Xous Operating System

(xous.dev)

30 points by eustoria3 days ago

3 comments

  • throwaway892011 hour ago
    Here&#x27;s their 39c3 talk about Xous: <a href="https:&#x2F;&#x2F;media.ccc.de&#x2F;v&#x2F;39c3-xous-a-pure-rust-rethink-of-the-embedded-operating-system" rel="nofollow">https:&#x2F;&#x2F;media.ccc.de&#x2F;v&#x2F;39c3-xous-a-pure-rust-rethink-of-the-...</a>
  • Rochus2 days ago
    Interesting, didn&#x27;t hear from this system so far. Seems to be funded by the EU. Apparently it is written in pure Rust since 2020, and Andrew &quot;bunnie&quot; Huang seems to be involved.<p>Is there a PDF version of the book (<a href="https:&#x2F;&#x2F;betrusted.io&#x2F;xous-book&#x2F;" rel="nofollow">https:&#x2F;&#x2F;betrusted.io&#x2F;xous-book&#x2F;</a>)?
    • romac1 hour ago
      There is a single-page version of the book that you can save as a PDF: <a href="https:&#x2F;&#x2F;betrusted.io&#x2F;xous-book&#x2F;print.html" rel="nofollow">https:&#x2F;&#x2F;betrusted.io&#x2F;xous-book&#x2F;print.html</a>
      • Rochus1 hour ago
        Great, thanks.<p>I assume the &quot;kernel&quot; makes heavy use of &quot;unsafe&quot;, because all the infrastructure assumed by Rust is not available. Or how was this solved?
        • jandrewrogers1 minute ago
          Use of &quot;unsafe&quot; is unavoidable. Various pieces of hardware are directly writing into the address space. Concepts of &quot;ownership&quot; and &quot;mutability&quot; go beyond code semantics.
        • maxbond23 minutes ago
          It&#x27;s not really about infrastructure but yes kernels and firmwares have to do a lot of stuff the compiler can&#x27;t verify as safe, eg writing to a magic memory address you obtained from the datasheet that enables some feature of the chip. And that will need to happen in unsafe code blocks. I wouldn&#x27;t call that a problem but it is a reality.
          • Rochus5 minutes ago
            Are you one of the authors? Concerning the &quot;infrastructure&quot;: Rust assumes a runtime, the standard library assumes a stack exists, a heap exists, and that main() is called by an OS; in a kernel, none of this is true. And the borrow checker cannot reason about things like e.g. DMA controllers mutating memory the CPU believes it owns, Memory-mapped I&#x2F;O where a &quot;read&quot; has side effects (violating functional purity), context switches that require saving register state to arbitrary memory locations, or interrupt handlers that violate the call stack model. That&#x27;s what I mean by &quot;infrastructure&quot;. It&#x27;s essentially the same issue with every programming language to some degree, but for Rust it is relevant to understand that the &quot;safety guarantees&quot; don&#x27;t apply to all parts of an operating system, even if written in Rust.
        • junon14 minutes ago
          You can&#x27;t write a kernel without `unsafe` appearing somewhere.
  • mmooss1 hour ago
    What problem is this solving? Are there no OSes for medium embedded systems? Are they too expensive?
    • Drunk_Engineer1 hour ago
      Trust and transparency: <a href="https:&#x2F;&#x2F;betrusted.io" rel="nofollow">https:&#x2F;&#x2F;betrusted.io</a>