DOCSLIB.ORG

Safe Systems Programming in Rust: the Promise and the Challenge Ralf Jung, Jacques-Henri Jourdan, Robbert Krebbers, Derek Dreyer

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Safe Systems Programming in Rust: the Promise and the Challenge Ralf Jung, Jacques-Henri Jourdan, Robbert Krebbers, Derek Dreyer Safe Systems Programming in Rust: The Promise and the Challenge Ralf Jung, Jacques-Henri Jourdan, Robbert Krebbers, Derek Dreyer To cite this version: Ralf Jung, Jacques-Henri Jourdan, Robbert Krebbers, Derek Dreyer. Safe Systems Programming in Rust: The Promise and the Challenge. Communications of the ACM, Association for Computing Machinery, 2021, 64 (4), pp.144-152. 10.1145/3418295. hal-03021536 HAL Id: hal-03021536 https://hal.archives-ouvertes.fr/hal-03021536 Submitted on 24 Nov 2020 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. Safe Systems Programming in Rust: The Promise and the Challenge Ralf Jung Jacques-Henri Jourdan Robbert Krebbers Derek Dreyer MPI-SWS, Université Paris-Saclay, CNRS, LRI, TU Delft, MPI-SWS, Germany France The Netherlands Germany this control comes at a steep cost. For example, Microsoft Key Insights recently reported that 70% of the security vulnerabilities they • Rust is the first industry-supported programming language fix are due to memory safety violations [33], precisely the to overcome the longstanding tradeoff between the safety type of bugs that strong type systems were designed to rule guarantees of higher-level languages (like Java) and the out. Likewise, Mozilla reports that the vast majority of critical control over resource management provided by lower-level bugs they find in Firefox are memory-related [16]. If only “systems programming” languages (like C and C++). there were a way to somehow get the best of both worlds: a • It tackles this challenge using a strong type system based safe systems programming language with control... on the ideas of ownership and borrowing, which statically Enter Rust. Sponsored by Mozilla and developed actively prohibits the mutation of shared state. This approach en- over the past decade by a large and diverse community of ables many common systems programming pitfalls to be contributors, Rust supports many common low-level program- detected at compile time. ming idioms and APIs derived from modern C++. However, • There are a number of data types whose implementations unlike C++, Rust enforces the safe usage of these APIs with fundamentally depend on shared mutable state and thus a strong static type system. cannot be typechecked according to Rust’s strict ownership In particular, like Java, Rust protects programmers from discipline. To support such data types, Rust embraces the memory safety violations (e.g., “use-after-free” bugs). But judicious use of unsafe code encapsulated within safe APIs. Rust goes further by defending programmers against other, • The proof technique of semantic type soundness, together more insidious anomalies that no other mainstream language with advances in separation logic and machine-checked can prevent. For example, consider data races: unsynchro- proof, has enabled us to begin building rigorous formal nized accesses to shared memory (at least one of which is foundations for Rust as part of the RustBelt project. a write). Even though data races effectively constitute unde- fined (or weakly-defined) behavior for concurrent code, most There is a longstanding tension in programming language “safe” languages (such as Java and Go) permit them, and they design between two seemingly irreconcilable desiderata. are a reliable source of concurrency bugs [35]. In contrast, Rust’s type system rules out data races at compile time. • Safety. We want strong type systems that rule out large Rust has been steadily gaining in popularity, to the point classes of bugs statically. We want automatic memory that it is now being used internally by many major indus- management. We want data encapsulation, so that we can trial software vendors (such as Dropbox, Facebook, Ama- enforce invariants on the private representations of objects zon, and Cloudflare) and has topped StackOverflow’s list and be sure that they will not be broken by untrusted code. of “most loved” programming languages for the past four • Control. At least for “systems programming” applications years. Microsoft’s Security Response Center Team recently like web browsers, operating systems, or game engines, announced that it is actively exploring an investment in the where performance or resource constraints are a primary use of Rust at Microsoft to stem the tide of security vulnera- concern, we want to determine the byte-level representa- bilities in system software [25,8]. tion of data. We want to optimize the time and space usage The design of Rust draws deeply from the wellspring of of our programs using low-level programming techniques. academic research on safe systems programming. In particu- We want access to the “bare metal” when we need it. lar, the most distinctive feature of Rust’s design—in relation to other mainstream languages—is its adoption of an own- Sadly, the conventional wisdom goes, we can’t have ership type system (which in the academic literature is often everything we want. Languages like Java give us strong referred to as an affine or substructural type system [36]). safety, but it comes at the expense of control. As a result, for Ownership type systems help the programmer enforce safe many systems programming applications, the only realistic patterns of lower-level programming by placing restrictions option is to use a language like C or C++ that provides on which aliases (references) to an object may be used to fine-grained control over resource management. However, mutate it at any given point in the program’s execution. 1 2020/5/1 However, Rust goes beyond the ownership type systems still points to the old buffer. In other words, adding a new of prior work in at least two novel and exciting ways: element to v has turned vptr into a dangling pointer. This is possible because both pointers were aliasing: an action 1. Rust employs the mechanisms of borrowing and lifetimes, through a pointer (v) will in general also affect all its aliases which make it much easier to express common C++-style (vptr). The entire situation is visualized as follows: idioms and ensure that they are used safely. v 2. Rust also provides a rich set of APIs—e.g., for concur- 10 10 rency abstractions, efficient data structures, and memory vptr 11 11 management—which fundamentally extend the power of 12 the language by supporting more flexible combinations The fact that vptr is now a dangling pointer becomes of aliasing and mutation than Rust’s core type system al- a problem in the fourth line. Here we load from vptr, and lows. Correspondingly, these APIs cannot be implemented since it is a dangling pointer, this is a use-after-free bug. within the safe fragment of Rust: rather, they internally In fact, the problem is common enough that one instance of make use of potentially unsafe C-style features of the lan- it has its own name: iterator invalidation, which refers to the guage, but in a safely encapsulated way that is claimed situation where an iterator (usually internally implemented not to disturb Rust’s language-level safety guarantees. with a pointer) gets invalidated because the data structure it it- These aspects of Rust’s design are not only essential to erates over is mutated during the iteration. It most commonly its success—they also pose fundamental research questions arises when one iterates over some container data structure in about its semantics and safety guarantees that the program- a loop, and indirectly, but accidentally, calls an operation that ming languages community is just beginning to explore. mutates the data structure. Notice that in practice the call to In this article, we begin by giving the reader a bird’s-eye the operation that mutates the data structure (push_back in view of the Rust programming language, with an emphasis line 3 of our example) might be deeply nested behind several on some of the essential features of Rust that set it apart from layers of abstraction. In particular when code gets refactored its contemporaries. Second, we describe the initial progress or new features get added, it is often near impossible to de- made in the RustBelt project, an ongoing project funded termine if pushing to a certain vector will invalidate pointers by the European Research Council (ERC), whose goal is to elsewhere in the program that are going to be used again later. provide the first formal (and machine-checked) foundations Comparison with garbage-collected languages for the safety claims of Rust. In so doing, we hope to inspire other members of the computer science research community Languages like Java, Go, and OCaml avoid use-after-free to start paying closer attention to Rust and to help contribute bugs using garbage collection: memory is only deallocated to the development of this groundbreaking language. when it can no longer be used by the program. Thus, there can be no dangling pointers and no use-after-free. Motivation: Pointer Invalidation in C++ One problem with garbage collection is that, to make it effi- cient, such languages generally do not permit interior pointers To demonstrate the kind of memory safety problems that (i.e., pointers into data structures). For example, arrays int[] arise commonly in systems programming languages, let us in Java are represented similarly to std::vector<int> in consider the following C++ code: C++ (except arrays in Java cannot be grown). However, un- like in C++, one can only get and set elements of a Java array, 1 std::vector<int>v { 10, 11 }; not take references to them.
Load more

