
PDF
gRPC Overview
Varun Talwar
 
PDF
gRPC - RPC rebirth?
Luís Barbosa
 
PDF
Event-Driven Microservices With NATS Streaming
Shiju Varghese
 
PDF
Ingress? That’s So 2020! Introducing the Kubernetes Gateway API
VMware Tanzu
 
PDF
Robert Kubis - gRPC - boilerplate to high-performance scalable APIs - code.t...
AboutYouGmbH
 
PDF
Cluster management with Kubernetes
Satnam Singh
 
PDF
CERN Data Centre Evolution
Gavin McCance
 
PDF
Red Hat OpenShift Operators - Operators ABC
Robert Bohne
 
PDF
Vault
dawnlua
 
PDF
Crossplane @ Mastering GitOps.pdf
QAware GmbH
 
PPT
Interface in java By Dheeraj Kumar Singh
dheeraj_cse
 
PPTX
Microservices, Node, Dapr and more - Part One (Fontys Hogeschool, Spring 2022)
Lucas Jellema
 
PDF
Helm - Application deployment management for Kubernetes
Alexei Ledenev
 
PDF
Open vSwitch - Stateful Connection Tracking & Stateful NAT
Thomas Graf
 
PDF
Apache Kafka Architecture & Fundamentals Explained
confluent
 
ODP
Introduction To RabbitMQ
Knoldus Inc.
 
PDF
Machine learning in php Using PHP-ML
Agbagbara Omokhoa
 
ODP
nftables - the evolution of Linux Firewall
Marian Marinov
 
Typescript ppt
akhilsreyas
 
Inter-Process Communication in Microservices using gRPC
Shiju Varghese
 
gRPC Overview
Varun Talwar
 
gRPC - RPC rebirth?
Luís Barbosa
 
Event-Driven Microservices With NATS Streaming
Shiju Varghese
 
Ingress? That’s So 2020! Introducing the Kubernetes Gateway API
VMware Tanzu
 
Robert Kubis - gRPC - boilerplate to high-performance scalable APIs - code.t...
AboutYouGmbH
 
Cluster management with Kubernetes
Satnam Singh
 
CERN Data Centre Evolution
Gavin McCance
 
Red Hat OpenShift Operators - Operators ABC
Robert Bohne
 
Vault
dawnlua
 
Crossplane @ Mastering GitOps.pdf
QAware GmbH
 
Interface in java By Dheeraj Kumar Singh
dheeraj_cse
 
Microservices, Node, Dapr and more - Part One (Fontys Hogeschool, Spring 2022)
Lucas Jellema
 
Helm - Application deployment management for Kubernetes
Alexei Ledenev
 
Open vSwitch - Stateful Connection Tracking & Stateful NAT
Thomas Graf
 
Apache Kafka Architecture & Fundamentals Explained
confluent
 
Introduction To RabbitMQ
Knoldus Inc.
 
Machine learning in php Using PHP-ML
Agbagbara Omokhoa
 
nftables - the evolution of Linux Firewall
Marian Marinov
 
Ad

Similar to Is it time to rewrite the operating system in Rust? (20)

PDF
Platform values, Rust, and the implications for system software
bcantrill
 
PDF
Rust in Action Systems programming concepts and techniques 1st Edition Tim Mc...
paaolablan
 
PDF
The Role of C in Operating System Development
Naresh IT
 
PDF
The Rust Programming Language
Mario Alexandro Santini
 
PPTX
Rustbridge
kent marete
 
PPTX
Kernel-Level Programming: Entering Ring Naught
David Evans
 
PDF
Linux-Internals-and-Networking
Emertxe Information Technologies Pvt Ltd
 
PDF
linux_internals_2.3 (1).pdf àaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
YasaswiniChintamalla1
 
