The ISRG wants to make the Linux kernel memory-safe with Rust
The Internet Security Research Group (ISRG)—parent organization of the better-known Let's Encrypt project—has provided prominent developer Miguel Ojeda with a one-year contract to work on Rust in Linux and other security efforts on a full-time basis.
As we covered in March, Rust is a low-level programming language offering most of the flexibility and performance of C—the language used for kernels in Unix and Unix-like operating systems since the 1970s—in a safer way.
Efforts to make Rust a viable language for Linux kernel development began at the 2020 Linux Plumbers conference, with acceptance for the idea coming from Linus Torvalds himself. Torvalds specifically requested Rust compiler availability in the default kernel build environment to support such efforts—not to replace the entire source code of the Linux kernel with Rust-developed equivalents, but to make it possible for new development to work properly.
Using Rust for new code in the kernel—which might mean new hardware drivers or even replacement of GNU Coreutils—potentially decreases the number of bugs lurking in the kernel. Rust simply won't allow a developer to leak memory or create the potential for buffer overflows—significant sources of performance and security issues in complex C-language code.
Previously: Linus Torvalds: Don't Hide Rust in Linux Kernel; Death to AVX-512
Related: Microkernel, Rust-Programmed Redox OS's Devs Slam Linux, Unix, GPL
Following Layoffs, Mozilla and Core Rust Developers Are Forming a Rust Foundation
(Score: 5, Interesting) by dltaylor on Wednesday June 23 2021, @04:15AM
I've worked on embedded stuff, UNIX and Microsoft kernels and drivers and application low-level utilities and libraries over the course of decades of programming.
My only difficulty with C++ is that I've only ever met less than a handful of programmers that actually know how to write in that language. At best, there is always half the performance and 2 to 4 times the amount of run-time code as "C". Just the simplest feature of base and derived classes seems to be beyond them. I have seen multiple instances of empty base classes and the "derived classes" made by "copy, paste, and tweak" from the first working instance. Wrapping as many as 8 layers of classes over just about every byte of data memory is common, too. That's the part of Rust that gives me pause: micromanaging references. Good as modern CPUs may be, winding down some daisy-chain of references is a performance hit. Yes, Virginia, there are layers of references in the Linux kernel, but type-unsafe as it may be (is, probably), I've seen the compilers streamline the object code.
Perhaps I'll rewrite one of the drivers I worked on in Rust and see how for myself if I'm avoiding a pitfall no longer present.