|4 days ago||7 days ago|
|GNU General Public License v3.0 or later||Mozilla Public License 2.0|
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Proofs and specifications
1 project | reddit.com/r/RISCV | 13 Mar 20221 project | reddit.com/r/kernel | 13 Mar 20221 project | reddit.com/r/computerscience | 13 Mar 20221 project | reddit.com/r/seL4 | 13 Mar 2022
On Hubris and Humility: developing an OS for robustness in Rust [video]
3 projects | news.ycombinator.com | 4 Dec 2021
State in a smartphone: Inside Ukraine’s effort to replace bureaucracy with an app
1 project | reddit.com/r/europe | 13 Jul 2021
Drew DeVault's take on rewriting everything in rust
11 projects | reddit.com/r/linux | 18 Feb 2021
Red Hat In-Vehicle Operating System in modern and future vehicles
1 project | news.ycombinator.com | 10 May 2022
Maybe zephyr  is a good option for those ECUs? or hubris ?
Computer Is a Distributed System
2 projects | news.ycombinator.com | 30 Mar 2022
It is indeed a very small risk in the larger scope -- and besides, using I2C isn't optional: all of the devices on the board (from converters/regulators, temp sensors, clock generators and fan controllers to CPUs, DIMMs, NICs, and NVMe drives) have I2C (or I2C-based) management interfaces. If you'd like more concrete detail, take a look at the Hubris app definition for our Gimlet board.
Oxide on My Wrist: Hubris on PineTime was the best worst idea
7 projects | news.ycombinator.com | 28 Mar 2022
Other folks have mentioned this, but it's important to understand the limitations of Rust with respect to safety. In particular: every stack operation is -- at some level -- an unsafe operation as it operates without a bounds check. This isn't Rust's fault per se; non-segmented architectures don't have an architecturally defined way to know the stack base. As a result, even an entirely safe Rust program can make an illegal access to memory that results in fatal program failure. That, of course, assumes memory protection; if you don't have memory protection (or, like many embedded operating systems, you don't make use of it), stack overflows will plow into adjacent memory.
But wait, it gets worse: stack overflows are often not due to infinite stack consumption (e.g., recursion) but rather simply going deep on an unusual code path. If stack consumption just goes slightly beyond the base of the stack and there is no memory protection, this is corrupt-and-run -- and you are left debugging a problem that looks every bit like a gnarly data race in an unsafe programming language. And this problem becomes especially acute when memory is scarce: you really don't want a tiny embedded system to be dedicating a bunch of its memory to stack space that will never ("never") be used, so you make the stacks as tight as possible -- making stack overflows in fact much more likely.
Indeed, even with the MPU, these problems were acute in the development of Hubris: we originally put the stack at the top of a task's data space, and its data at the bottom -- and we found that tasks that only slightly exceeded their stack (rather than running all of the way through its data and into the protection boundary) were corrupting themselves with difficult-to-debug failures. We flipped the order to assure that every stack overflow hit the protection boundary, which required us to be much more intentional about the stack versus data split -- but had the added benefit of allowing us to add debugging support for it.
Stack overflows are still pesky (and still a leading cause of task death!), but without the MPU, each one of these stack overflows would be data corruption -- answering for us viscerally what we "need the MPU for."
6 projects | news.ycombinator.com | 28 Mar 2022
TIL about Hubris, very neat! One could probably also mention the bunch of hypervisors, as they run on the bare metal as well, and maybe Tock. Rust is definitely a hot language when it comes to OS development, which is really neat.
I've cloned hybris , it seems to have 48k lines of Rust source code. Maybe there are other components that I'm missing. Fuchsia on the other hand had 2.1 million lines of Rust in Dec 2020 , and has 3.3 million as of now (8b51db9e2b809, March 28 2022), more than it has C++ (2.2 million) and C (366k) combined.
But yeah you can come up with several definitions of "serious". Is an OS that an entire company bases its revenues on more serious than a research project that some call as a way to maintain senior developer retention, but may one day replace components of one of the most deployed end user operating systems in the world?
Uninitialized Memory: Unsafe Rust Is Too Hard
10 projects | news.ycombinator.com | 30 Jan 2022
It turns out I had misremembered; the cast I was thinking of is
which is from &mut MaybeUninit to &mut [MaybeUninit], which doesn't construct a reference to something uninitialized.
Stop Whining about Rust Hype – A Pro-Rust Rant
1 project | news.ycombinator.com | 21 Dec 2021
You better go tell https://github.com/oxidecomputer/hubris to pack it up because they can't realistically continue to write their kernel in Rust and that Rust is for web developers now.
Writing embedded firmware using Rust
10 projects | news.ycombinator.com | 19 Dec 2021
In addition to Cliff's talk/blog -- which are absolutely outstanding -- I would recommend listening to the Twitter Space we did on Hubris and Humility last week. It was a really fun conversation, and it also serves as a bit of a B-side for the talk in that it goes into some of the subtler details that we feel are important, but didn't quite rise to the level of the presentation. And of course, be sure to check out the source itself!
Instead, if you need a concise term to describe Hubris's design philosophy, we suggest "emokernel."
1 project | reddit.com/r/programmingcirclejerk | 7 Dec 2021
On Hubris and Humility
2 projects | news.ycombinator.com | 6 Dec 2021
Note: This is not a philosophical article, but rather a transcript of a conference talk concerning a kernel written in rust (https://github.com/oxidecomputer/hubris) and an associated debugger.2 projects | news.ycombinator.com | 6 Dec 2021
There's an open PR for ethernet support (albeit with a different board) that uses the smoltcp crate to provide a tcp/ip stack: https://github.com/oxidecomputer/hubris/pull/158
What are some alternatives?
tock - A secure embedded operating system for microcontrollers
esp32 - Peripheral access crate for the ESP32
ferros - A Rust-based userland which also adds compile-time assurances to seL4 development.
meta-raspberrypi - Yocto/OE BSP layer for the Raspberry Pi boards
atsamd - Target atsamd microcontrollers using Rust
seL4 - The seL4 microkernel
omicron - Omicron: Oxide control plane
stm32-rs - Embedded Rust device crates for STM32 microcontrollers
stm32f4xx-hal - A Rust embedded-hal HAL for all MCUs in the STM32 F4 family
Arduino - Arduino IDE 1.x
Asciidoctor - :gem: A fast, open source text processor and publishing toolchain, written in Ruby, for converting AsciiDoc content to HTML 5, DocBook 5, and other formats.