research-article

Public Access

System Programming in Rust: Beyond Safety

Authors:

Abhiram Balasubramanian,

Marek S. Baranowski,

Zvonimir Rakamarić,

Leonid RyzhykAuthors Info & Claims

HotOS '17: Proceedings of the 16th Workshop on Hot Topics in Operating Systems

Pages 156 - 161

https://doi.org/10.1145/3102980.3103006

Published: 07 May 2017 Publication History

Abstract

Rust is a new system programming language that offers a practical and safe alternative to C. Rust is unique in that it enforces safety without runtime overhead, most importantly, without the overhead of garbage collection. While zero-cost safety is remarkable on its own, we argue that the superpowers of Rust go beyond safety. In particular, Rust's linear type system enables capabilities that cannot be implemented efficiently in traditional languages, both safe and unsafe, and that dramatically improve security and reliability of system software. We show three examples of such capabilities: zero-copy software fault isolation, efficient static information flow analysis, and automatic checkpointing. While these capabilities have been in the spotlight of systems research for a long time, their practical use is hindered by high cost and complexity. We argue that with the adoption of Rust these mechanisms will become commoditized.

References

[1]

Daniel Atkins, Alex Potanin, and Lindsay Groves. 2013. The Design and Implementation of Clocked Variables in X10. In Proceedings of the Thirty-Sixth Australasian Computer Science Conference - Volume 135 (ACSC '13). Adelaide, Australia, 87--95.

Digital Library

[2]

P. Barham, B. Dragovic, K. Fraser, S. Hand, T. Harris, A. Ho, R. Neugebauer, I. Pratt, and A. Warfield. 2003. Xen and the art of virtualization. In ACM SIGOPS Operating Systems Review, Vol. 37. ACM, 164--177.

Digital Library

[3]

Andrew Baumann, Paul Barham, Pierre-Evariste Dagand, Tim Harris, Rebecca Isaacs, Simon Peter, Timothy Roscoe, Adrian Schüpbach, and Akhilesh Singhania. 2009. The Multikernel: A New OS Architecture for Scalable Multicore Systems. In Proceedings of the ACM SIGOPS 22Nd Symposium on Operating Systems Principles (SOSP '09). Big Sky, Montana, USA, 29--44.

Digital Library

[4]

Sebastian Burckhardt, Alexandro Baldassin, and Daan Leijen. 2010. Concurrent programming with revisions and isolation types. In ACM Sigplan Notices, Vol. 45. ACM, 691--707.

Digital Library

[5]

Haogang Chen, Yandong Mao, Xi Wang, Dong Zhou, Nickolai Zeldovich, and M. Frans Kaashoek. 2011. Linux kernel vulnerabilities: state-of-the-art defenses and open problems. In Proceedings of the Second Asia-Pacific Workshop on Systems (APSys '11). Shanghai, China, Article 5, 5 pages.

Digital Library

[6]

Intel Corporation. DPDK: Data Plane Development Kit. http://dpdk.org/. (????).

[7]

Alex Crichton. 2017. scoped-tls. https://github.com/alexcrichton/scoped-tls. (2017).

[8]

CVE. Vulnerabilities on Linux Kernel Machines. https://www.cvedetails.com/product/47/Linux-Linux-Kernel.html?vendor_id=33. (????).

[9]

Robert DeLine and Manuel Fähndrich. 2001. Enforcing High-level Protocols in Low-level Software. In ACM Conference on Programming Language Design and Implementation (PLDI '01). Snowbird, Utah, USA, 59--69.

Digital Library

[10]

Redox Project Developers. Redox - Your Next(Gen) OS. (????). http://www.redox-os.org/.

[11]

The Rust Project Developers. 2017. Implementation of Rust stack unwinding. https://doc.rust-lang.org/1.3.0/std/rt/unwind/. (2017).

[12]

The Rust Project Developers. 2017. Struct std::rc::Weak. https://doc.rust-lang.org/std/rc/struct.Weak.html. (2017).

[13]

Daniel E. Eisenbud, Cheng Yi, Carlo Contavalli, Cody Smith, Roman Kononov, Eric Mann-Hielscher, Ardas Cilingiroglu, Bin Cheyney, Wentao Shang, and Jinnah Dylan Hosein. 2016. Maglev: A Fast and Reliable Software Network Load Balancer. In Proceedings of the 13th Usenix Conference on Networked Systems Design and Implementation (NSDI'16). Santa Clara, CA, 523--535.

Digital Library

[14]

Elmootazbellah Nabil Elnozahy, Lorenzo Alvisi, Yi-Min Wang, and David B Johnson. 2002. A survey of rollback-recovery protocols in message-passing systems. ACM Computing Surveys (CSUR) 34, 3 (2002), 375--408.