PDF
Embedded Rust
Jens Siebert
 
PDF
Introduction to System Programming
Sayed Chhattan Shah
 
PPTX
Linux Operaring System chapter one Introduction.pptx
MAHERMOHAMED27
 
PPTX
Introduction to Operating system and graduate
RamaSubramanian79
 
PPTX
Rust
Naga Dinesh
 
PPTX
Second Slide about Operating System services
DngThinBo
 
PPTX
Rust programming-language
Mujahid Malik Arain
 
PDF
Rust All Hands Winter 2011
Patrick Walton
 
PDF
Singularity Rethinking The Software Stack
alanocu
 
PPTX
Why Is Rust Gaining Traction In Recent Years?
Techahead Software
 
PPTX
Rust vs C++
corehard_by
 
PPTX
Rust 101 (2017 edition)
Robert 'Bob' Reyes
 
Platform values, Rust, and the implications for system software
bcantrill
 
Rust in Action Systems programming concepts and techniques 1st Edition Tim Mc...
paaolablan
 
The Role of C in Operating System Development
Naresh IT
 
The Rust Programming Language
Mario Alexandro Santini
 
Rustbridge
kent marete
 
Kernel-Level Programming: Entering Ring Naught
David Evans
 
Linux-Internals-and-Networking
Emertxe Information Technologies Pvt Ltd
 
linux_internals_2.3 (1).pdf àaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
YasaswiniChintamalla1
 
Embedded Rust
Jens Siebert
 
Introduction to System Programming
Sayed Chhattan Shah
 
Linux Operaring System chapter one Introduction.pptx
MAHERMOHAMED27
 
Introduction to Operating system and graduate
RamaSubramanian79
 
Rust
Naga Dinesh
 
Second Slide about Operating System services
DngThinBo
 
Rust programming-language
Mujahid Malik Arain
 
Rust All Hands Winter 2011
Patrick Walton
 
Singularity Rethinking The Software Stack
alanocu
 
Why Is Rust Gaining Traction In Recent Years?
Techahead Software
 
Rust vs C++
corehard_by
 
Rust 101 (2017 edition)
Robert 'Bob' Reyes
 
Ad

More from bcantrill (20)

PDF
Predicting the Present
bcantrill
 
PDF
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
 
PDF
Coming of Age: Developing young technologists without robbing them of their y...
bcantrill
 
PDF
I have come to bury the BIOS, not to open it: The need for holistic systems
bcantrill
 
PDF
Towards Holistic Systems
bcantrill
 
PDF
The Coming Firmware Revolution
bcantrill
 
PDF
Hardware/software Co-design: The Coming Golden Age
bcantrill
 
PDF
Tockilator: Deducing Tock execution flows from Ibex Verilator traces
bcantrill
 
PDF
No Moore Left to Give: Enterprise Computing After Moore's Law
bcantrill
 
PDF
Andreessen's Corollary: Ethical Dilemmas in Software Engineering
bcantrill
 
PDF
Visualizing Systems with Statemaps
bcantrill
 
PDF
dtrace.conf(16): DTrace state of the union
bcantrill
 
PDF
The Hurricane's Butterfly: Debugging pathologically performing systems
bcantrill
 
PDF
Papers We Love: ARC after dark
bcantrill
 
PDF
Principles of Technology Leadership
bcantrill
 
PDF
Zebras all the way down: The engineering challenges of the data path
bcantrill
 
PDF
Platform as reflection of values: Joyent, node.js, and beyond
bcantrill
 
PDF
Debugging under fire: Keeping your head when systems have lost their mind
bcantrill
 
PDF
Down Memory Lane: Two Decades with the Slab Allocator
bcantrill
 
PDF
The State of Cloud 2016: The whirlwind of creative destruction
bcantrill
 
Predicting the Present
bcantrill
 
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
 
Coming of Age: Developing young technologists without robbing them of their y...
bcantrill
 
I have come to bury the BIOS, not to open it: The need for holistic systems
bcantrill
 
Towards Holistic Systems
bcantrill
 
The Coming Firmware Revolution
bcantrill
 
Hardware/software Co-design: The Coming Golden Age
bcantrill
 
Tockilator: Deducing Tock execution flows from Ibex Verilator traces
bcantrill
 
No Moore Left to Give: Enterprise Computing After Moore's Law
bcantrill
 
Andreessen's Corollary: Ethical Dilemmas in Software Engineering
bcantrill
 
Visualizing Systems with Statemaps
bcantrill
 
dtrace.conf(16): DTrace state of the union
bcantrill
 
The Hurricane's Butterfly: Debugging pathologically performing systems
bcantrill
 
Papers We Love: ARC after dark
bcantrill
 
Principles of Technology Leadership
bcantrill
 
Zebras all the way down: The engineering challenges of the data path
bcantrill
 
Platform as reflection of values: Joyent, node.js, and beyond
bcantrill
 
Debugging under fire: Keeping your head when systems have lost their mind
bcantrill
 
