tamago
unsafe-code-guidelines
tamago | unsafe-code-guidelines | |
---|---|---|
13 | 74 | |
1,278 | 640 | |
1.0% | 1.3% | |
8.3 | 6.9 | |
8 days ago | about 2 months ago | |
Go | ||
BSD 3-clause "New" or "Revised" License | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
tamago
- Gokrazy – Go Appliances
-
OS in Go? Why Not
There's two major production-ready Go-based operating system(-ish) projects:
- Google's gVisor[1] (a re-implementation of a significant subset of the Linux syscall ABI for isolation, also mentioned in the article)
- USBArmory's Tamago[2] (a single-threaded bare-metal Go runtime for SOCs)
Both of these are security-focused with a clear trade off: sacrifice some performance for memory safe and excellent readability (and auditability). I feel like that's the sweet spot for low-level Go - projects that need memory safety but would rather trade some performance for simplicity.
[1]: https://github.com/google/gvisor
[2]: https://github.com/usbarmory/tamago
- Does Go work well as a systems language?
- Koji vam je sitan bug najviše ostao upamćen?
-
Rust 2024 the Year of Everywhere?
Of course it can, there are companies shipping products written in bare metal Go.
https://www.withsecure.com/en/solutions/innovative-security-...
https://github.com/usbarmory/tamago
-
Embedded Go finally got the first binary release
For comparison, what are the differences in goals and approach with Tamago? https://github.com/usbarmory/tamago
-
Taking a deep dive into C++ gave me more appreciation for Go's simplicity
I've been keeping an eye on TinyGo (Go compiler that targets microcontrollers and uses LLVM) and also TamaGo (allows you to run Go on bare metal, without any C dependency).
-
A native Go userland for your Raspberry Pi 3 or 4 appliances
If you want to go deeper, there is also bare-metal Go runtime for rpi (among others): https://github.com/f-secure-foundry/tamago
- TamaGo – bare metal Go for ARM SoCs
-
ISO C became unusable for operating systems development
> just proves your lack of knowledge
Tone is not needed.
For TamaGo, it seems to allow developers run their application, not build an OS on the hardware. But I have not played with it, you are right.
> TamaGo is a framework that enables compilation and execution of unencumbered Go applications on bare metal
The environment does not seem to allow building a generic operating system [1]. F-Secure ported the runtime itself to boot natively. But please correct me.
> There is no thread support
The environment you run in is specifically curated for Go applications, such as the memory layout. I'd call this an "appliance" rather than enabling Go to be used for full-fledged generic operating system implementations.
[1] https://github.com/f-secure-foundry/tamago/wiki/Internals
unsafe-code-guidelines
-
Passing nothing is surprisingly difficult
Useful context on the Rust side is this issue [1]. It sounds like some of the author's concerns are addressed already.
[1]: https://github.com/rust-lang/unsafe-code-guidelines/issues/4...
-
Blog Post: Non-Send Futures When?
Is this captured by one of the known soundness conflicts? If not then should consider adding it to the list.
- Are crates like vcell and volatile cell still unsound?
-
Question: Are there things for Unsafe Rust learn from Zig?
There are some competing proposals for different memory models. Stacked borrows is the current proposal, but there are more work in the approproate WG.
-
Let's thank who have helped us in the Rust Community together!
Thank you /u/RalfJung for bringing formal methods to Rust, both through models like Stacked Borrows, by developing miri, and by working on unsafe-code-guidelines which aims to specify exactly what is and isn't allowed in unsafe code (surprisingly, it's an open question as 2023!)
- Questions about ownership rule
-
Noob Here: Why doesn't this work?
You could imagine some way to make this safe for example automatically convert &'short &'long mut T to &'short &'short T, but it's non-trivial to prove they are safe at all, not to mention ensuring this is correctly implemented in the compiler. If you're interested there's also a discussion on whether the opposite (& & T to & &mut T) is sound here.
-
When Zig is safer and faster than (unsafe) Rust
Agreed! MIRI is so good, it still feels like magic to me. It also comforts me that the Rust team takes improving unsafe semantics seriously, with the past Unsafe Code Guidelines WG and today's operational semantics team (t-opsem).
-
Safety and Soundness in Rust
I think there are some aspects of this rule that are still undecided. See for example:
- https://github.com/rust-lang/unsafe-code-guidelines/issues/8...
- https://github.com/rust-lang/miri/issues/2732
-
I wanna be a crab.
C is much better specified than unsafe Rust. Some things are just not worked out yet in Rust. This may sometimes even bite very experienced devs, such as this issue with Box's aliasing semantics, which tripped up the author of left-right.
What are some alternatives?
nerves - Craft and deploy bulletproof embedded software in Elixir
tokio - A runtime for writing reliable asynchronous applications with Rust. Provides I/O, networking, scheduling, timers, ...
gokrazy - turn your Go program(s) into an appliance running on the Raspberry Pi 3, Pi 4, Pi Zero 2 W, or amd64 PCs!
rust - Empowering everyone to build reliable and efficient software.
checkedc - Checked C is an extension to C that lets programmers write C code that is guaranteed by the compiler to be type-safe. The goal is to let people easily make their existing C code type-safe and eliminate entire classes of errors. Checked C does not address use-after-free errors. This repo has a wiki for Checked C, sample code, the specification, and test code.
rfcs - RFCs for changes to Rust
usbarmory - USB armory - The open source compact secure computer
x11rb - X11 bindings for the rust programming language, similar to xcb being the X11 C bindings
go - The Go programming language with support for bare-matal programing
bevy - A refreshingly simple data-driven game engine built in Rust
linux - Linux kernel source tree
miri - An interpreter for Rust's mid-level intermediate representation