Digital Library

[15]

Úlfar Erlingsson, Martín Abadi, Michael Vrable, Mihai Budiu, and George C. Necula. 2006. XFI: Software Guards for System Address Spaces. In Proceedings of the 7th Symposium on Operating Systems Design and Implementation (OSDI '06). Seattle, Washington, 75--88.

Digital Library

[16]

Manuel Fähndrich et al. 2006. Language Support for Fast and Reliable Message-based Communication in Singularity OS. In Eurosys.

Digital Library

[17]

Manuel Fahndrich and Robert DeLine. 2002. Adoption and Focus: Practical Linear Types for Imperative Programming. In Proceedings of the ACM SIGPLAN 2002 Conference on Programming Language Design and Implementation (PLDI '02). Berlin, Germany, 13--24.

Digital Library

[18]

Mozilla Foundation. The Rust programming language. https://doc.rust-lang.org/book/. (????).

[19]

Michael Golm, Meik Felser, Christian Wawersich, and Jürgen Kleinöder. 2002. The JX Operating System. In USENIX Annual Technical Conference. Monterey, CA, USA, 45--58.

Digital Library

[20]

Tim Harris, Simon Marlow, Simon Peyton-Jones, and Maurice Herlihy. 2005. Composable Memory Transactions. In Proceedings of the Tenth ACM SIGPLAN Symposium on Principles and Practice of Parallel Programming (PPoPP '05). Chicago, IL, USA, 48--60.

Digital Library

[21]

Maurice Herlihy, Victor Luchangco, Mark Moir, and William N. Scherer, III. 2003. Software Transactional Memory for Dynamic-sized Data Structures. In Proceedings of the Twenty-second Annual Symposium on Principles of Distributed Computing (PODC '03). Boston, Massachusetts, 92--101.

Digital Library

[22]

Thomas Bracht Laumann Jespersen, Philip Munksgaard, and Ken Friis Larsen. 2015. Session Types for Rust. In Workshop on Generic Programming.

[23]

Trevor Jim, J. Greg Morrisett, Dan Grossman, Michael W. Hicks, James Cheney, and Yanling Wang. 2002. Cyclone: A Safe Dialect of C. In USENIX Annual Technical Conference (ATEC '02). Monterey, CA, USA, 275--288.

Digital Library

[24]

Eddie Kohler, Robert Morris, Benjie Chen, John Jannotti, and M. Frans Kaashoek. 2000. The Click Modular Router. ACM Trans. Comput. Syst. 18, 3 (Aug. 2000), 263--297.

Digital Library

[25]

Amit Levy, Michael P Andersen, Bradford Campbell, David Culler, Prabal Dutta, Branden Ghena, Philip Levis, and Pat Pannuto. 2015. Ownership is theft: experiences building an embedded OS in rust. In Proceedings of the 8th Workshop on Programming Languages and Operating Systems. ACM, 21--26.

Digital Library

[26]

Hyeontaek Lim, Dongsu Han, David G. Andersen, and Michael Kaminsky. 2014. MICA: A Holistic Approach to Fast In-memory Key-value Storage. In Proceedings of the 11th USENIX Conference on Networked Systems Design and Implementation (NSDI'14). Seattle, WA, 429--444.

Digital Library

[27]

Yandong Mao, Haogang Chen, Dong Zhou, Xi Wang, Nickolai Zeldovich, and M Frans Kaashoek. 2011. Software fault isolation with API integrity and multi-principal modules. In Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles. ACM, 115--128.

Digital Library

[28]

Daniel Molka, Daniel Hackenberg, Robert Schöne, and Wolfgang E Nagel. 2015. Cache Coherence Protocol and Memory Performance of the Intel Haswell-EP Architecture. In Parallel Processing (ICPP), 2015 44th International Conference on. IEEE, 739--748.

Digital Library

[29]

Andrew C. Myers and Barbara Liskov. 1997. A Decentralized Model for Information Flow Control. In ACM Symposium on Operating Systems Principles. Saint Malo, France, 129--142.

Digital Library

[30]

Nginx. Nginx: High Performance Load Balancer, Web Server, and Reverse Proxy. https://www.nginx.com/. (????).

[31]

Aurojit Panda, Sangjin Han, Keon Jang, Melvin Walls, Sylvia Ratnasamy, and Scott Shenker. 2016. NetBricks: Taking the V out of NFV. In 12th USENIX Symposium on Operating Systems Design and Implementation (OSDI 16), USENIX OSDI, Vol. 16.

