Date: Tue, 01 Jan 2019 00:00:18 -0800 From: Cy Schubert <Cy.Schubert@cschubert.com> To: Damjan Jovanovic <damjan.jov@gmail.com> Cc: Cy Schubert <Cy.Schubert@cschubert.com>, Hackers freeBSD <freebsd-hackers@freebsd.org> Subject: Re: Speculative: Rust for base system components Message-ID: <201901010800.x0180Is3058668@slippy.cwsent.com> In-Reply-To: Message from Damjan Jovanovic <damjan.jov@gmail.com> of "Tue, 01 Jan 2019 08:14:47 %2B0200." <CAJm2B-=o8xtCDcN38mcwDTToxS8zw6twyfgQQEWqdj3eLwcB=A@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <CAJm2B-=o8xtCDcN38mcwDTToxS8zw6twyfgQQEWqdj3eLwcB=A@mail.gma il.com> , Damjan Jovanovic writes: > --000000000000caa538057e5f7945 > Content-Type: text/plain; charset="UTF-8" > > Kernel modules in Rust might benefit from the better type checking and thus > less memory leaks, less memory corruption, etc. but they are usually small > anyway so it's probably not worth it. > > The bigger benefit of running Java applications (not device drivers) in the > kernel is performance. If applications run in kernel mode, context > switching between kernel threads is much faster than user threads, system > calls just become function calls, etc. Unlike C, Java can be sandboxed (at > least in theory), and lack of native pointers and memory safety ensure it > cannot access hardware directly anyway, so the rest of the system is still > protected. Around 2005, Microsoft Research made Singularity OS, which used > such techniques to run safely C# applications in the kernel, and it was > about 20% faster than C in user space. Microsoft renders fonts in the kernel too. Look at the (security) trouble that that's caused them. C++ exception handling (which can be "muted" and not recommended) isn't best practice for kernel programming. Are you sure you want C++, C#, Java, Javascript (also discussed at OpenHack), or rust in the kernel. Really? Not being rhetorical here but Microsoft isn't a great a example of we should strive for. I'm with Warner. No. Rust should remain in ports. Apps that depend on rust should be in ports. Optional kernel modules should also be in ports. -- Cheers, Cy Schubert <Cy.Schubert@cschubert.com> FreeBSD UNIX: <cy@FreeBSD.org> Web: http://www.FreeBSD.org The need of the many outweighs the greed of the few. > On Tue, Jan 1, 2019 at 6:59 AM Cy Schubert <Cy.Schubert@cschubert.com> > wrote: > > > What would having another language in base buy us? This reminds me of a > > couple of months ago at OpenHack Victoria someone was trying to convince me > > that the kernel needed a JavaVM. (Sure we each had a few beers) but the > > similarity of this discussion doesn't escape me. Kernel modules and > > functions written in java^H^H^H^H rust: why? > > > > --- > > Sent using a tiny phone keyboard. > > Apologies for any typos and autocorrect. > > Also, this old phone only supports top post. Apologies. > > > > Cy Schubert > > <Cy.Schubert@cschubert.com> or <cy@freebsd.org> > > The need of the many outweighs the greed of the few. > > --- > > > > -----Original Message----- > > From: Peter Jeremy > > Sent: 31/12/2018 18:48 > > To: Igor Mozolevsky > > Cc: Hackers freeBSD > > Subject: Re: Speculative: Rust for base system components > > > > On 2019-Jan-01 00:53:48 +0000, Igor Mozolevsky <igor@hybrid-lab.co.uk> > > wrote: > > >Quite frankly the compile time isn't really *that* important, > > > > I disagree. FreeBSD seems to be heading back to the batch days - you > > submit your buildworld request and come back tomorrow to see if it worked. > > That is a significant hinderance to development and, based on various > > mailing list comments, is causing breakage because developers are cutting > > corners due to the pain involved in running "make universe" before they > > make a large change. > > > > >longer (if not much longer) build times might push toward a better > > >modularisation and compartmentalisation of the OS and the kernel so a > > >small change in the kernel, for example, doesn't require the > > >recompilation of the whole damn thing when nothing else is affected. > > > > Two problems here: > > 1) make doesn't seem to be sufficient to correctly describe a dependency > > tree to allow incremental/partial builds (at, everyone I'm aware of who > > has a successful incremental build system has started by migrating off > > make). This means that a significant part of the work will be re-writing > > the FreeBSD build system into something else like (eg) Bazel. > > 2) The bottleneck very quickly turns into the linker. > > > > -- > > Peter Jeremy > > _______________________________________________ > > freebsd-hackers@freebsd.org mailing list > > https://lists.freebsd.org/mailman/listinfo/freebsd-hackers > > To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org" > > > > --000000000000caa538057e5f7945 > Content-Type: text/html; charset="UTF-8" > Content-Transfer-Encoding: quoted-printable > > <div dir=3D"ltr"><div>Kernel modules in Rust might benefit from the better = > type checking and thus less memory leaks, less memory corruption, etc. but = > they are usually small anyway so it's probably not worth it.