Ownership is Theft: Experiences Building an Embedded OS in Rust
Amit Levy, Michael P Andersen, Bradford Campbell, David Culler, Prabal Dutta, Branden Ghena, Philip Levis, and Pat Pannuto
Published in Proceedings of the 8th Workshop on Programming Languages and Operating Systems (PLOS 2015), October 2015.
Abstract
Rust, a new systems programming language, provides compile-time memory safety checks to help eliminate runtime bugs that manifest from improper memory management. This feature is advantageous for operating system development, and especially for embedded OS development, where recovery and debugging are particularly challenging. However, embedded platforms are highly event-based, and Rust’s memory safety mechanisms largely presume threads. In our experience developing an operating system for embedded systems in Rust, we have found that Rust’s ownership model prevents otherwise safe resource sharing common in the embedded domain, conflicts with the reality of hardware resources, and hinders using closures for programming asynchronously. We describe these experiences and how they relate to memory safety as well as illustrate our workarounds that preserve the safety guarantees to the largest extent possible. In addition, we draw from our experience to propose a new language extension to Rust that would enable it to provide better memory safety tools for event-driven platforms.
Talk (864KB), Paper (133KB)
BibTeX entry
@inproceedings{levy-plos15-tock, author = "Amit Levy and Michael P Andersen and Bradford Campbell and David Culler and Prabal Dutta and Branden Ghena and Philip Levis and Pat Pannuto", title = "{Ownership is Theft: Experiences Building an Embedded OS in Rust}", booktitle = "{Proceedings of the 8th Workshop on Programming Languages and Operating Systems (PLOS 2015)}", year = {2015}, month = {October} }





Login