suture VS Rust-for-Linux

This one is highly specialized, but I'm a huge fan of Suture for managing long lived goroutines.

In English, your phrasing doesn't come off as a play on words/a reference to the name, so much as it describes a feature of the library. The expectation is, with the description you've given it, the library would handle some form of resilience in service management. I half expected the library to be similar to Suture.

It does not give you a way to reliably track arbitrary goroutines that "this" goroutine (for whatever that may be) wants to track, the way an Erlang process can just "link" to anything it is capable of naming the PID for.

However, you can construct a reliable mechanism where one goroutine can start another and know whether or not the one it started has failed by using the available primitives, as I did in https://github.com/thejerf/suture . It's an easier problem since there's no cluster and no network that can get in the way. I've also done the exercise for the network case: https://pkg.go.dev/github.com/thejerf/reign#Address.OnCloseN... but that only functions within the network defined by that library because, again, it just isn't arbitrarily possible.

(I suppose it's relevant to some of my other comments to point out that I've also implemented basically Erlang-style concurrency in Go, with network, but as a relatively idiomatic translation rather than a blind one.)

If you also want Supervisor-like behavior, take a look at suture.

For context, I've been working with similar interfaces for many years through suture.

I wrote suture for idiomatically-ported supervisor trees (that is, the ways they differ are deliberately chosen, not accidents), and reign for Go-native cluster-like support. I use suture in almost everything I write. Reign is used on production services but I don't generally use it because I think modern stacks have better options with modern message busses, but it can be useful for porting.

I think the distinction between expected and unexpected errors can easily fall through the cracks and writing code in a way that an unexpected error doesn’t break everything is quite powerful.

Golang makes it easy to ignore errors that can be ignored and defer/recover provide a way to implement a way to “let it fail”

There’s even an implementation of supervisor trees for Go [0] :)

[0] https://github.com/thejerf/suture

(If you'd like something lighter weight, suture is a supervisor library without a whole lot of other stuff. If you want that other stuff, by all means, go to town.)

This is the primary reason almost every program I write ends up using suture. The restarting is nice when it works, but Go code is often reasonably robust. (Not 100%, but reasonably.) But it's a nice organization principle.

Rust is backwards compatible when you stick to stable features, but the kernel uses unstable features that can and do incur breaking changes.

https://github.com/Rust-for-Linux/linux/issues/2

> How would this work?

Don't know exactly what you're asking.

> And why would it be a better idea?

Poorly written device drivers are a significant attack vector. It's one of the reasons Linux is now exploring using Rust for its own device drivers.[0] You may be asking -- why Rust and not some other language? Rust has many of the performance and interoperability advantages of C and C++, but as noted, makes certain classes of memory safety issues impossible. Rust also has significant mindshare among systems programming communities.

[0]: https://rust-for-linux.com

Ctrl-F "rust"

https://rust-for-linux.com/ links to LWN articles at https://lwn.net/Kernel/Index/#Development_tools-Rust that suggest that only basic modules are yet possible with the rust support in Linux kernels 6.2 and 6.3.

Rust-for-linux links to the Android binder module though:

> Android Binder Driver: This project is an effort to rewrite Android's Binder kernel driver in Rust.

> Motivation: Binder is one of the most security and performance critical components of Android. Android isolates apps from each other and the system by assigning each app a unique user ID (UID). This is called "application sandboxing", and is a fundamental tenet of the Android Platform Security Model.

> The majority of inter-process communication (IPC) on Android goes through Binder. Thus, memory unsafety vulnerabilities are especially critical when they happen in the Binder driver

... "Rust in the Linux kernel" (2021) https://security.googleblog.com/2021/04/rust-in-linux-kernel... :

> [...] We also need designs that allow code in the two languages to interact with each other: we're particularly interested in safe, zero-cost abstractions that allow Rust code to use kernel functionality written in C, and how to implement functionality in idiomatic Rust that can be called seamlessly from the C portions of the kernel.

> Since Rust is a new language for the kernel, we also have the opportunity to enforce best practices in terms of documentation and uniformity. For example, we have specific machine-checked requirements around the usage of unsafe code: for every unsafe function, the developer must document the requirements that need to be satisfied by callers to ensure that its usage is safe; additionally, for every call to unsafe functions (or usage of unsafe constructs like dereferencing a raw pointer), the developer must document the justification for why it is safe to do so.

> We'll now show how such a driver would be implemented in Rust, contrasting it with a C implementation. [...]

This guide with unsafe rust that calls into the C, and then with next gen much safer rust right next to it would be a helpful resource too.

What of the post-docker container support (with userspaces also written in go) should be cloned to rust first?

Rust-for-Linux issue tracker

Yes, I definitely agree that it's a problem that pr_info implicitly wraps its arguments in unsafe {}. I wrote my own Pull Request with a trival fix.

Note that this template won't work with Linux 6.1, which has very minimal Rust support. You'll want the RustForLinux tree, or maybe Linux 6.2.

You can join Rust for Linux zulip chat by requesting invite using the link in https://github.com/Rust-for-Linux/linux 's README.