Asterinas: OS kernel written in Rust and providing Linux-compatible ABI

(github.com)

364 points Klasiaster | 1 comments | 15 Oct 24 12:01 UTC | HN request time: 0.246s | source

Show context

akira2501 ◴[15 Oct 24 18:58 UTC] No.41851912[source]▶

I personally dislike rust, but I love kernels, and so I'll always check these projects out.

This is one of the nicer ones.

It looks pretty conservative in it's use of Rust's advanced features. The code looks pretty easy to read and follow. There's actually a decent amount of comments (for rust code).

Not bad!

replies(2): >>41852794 #>>41855386 #

wg0 ◴[16 Oct 24 03:40 UTC] No.41855386[source]▶

>>41851912 #

Otherwise is a decent language but what makes it difficult is the borrow semantics and lifetimes. Lifetimes are more complicated to get your head around.

But then there's this Arc, Ref, Pinning and what not - how deep is that rabbit hole?

replies(5): >>41855987 #>>41855995 #>>41856204 #>>41856306 #>>41856588 #

KingOfCoders ◴[16 Oct 24 05:51 UTC] No.41855995[source]▶

>>41855386 #

I always feel Arc is the admission that the borrow checker with different/overlapping lifetimes is too difficult, despite what many Rust developers - who liberally use Arc - claim.

replies(5): >>41856058 #>>41857157 #>>41857254 #>>41857856 #>>41859332 #

Galanwe ◴[16 Oct 24 06:07 UTC] No.41856058[source]▶

>>41855995 #

It's not that the borrow checker is too difficult, it's that it's too limiting.

The _static_ borrow checker can only check what is _statically_ verifiable, which is but a subset of valid programs. There are few things more frustrating than doing something you know is correct, but that you cannot express in your language.

replies(2): >>41857630 #>>41860547 #

netbsdusers ◴[16 Oct 24 10:49 UTC] No.41857630[source]▶

>>41856058 #

For kernels (and I suspect database engines might be added to the list, since they seem to have similar requirements to be both scalable and deal with massive amounts of shared state, but I'm not overly familiar with them) is where it gets particularly difficult.

Several kernels for example use type-stable memory, memory that is guaranteed to only hold objects of a particular type, though perhaps only providing that guarantee for as long as you hold an RCU read-lock (this is the case in Linux with SLAB_TYPESAFE_BY_RCU). It is possible in some cases to be able to safely deal with references to objects where the "lifetime" of the referent has ended, but where by dint of it being guaranteed to be the same type of object, you can still do what you want to do.

This comes in handy when you have a problem that commonly appears in kernels where you need to invert a typical lock ordering (a classic case is that the page fault codepath might want to lock, say, VM object then page queue, but the page-replacement codepath will want to lock page-queue then VM object.)

Unfortunately it's hard to think of how the preconditions for these tricks could be formally expressed.

replies(1): >>41859480 #

1. andrewflnr ◴[16 Oct 24 14:32 UTC] No.41859480[source]▶

>>41857630 #

Wouldn't you want the relevant Rust lifetime to be that of the type-stable memory block, not the individual "object" inside? I'm not that familiar with kernel programming, but that sounds a lot like an arena, and (IIRC) that's the approach with an arena.

↑