←back to thread

Asterinas: OS kernel written in Rust and providing Linux-compatible ABI

(github.com)
364 points Klasiaster | 1 comments | 15 Oct 24 12:01 UTC | HN request time: 0.246s | source
Show context
akira2501 ◴[15 Oct 24 18:58 UTC] No.41851912[source]
I personally dislike rust, but I love kernels, and so I'll always check these projects out.

This is one of the nicer ones.

It looks pretty conservative in it's use of Rust's advanced features. The code looks pretty easy to read and follow. There's actually a decent amount of comments (for rust code).

Not bad!

replies(2): >>41852794 #>>41855386 #
wg0 ◴[16 Oct 24 03:40 UTC] No.41855386[source]
Otherwise is a decent language but what makes it difficult is the borrow semantics and lifetimes. Lifetimes are more complicated to get your head around.

But then there's this Arc, Ref, Pinning and what not - how deep is that rabbit hole?

replies(5): >>41855987 #>>41855995 #>>41856204 #>>41856306 #>>41856588 #
baq ◴[16 Oct 24 06:36 UTC] No.41856204[source]
If you’re writing C and don’t track ownership of values, you’re in a world of hurt. Rust makes you do from day one what you could do in C but unless you have years of experience you think it isn’t necessary.
replies(2): >>41856314 #>>41856786 #
wg0 ◴[16 Oct 24 08:20 UTC] No.41856786[source]
Okay, I think it is is more like Typescript. You hate it but one day you just write small JS program and convert it to Typescript to discover that static analysis alone had so many code paths revealed that would have resulted in uncaught errors and then you always feel very uncomfortable writing plain Javascript.

But what about tools like valgrind in context of C?

replies(5): >>41857436 #>>41857484 #>>41858152 #>>41858386 #>>41864741 #
1. rcxdude ◴[16 Oct 24 12:10 UTC] No.41858152[source]
Valgrind can only tell you about issues that your testcases exercise. It doesn't provide the same guarantees as static checking of memory safety invariants. But, if you're really concerned (especially about unsafe code), belt-and-bracers is a good strategy, and valgrind will work with rust binaries as well. Rust also has a tool called MIRI which can similarly flag up issues in testcases (it's effectively an interpreter for the intermediate representation in the compiler, and it can detect undefined behaviour even if the compiled assembly would happen to look OK. Still has the same limitation of needing extensive testcases though)