Down Memory Lane: Two Decades with the Slab Allocator
bcantrill
 
The State of Cloud 2016: The whirlwind of creative destruction
bcantrill
 

Recently uploaded (20)

PPTX
Lecture 3: Operating Systems Introduction to Computer Hardware Systems
hci7se
 
PDF
medical staffing services at VALiNTRY
Tiyan Grayson
 
PDF
Addressing The Cult of Project Management Tools-Why Disconnected Work is Hold...
OnePlan Solutions
 
PPTX
Operating system designcfffgfgggggggvggggggggg
rmskumara09
 
PDF
Claude Code: Everyone is a 10x Developer - A Comprehensive AI-Powered CLI Tool
William Chong
 
PPTX
ISO 45001 Occupational Health and Safety Management System
EHA Soft Solutions
 
PPTX
ai tools demonstartion for schools and inter college
harshavardhanreddyka11
 
PDF
Odoo Companies in India – Driving Business Transformation.pdf
azhuhardeen1968
 
PDF
Navsoft: AI-Powered Business Solutions & Custom Software Development
Navsoft
 
PPTX
Transform Your Business with a Software ERP System
Canada Software Company
 
PDF
Adobe Illustrator 28.6 Crack My Vision of Vector Design
ghrom2211g
 
PDF
Upgrade and Innovation Strategies for SAP ERP Customers
Virendra Rai, PMP
 
PDF
Internet Downloader Manager (IDM) Crack 6.42 Build 42 Updates Latest 2025
itskinga12
 
PDF
How to Migrate SBCGlobal Email to Yahoo Easily
raymondjones7273
 
PDF
Design an Analysis of Algorithms I-SECS-1021-03
DilanEscobar1
 
PDF
Digital Strategies for Manufacturing Companies
Virendra Rai, PMP
 
PDF
Internet Downloader Manager (IDM) Crack 6.42 Build 41
ghrom2211g
 
PDF
2025 Textile ERP Trends: SAP, Odoo & Oracle
Aetos Technologies
 
PPTX
L1 - Introduction to python Backend.pptx
MoizAhmed480282
 
PDF
T3DD25 TYPO3 Content Blocks - Deep Dive by André Kraus
Andre Kraus
 
Lecture 3: Operating Systems Introduction to Computer Hardware Systems
hci7se
 
medical staffing services at VALiNTRY
Tiyan Grayson
 
Addressing The Cult of Project Management Tools-Why Disconnected Work is Hold...
OnePlan Solutions
 
Operating system designcfffgfgggggggvggggggggg
rmskumara09
 
Claude Code: Everyone is a 10x Developer - A Comprehensive AI-Powered CLI Tool
William Chong
 
ISO 45001 Occupational Health and Safety Management System
EHA Soft Solutions
 
ai tools demonstartion for schools and inter college
harshavardhanreddyka11
 
Odoo Companies in India – Driving Business Transformation.pdf
azhuhardeen1968
 
Navsoft: AI-Powered Business Solutions & Custom Software Development
Navsoft
 
Transform Your Business with a Software ERP System
Canada Software Company
 
Adobe Illustrator 28.6 Crack My Vision of Vector Design
ghrom2211g
 
Upgrade and Innovation Strategies for SAP ERP Customers
Virendra Rai, PMP
 
Internet Downloader Manager (IDM) Crack 6.42 Build 42 Updates Latest 2025
itskinga12
 
How to Migrate SBCGlobal Email to Yahoo Easily
raymondjones7273
 
Design an Analysis of Algorithms I-SECS-1021-03
DilanEscobar1
 
Digital Strategies for Manufacturing Companies
Virendra Rai, PMP
 
Internet Downloader Manager (IDM) Crack 6.42 Build 41
ghrom2211g
 
2025 Textile ERP Trends: SAP, Odoo & Oracle
Aetos Technologies
 
L1 - Introduction to python Backend.pptx
MoizAhmed480282
 
T3DD25 TYPO3 Content Blocks - Deep Dive by André Kraus
Andre Kraus
 

Is it time to rewrite the operating system in Rust?