Digital Library

[32]

Zvonimir Rakamarić and Michael Emmi. 2014. SMACK: Decoupling source language details from verifier implementations. In International Conference on Computer Aided Verification. Springer, 106--113.

Digital Library

[33]

Bratin Saha, Ali-Reza Adl-Tabatabai, Richard L. Hudson, Chi Cao Minh, and Benjamin Hertzberg. 2006. McRT-STM: A High Performance Software Transactional Memory System for a Multi-core Runtime. In Proceedings of the Eleventh ACM SIGPLAN Symposium on Principles and Practice of Parallel Programming (PPoPP '06). New York, New York, USA, 187--197.

Digital Library

[34]

David A. Schmidt. 1998. Data Flow Analysis is Model Checking of Abstract Interpretations. In ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages. San Diego, CA, USA, 38--48.

Digital Library

[35]

"servo". Servo web browser engine. http://www.servo.org. (????).

[36]

Marc Shapiro, Nuno Preguiça, Carlos Baquero, and Marek Zawirski. 2011. Conflict-free replicated data types. In Symposium on Self-Stabilizing Systems. 386--400.

[37]

Justine Sherry, Peter Xiang Gao, Soumya Basu, Aurojit Panda, Arvind Krishnamurthy, Christian Maciocco, Maziar Manesh, João Martins, Sylvia Ratnasamy, Luigi Rizzo, et al. 2015. Rollback-recovery for middleboxes. In ACM SIGCOMM Computer Communication Review, Vol. 45. ACM, 227--240.

Digital Library

[38]

Intel Open Source.org. 2016. Storage Performance Development Kit (SPDK). https://01.org/spdk. (2016).

[39]

Kaku Takeuchi, Kohei Honda, and Makoto Kubo. 1994. An Interaction-based Language and Its Typing System. In International PARLE Conference on Parallel Architectures and Languages Europe. 398--413.

[40]

Mads Tofte and Jean-Pierre Talpin. 1997. Region-Based Memory Management. Information and Compuation 132, 2 (Feb. 1997), 109--176.

Digital Library

[41]

Philip Wadler. 1990. Linear types can change the world!. In IFIP TC 2 Working Conference on Programming Concepts and Methods. Sea of Galilee, Israel, 347--359.

[42]

Robert Wahbe, Steven Lucco, Thomas E. Anderson, and Susan L. Graham. 1993. Efficient Software-based Fault Isolation. In Proceedings of the Fourteenth ACM Symposium on Operating Systems Principles (SOSP '93). Asheville, North Carolina, USA, 203--216.

Digital Library

[43]

David Walker and Greg Morrisett. 2000. Alias Types for Recursive Data Structures (Extended Version). Technical Report. Ithaca, NY, USA.

[44]

Bennet Yee, David Sehr, Gregory Dardyk, J Bradley Chen, Robert Muth, Tavis Ormandy, Shiki Okasaka, Neha Narula, and Nicholas Fullagar. 2009. Native client: A sandbox for portable, untrusted x86 native code. In Security and Privacy, 2009 30th IEEE Symposium on. IEEE, 79--93.

Digital Library

[45]

Matteo Zanioli, Pietro Ferrara, and Agostino Cortesi. 2012. SAILS: Static Analysis of Information Leakage with Sample. In ACM Symposium on Applied Computing. Trento, Italy, 1308--1313.

Digital Library

Cited By

Hassnain MStanford CFilkov VRay BZhou M(2024)Counterexamples in Safe RustProceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering Workshops10.1145/3691621.3694943(128-135)Online publication date: 27-Oct-2024
https://dl.acm.org/doi/10.1145/3691621.3694943
Cui CFilkov VRay BZhou M(2024)Finding Performance Issues in Rust ProjectsProceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering10.1145/3691620.3695368(2423-2425)Online publication date: 27-Oct-2024
https://dl.acm.org/doi/10.1145/3691620.3695368
Li CWu YShen WZhao ZChang RLiu CLiu YRen KRoychoudhury APaiva AAbreu RStorey M(2024)Demystifying Compiler Unstable Feature Usage and Impacts in the Rust EcosystemProceedings of the IEEE/ACM 46th International Conference on Software Engineering10.1145/3597503.3623352(1-13)Online publication date: 20-May-2024
https://dl.acm.org/doi/10.1145/3597503.3623352
Show More Cited By

Recommendations

Keeping Safe Rust Safe with Galeed
ACSAC '21: Proceedings of the 37th Annual Computer Security Applications Conference

Rust is a programming language that simultaneously offers high performance and strong security guarantees. Safe Rust (i.e., Rust code that does not use the unsafe keyword) is memory and type safe. However, these guarantees are violated when safe Rust ...
Translating C to safer Rust

Rust is a relatively new programming language that targets efficient and safe systems-level applications. It includes a sophisticated type system that allows for provable memory- and thread-safety, and is explicitly designed to take the place of unsafe ...
How do programmers use unsafe rust?

