论文信息 - Ownership is theft: experiences building an embedded OS in rust

Ownership is theft: experiences building an embedded OS in rust

Rust, a new systems programming language, provides compile-time memory safety checks to help eliminate runtime bugs that manifest from improper memory management. This feature is advantageous for operating system development, and especially for embedded OS development, where recovery and debugging are particularly challenging. However, embedded platforms are highly event-based, and Rust's memory safety mechanisms largely presume threads. In our experience developing an operating system for embedded systems in Rust, we have found that Rust's ownership model prevents otherwise safe resource sharing common in the embedded domain, conflicts with the reality of hardware resources, and hinders using closures for programming asynchronously. We describe these experiences and how they relate to memory safety as well as illustrate our workarounds that preserve the safety guarantees to the largest extent possible. In addition, we draw from our experience to propose a new language extension to Rust that would enable it to provide better memory safety tools for event-driven platforms.

[1] Luca Cardelli,et al. The Modula–3 type system , 1989, POPL '89.

[2] Janis Voigtländer. Proceedings of the 2012 Haskell Symposium , 2012, ICFP 2012.

[3] Jeff Bonwick,et al. The Slab Allocator: An Object-Caching Kernel Memory Allocator , 1994, USENIX Summer.

[4] Emin Gün Sirer,et al. SPIN: an extensible microkernel for application-specific operating system services , 1994, EW 6.

[5] James R. Larus,et al. Singularity: rethinking the software stack , 2007, OPSR.

[6] Simon Peyton Jones,et al. Safe haskell , 2013 .

[7] Emin Gün Sirer,et al. SPIN—an extensible microkernel for application-specific operating system services , 1995, OPSR.

[8] David E. Culler,et al. TinyOS: An Operating System for Sensor Networks , 2005, Ambient Intelligence.

[9] Xi Wang,et al. Linux kernel vulnerabilities: state-of-the-art defenses and open problems , 2011, APSys.

[10] Marvin Theimer,et al. Cooperative Task Management Without Manual Stack Management , 2002, USENIX Annual Technical Conference, General Track.

[11] Michael M. Swift,et al. Nooks: an architecture for reliable device drivers , 2002, EW 10.

[12] Dave Clarke,et al. External Uniqueness Is Unique Enough , 2003, ECOOP.

[13] Riccardo Pucella,et al. Practical affine types , 2011, POPL '11.