  • 1. Is it time to rewrite the operating system in Rust? CTO bryan@joyent.com Bryan Cantrill @bcantrill
  • 3. What even is the operating system? • The operating system is harder to define than it might seem… • For every definition, it can be easy to come up with exceptions • At minimum: the operating system is the program that abstracts hardware to allow execution of other programs • The operating system defines the liveness of the machine: without it, no program can run • The operating system software that runs with the highest level of architectural privilege is the operating system kernel • …but the kernel is not the entire operating system!
  • 4. Operating system implementation history • Historically, operating systems — née “executives” — were written entirely in assembly • Starting with the Burroughs B5000 MCP in 1961, operating systems started to be written in higher level languages… • In 1964, when Project MAC at MIT sought to build a successor to their Compatible Timesharing System (CTSS), they selected the language (PL/I) before writing any code (!) • But PL/I had no functioning compiler — and wouldn’t until 1966
  • 5. PL/I in Multics • The decision to use PL/I in Multics was seen by its creators as a great strength, even when reflecting back in 1971:
 
 
 
 
 
 
 • …but that the compiler was unavailable for so long (and when was available, performed poorly) was a nearly-fatal weakness Source: “Multics: The first seven years,” Corbato et al.
  • 6. The birth of Unix • Bell Labs pulled out of the Multics project in 1969 • A researcher formerly on the Multics effort, Ken Thompson, implemented a new operating system for the PDP-7 • The system was later ported to the PDP-11/20, where it was named Unix — a play on “eunuchs” and a contrast to the top- down complexity of Multics • Unix was implemented entirely in assembly!
  • 7. Unix and high-level languages • The interpreted language B (a BCPL derivative), was present in Unix, but only used for auxiliary functionality, e.g. the assembler and an early version of dc(1) • Some of the B that was in use in Unix was replaced with assembly for reasons of performance! • Dennis Ritchie and Thompson developed a B-inspired language focused on better abstracting the machine, naming it “C” • Perhaps contrary to myth, C and Unix were not born at the same instant — they are siblings, not twins!
  • 8. The C revolution • C is rightfully called “portable assembly”: it is designed to closely match the abstraction of the machine itself • C features memory addressability at its core • Unlike PL/I, C grew as concrete needs arose • e.g., C organically adopted important facilities like macro processing through the C preprocessor • Standardization efforts came late and were contentious: C remains infamous for its undefined behaviors
  • 9. Operating systems in the 1980s • As the minimal abstraction above the machine, C — despite its blemishes — proved to be an excellent fit for operating systems implementation • With few exceptions, operating systems — Unix or otherwise — were implemented in C throughout the 1980s • Other systems existed as research systems, but struggled to offer comparable performance to C-based systems
  • 10. Operating systems in the 1990s • In the 1990s, object oriented programming came into vogue, with languages like C++ and Java • By the mid-1990s, C-based systems were thought to be relics • …but the systems putatively replacing them were rewrites — and suffered from rampant Second System Syndrome • They were infamously late (e.g. Apple’s Copland), infamously slow (e.g. Sun’s Spring), or both (Taligent’s Pink) • Java-based operating systems like Sun’s JavaOS fared no better; hard to interact with hardware without unsigned types!
  • 11. Operating systems in the 2000s • With the arrival of Linux, Unix enjoyed a resurgence — and
 C-based operating systems became deeply entrenched • With only a few exceptions (e.g., Haiku), serious attempts at
 C++-based kernels withered • At the same time, non-Java/non-C++ languages blossomed: first Ruby, and then Python and JavaScript • These languages were focused on ease of development rather than performance — and there appears to be no serious effort to implement an operating system in any of these
  • 12. Systems software in the 2010s • Systems programmers began pining for something different: the performance of C, but with more powerful constructs as enjoyed in other languages • High-performance JavaScript runtimes allowed for a surprising use in node.js — but otherwise left much to be desired • Bell Labs refugees at Google developed Go, which solves some problems, but with many idiosyncrasies • Go, JavaScript and others are garbage collected, making interacting with C either impossible or excruciatingly slow