Rust’s ownership type system enforces a strict discipline on how memory locations are accessed and shared. This discipline allows the compiler to statically prevent memory errors, data races, inadvertent side effects through aliasing, and other errors ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

HotOS '17: Proceedings of the 16th Workshop on Hot Topics in Operating Systems

May 2017

185 pages

ISBN:9781450350686

DOI:10.1145/3102980

Copyright © 2017 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGOPS: ACM Special Interest Group on Operating Systems

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 07 May 2017

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Research-article
Research
Refereed limited

Funding Sources

National Science Foundation

Conference

HotOS '17

Sponsor:

SIGOPS

HotOS '17: Workshop on Hot Topics in Operating Systems

May 7 - 10, 2017

BC, Whistler, Canada

Upcoming Conference

HOTOS '25

Sponsor:
sigops

Workshop on Hot Topics in Operating Systems

May 14 - 16, 2025

Banff or Lake Louise , AB , Canada

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

46
Total Citations
View Citations
3,921
Total Downloads

Downloads (Last 12 months)996
Downloads (Last 6 weeks)122

Reflects downloads up to 17 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Hassnain MStanford CFilkov VRay BZhou M(2024)Counterexamples in Safe RustProceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering Workshops10.1145/3691621.3694943(128-135)Online publication date: 27-Oct-2024
https://dl.acm.org/doi/10.1145/3691621.3694943
Cui CFilkov VRay BZhou M(2024)Finding Performance Issues in Rust ProjectsProceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering10.1145/3691620.3695368(2423-2425)Online publication date: 27-Oct-2024
https://dl.acm.org/doi/10.1145/3691620.3695368
Li CWu YShen WZhao ZChang RLiu CLiu YRen KRoychoudhury APaiva AAbreu RStorey M(2024)Demystifying Compiler Unstable Feature Usage and Impacts in the Rust EcosystemProceedings of the IEEE/ACM 46th International Conference on Software Engineering10.1145/3597503.3623352(1-13)Online publication date: 20-May-2024
https://dl.acm.org/doi/10.1145/3597503.3623352
Cui MXu HTian HZhou Y(2024)rCanary: Detecting Memory Leaks Across Semi-Automated Memory Management Boundary in RustIEEE Transactions on Software Engineering10.1109/TSE.2024.344362450:9(2472-2484)Online publication date: 13-Aug-2024
https://dl.acm.org/doi/10.1109/TSE.2024.3443624
Chen HChen HSun MLi KChen ZWang XCalandrino JTroncoso C(2023)A verified confidential computing as a service framework for privacy preservationProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620502(4733-4750)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620502
Ijaz RBoos KZhong L(2023)Leveraging Rust for Lightweight OS CorrectnessProceedings of the 1st Workshop on Kernel Isolation, Safety and Verification10.1145/3625275.3625398(1-8)Online publication date: 23-Oct-2023
https://dl.acm.org/doi/10.1145/3625275.3625398
Guo ZHe ZZhang YDruschel PKaufmann AMace JFlinn JSeltzer M(2023)Mira: A Program-Behavior-Guided Far Memory SystemProceedings of the 29th Symposium on Operating Systems Principles10.1145/3600006.3613157(692-708)Online publication date: 23-Oct-2023
https://dl.acm.org/doi/10.1145/3600006.3613157
Jia JSahu ROswald AWilliams DLe MXu TBaumann ACrooks NSchwarzkopf M(2023)Kernel extension verification is untenableProceedings of the 19th Workshop on Hot Topics in Operating Systems10.1145/3593856.3595892(150-157)Online publication date: 22-Jun-2023
https://dl.acm.org/doi/10.1145/3593856.3595892
Cui MChen CXu HZhou Y(2023)SafeDrop: Detecting Memory Deallocation Bugs of Rust Programs via Static Data-flow AnalysisACM Transactions on Software Engineering and Methodology10.1145/354294832:4(1-21)Online publication date: 26-May-2023
https://dl.acm.org/doi/10.1145/3542948
Rooney MRao NLiebers NLeger AMatthews S(2023)A Comparative Study of Programming Languages for a Real-Time Smart Grid Application2023 IEEE Green Energy and Smart Systems Conference (IGESSC)10.1109/IGESSC59090.2023.10321761(1-6)Online publication date: 13-Nov-2023
https://doi.org/10.1109/IGESSC59090.2023.10321761
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents