seL4
too-many-lists
seL4 | too-many-lists | |
---|---|---|
60 | 219 | |
4,538 | 3,018 | |
0.9% | 0.7% | |
9.0 | 0.0 | |
8 days ago | 14 days ago | |
C | Rust | |
GNU General Public License v3.0 or later | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
seL4
-
From L3 to seL4 what have we learnt in 20 years of L4 microkernels? [video]
> People like to snob Unix but the fact is: the world runs on Unix.
The world you are aware of runs on it.
> Can we really do that much better or is it just hubris?
Yes. Have a look at seL4[1] and Barrelfish too[2], even though that's no longer active. seL4 in particular is powering a lot of highly secure computing systems. There is a surprisingly large sphere outside of Unix/POSIX.
[1] https://sel4.systems/
[2] https://barrelfish.org/
-
On the Costs of Syscalls
There are also RTOS-capable microkernels such as seL4[0], with few but extremely fast syscalls[1]. Note times are in cycles, not usec.
0. https://sel4.systems/
1. https://sel4.systems/About/Performance/
-
Can the language of proof assistants be used for general purpose programming?
https://sel4.systems
Working on a number of platforms, verified on some. Multicore support is an ongoing effort afaict.
On OS built on this kernel is still subject to some assumptions (like, hardware working correctly, bootloader doing its job, etc). But mostly those assumptions are less of a problem / easier to prove than the properties of a complex software system.
As I understand it, guarantees that seL4 does provide, go well beyond anything else currently out there.
-
How to write TEE/Trusted OS for ARM microcontrollers?
Take a look at this: https://sel4.systems/
- Simulation: KI-Drohne der US Air Force eliminiert Operator für Punktemaximierung
-
Paragon Graphite is a Pegasus spyware clone used in the US
It's probably have to be seL4 (https://sel4.systems), running on some fully OSS hardware.
There are question marks over much of available RISC-V chips due to chinese producers, so maybe OpenPower based hardware?
Plus, the entire system (motherboard, etc) would need to be manufactured using a good supply chain.
Hmmm, this has probably all been thought through in depth before by others. :)
-
Basic SAT model of x86 instructions using Z3, autogenerated from Intel docs
You can use it to (mostly) validate small snippets are the same. See Alive2 for the application of Z3/formalization of programs as SMT for that [1]. As far as I'm aware there are some problems scaling up to arbitrarily sized programs due to a lack of formalization in higher level languages in addition to computational constraints. With a lot of time and effort it can be done though [2].
1. https://github.com/AliveToolkit/alive2
2. https://sel4.systems/
-
What are the current hot topics in type theory and static analysis?
Formal methods. This is not in most general-purpose programming languages and probably never will be (maybe we'll see formal methods to verify unsafe code in Rust...) because it's a ton of boilerplate (you have to help the compiler type-check your code) and also extremely complicated. However, formal methods is very important for proving code secure, such as sel4 (microkernel formally verified to not have bugs or be exploitable) which has just received the ACM Software Systems Award 3 days ago.
- Rust Now Available for Real-Time Operating System and Hypervisor PikeOS
-
Amiga and AmigaOS should move to ARM.
Today we'd look at seL4.
too-many-lists
-
Towards memory safety with ownership checks for C
You seem to have a preset opinion, and I'm not sure you are interested in re-evaluating it. So this is not written to change your mind.
I've developed production code in C, C++, Rust, and several other languages. And while like pretty much everything, there are situations where it's not a good fit, I find that the solutions tend to be the most robust and require the least post release debugging in Rust. That's my personal experience. It's not hard data. And yes occasionally it's annoying to please the compiler, and if there were no trait constraints or borrow rules, those instances would be easier. But way more often in my experience the compiler complained because my initial solution had problems I didn't realize before. So for me, these situations have been about going from building it the way I wanted to -> compiler tells me I didn't consider an edge case -> changing the implementation and or design to account for that edge case. Also using one example, where is Rust is notoriously hard and or un-ergonomic to use, and dismissing the entire language seems premature to me. For those that insist on learning Rust by implementing a linked list there is https://rust-unofficial.github.io/too-many-lists/.
-
Command Line Rust is a great book
Advent of Code was okay until I encounterd a problem that required a graph, tree or linked list to solve, where I hit a wall. Most coding exercises are similar--those requiring arrays and hashmaps and sets are okay, but complex data structures are a PITA. (There is an online course dedicated to linked lists in Rust but I couldn't grok it either). IMO you should simply skip problems that you can't solve with your current knowledge level and move on.
-
[Media] I'm comparing writing a double-linked list in C++ vs with Rust. The Rust implementation looks substantially more complex. Is this a bad example? (URL in the caption)
I feel obligated to point to the original cannon literature: https://rust-unofficial.github.io/too-many-lists/
-
Need review on my `remove()` implementation for singly linked lists
I started learning Rust and like how the compiler is fussy about things. My plan was to implement the data structures I knew, but I got stuck at the singly linked list's remove() method. I've read the book as well, but I have no clue how to simplify this further:
-
Factor is faster than Zig
My impression from the article is that Zig provides several different hashtables and not all of them are broken in this way.
This reminds me of Aria's comment in her Rust tutorial https://rust-unofficial.github.io/too-many-lists/ about failing to kill LinkedList. One philosophy (and the one Rust chose) for a stdlib is that this is only where things should live when they're so commonly needed that essentially everybody needs them either directly or to talk about. So, HashTable is needed by so much otherwise unrelated software that qualifies, BloomFilter, while it's real useful for some people, not so much. Aria cleaned out Rust's set of standard library containers before Rust 1.0, trying to keep only those most people would need. LinkedList isn't a good general purpose data structure, but, it was too popular and Aria was not able to remove it.
Having multiple hash tables feels like a win (they're optimized for different purposes) but may cost too much in terms of the necessary testing to ensure they all hit the quality you want.
-
Was Rust Worth It?
> Cyclic references can be dealt with runtime safety checks too - like Rc and Weak.
Indeed. Starting out with code sprinkled with Rc, Weak, RefCell, etc is perfectly fine and performance will probably not be worse than in any other safe languages. And if you do this, Rust is pretty close to those languages in ease of use for what are otherwise complex topics in Rust.
A good reference for different approaches is Learn Rust With Entirely Too Many Linked Lists https://rust-unofficial.github.io/too-many-lists/
- What are some of projects to start with for a beginner in rust but experienced in programming (ex: C++, Go, python) ?
-
How to start learning a systems language
Second, once you've finished something introductory like The Book, read Learning Rust With Entirely Too Many Linked Lists. It really helped me to understand what ownership and borrowing actually mean in practical terms. If you don't mind paying for learning materials, a lot of people recommend Programming Rust, Second Edition by Blandy, Orendorff, and Tindall as either a complement, follow-up, or alternative to The Book.
- My team might work with Rust! But I need good article recommendations
-
Conversion?
Learning Rust With Entirely Too Many Linked Lists which highlights a lot of the differences with how you need to structure your code in Rust compared to other languages.
What are some alternatives?
l4v - seL4 specification and proofs
rust - Empowering everyone to build reliable and efficient software.
fprime - F´ - A flight software and embedded systems framework
Rustlings - :crab: Small exercises to get you used to reading and writing Rust code!
nomicon - The Dark Arts of Advanced and Unsafe Rust Programming
book - The Rust Programming Language
CompCert - The CompCert formally-verified C compiler
CppCoreGuidelines - The C++ Core Guidelines are a set of tried-and-true guidelines, rules, and best practices about coding in C++
InitWare - The InitWare Suite of Middleware allows you to manage services and system resources as logical entities called units. Its main component is a service management ("init") system.
easy_rust - Rust explained using easy English
4.4BSD-Lite2 - 4.4BSD Lite Release 2: last Unix operating system from Berkeley
x11rb - X11 bindings for the rust programming language, similar to xcb being the X11 C bindings