<br></div><= > div><br></div><div>The bigger benefit of running Java applications (not dev= > ice drivers) in the kernel is performance. If applications run in kernel mo= > de, context switching between kernel threads is much faster than user threa= > ds, system calls just become function calls, etc. Unlike C, Java can be san= > dboxed (at least in theory), and lack of native pointers and memory safety = > ensure it cannot access hardware directly anyway, so the rest of the system= > is still protected. Around 2005, Microsoft Research made Singularity OS, w= > hich used such techniques to run safely C# applications in the kernel, and = > it was about 20% faster than C in user space.<br></div><br><div class=3D"gm= > ail_quote"><div dir=3D"ltr">On Tue, Jan 1, 2019 at 6:59 AM Cy Schubert <= > <a href=3D"mailto:Cy.Schubert@cschubert.com">Cy.Schubert@cschubert.com</a>&= > gt; wrote:<br></div><blockquote class=3D"gmail_quote" style=3D"margin:0px 0= > px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">What = > would having another language in base buy us? This reminds me of a couple o= > f months ago at OpenHack Victoria someone was trying to convince me that th= > e kernel needed a JavaVM. (Sure we each had a few beers) but the similarity= > of this discussion doesn't escape me. Kernel modules and functions wri= > tten in java^H^H^H^H rust: why?<br> > <br> > ---<br> > Sent using a tiny phone keyboard.<br> > Apologies for any typos and autocorrect.<br> > Also, this old phone only supports top post. Apologies.<br> > <br> > Cy Schubert<br> > <<a href=3D"mailto:Cy.Schubert@cschubert.com" target=3D"_blank">Cy.Schub= > ert@cschubert.com</a>> or <<a href=3D"mailto:cy@freebsd.org" target= > =3D"_blank">cy@freebsd.org</a>><br> > The need of the many outweighs the greed of the few.<br> > ---<br> > <br> > -----Original Message-----<br> > From: Peter Jeremy<br> > Sent: 31/12/2018 18:48<br> > To: Igor Mozolevsky<br> > Cc: Hackers freeBSD<br> > Subject: Re: Speculative: Rust for base system components<br> > <br> > On 2019-Jan-01 00:53:48 +0000, Igor Mozolevsky <<a href=3D"mailto:igor@h= > ybrid-lab.co.uk" target=3D"_blank">igor@hybrid-lab.co.uk</a>> wrote:<br> > >Quite frankly the compile time isn't really *that* important,<br> > <br> > I disagree.=C2=A0 FreeBSD seems to be heading back to the batch days - you<= > br> > submit your buildworld request and come back tomorrow to see if it worked.<= > br> > That is a significant hinderance to development and, based on various<br> > mailing list comments, is causing breakage because developers are cutting<b= > r> > corners due to the pain involved in running "make universe" befor= > e they<br> > make a large change.<br> > <br> > >longer (if not much longer) build times might push toward a better<br> > >modularisation and compartmentalisation of the OS and the kernel so a<b= > r> > >small change in the kernel, for example, doesn't require the<br> > >recompilation of the whole damn thing when nothing else is affected.<br= > > > <br> > Two problems here:<br> > 1) make doesn't seem to be sufficient to correctly describe a dependenc= > y<br> > tree to allow incremental/partial builds (at, everyone I'm aware of who= > <br> > has a successful incremental build system has started by migrating off<br> > make).=C2=A0 This means that a significant part of the work will be re-writ= > ing<br> > the FreeBSD build system into something else like (eg) Bazel.<br> > 2) The bottleneck very quickly turns into the linker.<br> > <br> > -- <br> > Peter Jeremy<br> > _______________________________________________<br> > <a href=3D"mailto:freebsd-hackers@freebsd.org" target=3D"_blank">freebsd-ha= > ckers@freebsd.org</a> mailing list<br> > <a href=3D"https://lists.freebsd.org/mailman/listinfo/freebsd-hackers" rel= > =3D"noreferrer" target=3D"_blank">https://lists.freebsd.org/mailman/listinf= > o/freebsd-hackers</a><br> > To unsubscribe, send any mail to "<a href=3D"mailto:freebsd-hackers-un= > subscribe@freebsd.org" target=3D"_blank">freebsd-hackers-unsubscribe@freebs= > d.org</a>"<br> > </blockquote></div></div> > > --000000000000caa538057e5f7945--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201901010800.x0180Is3058668>