  • 13. Rust? • Rust is a systems software programming language designed around safety, parallelism, and speed • Rust has a novel system of ownership, whereby it can statically determine when a memory object is no longer in use • This allows for the power of a garbage-collected language, but with the performance of manual memory management • This is important because — unlike C — Rust is highly composable, allowing for more sophisticated (and higher performing!) primitives
  • 14. Rust performance (my experience) Source: http://dtrace.org/blogs/bmc/2018/09/28/the-relative-performance-of-c-and-rust/
  • 15. Rust: Beyond ownership • Rust has a number of other features that make it highly compelling for systems software implementation: • Algebraic types allow robust, concise error handling • Hygienic macros allow for safe syntax extensions • Foreign function interface allows for full-duplex integration with C without sacrificing performance • “unsafe” keyword allows for some safety guarantees to be surgically overruled (though with obvious peril) • Also: terrific community, thriving ecosystem, etc.
  • 16. Operating systems in Rust? • If the history of operating systems implementation teaches us anything, it’s that runtime characteristics trump development challenges! • Structured languages (broadly) replaced assembly because they performed as well • Viz., every operating system retains some assembly for reasons of performance! • With its focus on performance and zero-cost abstractions, Rust does represent a real, new candidate programming language for operating systems implementation
  • 17. Operating systems in Rust: A first attempt • First attempt at an operating system kernel in Rust seems to be Alex Light’s Reenix, ca. 2015: a re-implementation of a teaching operating system in Rust as an undergrad thesis • Biggest challenge in Reenix was that Rust forbids an application from handling allocation failure • The addition of a global allocator API has improved this in that now a C-based system can at least handle pressure… • …but dealing with memory allocation failure is still very much an unsettled area for Rust (see Rust RFC 2116)
  • 18. Operating systems in Rust since 2015 • Since Reenix’s first efforts, there have been quite a few small systems in Rust, e.g.: Redox, Tifflin, Tock, intermezzOS, RustOS/QuiltOS, Rux, and Philipp Oppermann’s Blog OS • Some of these are teaching systems (intermezzOS, Blog OS), some are unikernels (QuiltOS) and/or targeted at IoT (Tock) • These systems are all de novo, which represents its own challenges, e.g. forsaking binary compatibility with Linux and fighting Second System Syndrome
  • 19. Operating systems in Rust: The challenges • While Rust’s advantages are themselves clear, it’s less clear what the advantage is when replacing otherwise working code • For in-kernel code in particular, the safety argument for Rust carries less weight: in-kernel C tends to be de facto safe • Rust does, however, presents new challenges for kernel development, esp. with respect to multiply-owned structures • An OS kernel — despite its historic appeal and superficial fit for Rust — may represent more challenge than its worth • But what of hybrid approaches?
  • 20. Hybrid approach I: Rust in-kernel components • One appeal of Rust is its ability to interoperate with C • One hybrid approach to explore would be to retain a
 C-/assembly-based kernel while allowing for Rust-based
 in-kernel components like device drivers and filesystems • This would allow for an incremental approach — and instead of rewriting, Rust can be used for new development • There is a prototype example of this in FreeBSD; others are presumably possible
  • 21. Hybrid approach II: Rust OS components • An operating system is not just a kernel! • Operating systems have significant functionality at user-level: utilities, daemons, service-/device-/fault- management facilities, debuggers, etc. • If anything, the definition of the OS is expanding to distributed system that represents a multi-computer control plane — that itself includes many components • These components are much more prone to run-time failure! • Many of these are an excellent candidate for Rust!
  • 22. Hybrid approach III: Rust-based firmware • Below the operating system lurks hardware-facing special- purpose software: firmware • Firmware is a sewer of unobservable software with a long history of infamous quality problems • Firmware has some of the same challenges as kernel development (e.g., dealing with allocation failures), but may otherwise be more amenable to Rust • This is especially true when/where firmware is in user-space and is network-facing! (e.g., OpenBMC)
  • 23. Looking forward: Systems software in Rust • Rust represents something that we haven’t seen in a long time: a modern language that represents an alternative throughout the stack of software abstraction • Despite the interest in operating system kernel implementation, that might not be a good first fit for Rust • Rust allows hybrid approaches, allowing for productive kernel incrementalism rather than whole-system rewrites • Firmware and user-level operating system software are two very promising candidates for implementation in Rust!