Recommended publications
  • PL/I List Processing • PL/I Language Lacked FaciliEs for TreaNg Linked Lists HAROLD LAWSON,JR
    The Birth of the Pointer Variable Based upon: Experiences and Reflec;ons of a Computer Pioneer Harold “Bud” Lawson FELLOW FELLOW and LIFE MEMBER IEEE COMPUTER SOCIETY CHARLES BABBAGE COMPUTER PIONEER FELLOW Overlapping Phases • Phase 1 (1959-1974) – Computer Industry • Phase 2 (1974-1996) - Computer-Based Systems • Phase 3 (1996-Present) – Complex Systems • Dedicated to all the talented colleagues that I have worked with during my career. • We have had fun and learned from each other. • InteresMng ReflecMons and Happenings are indicated in Red. Computer Industry (1959 to 1974) • Summer 1958 - US Census Bureau • 1959 Temple University (Introduc;on to IBM 650 (Drum Machine)) • 1959-61 Employed at Remington-Rand Univac • 1961-67 Employed at IBM • 1967-69 Part Time Consultant (Professor) • 1969-70 Employed at Standard Computer Corporaon • 1971-73 Consultant to Datasaab, Linköping • 1973-… Consultant .. Expert Witness.. Rear Admiral Dr. Grace Murray Hopper (December 9, 1906 – January 1, 1992) Minted the word “BUG” – During her Mme as Programmer of the MARK I Computer at Harvard Minted the word “COMPILER” with A-0 in 1951 Developed Math-MaMc and FlowmaMc and inspired the Development of COBOL Grace loved US Navy Service – The oldest acMve officer, reMrement at 80. From Grace I learned that it is important to queson the status-quo, to seek deeper meaning and explore alterna5ve ways of doing things. 1980 – Honarary Doctor The USS Linköpings Universitet Hopper Univac Compiler Technology of the 1950’s Grace Hopper’s Early Programming Languages Math-MaMc
    [Show full text]
  • Systems Programming in C++ Practical Course
    Systems Programming in C++ Practical Course Summer Term 2019 Course Goals Learn to write good C++ • Basic syntax • Common idioms and best practices Learn to implement large systems with C++ • C++ standard library and Linux ecosystem • Tools and techniques (building, debugging, etc.) Learn to write high-performance code with C++ • Multithreading and synchronization • Performance pitfalls 1 Formal Prerequisites Knowledge equivalent to the lectures • Introduction to Informatics 1 (IN0001) • Fundamentals of Programming (IN0002) • Fundamentals of Algorithms and Data Structures (IN0007) Additional formal prerequisites (B.Sc. Informatics) • Introduction to Computer Architecture (IN0004) • Basic Principles: Operating Systems and System Software (IN0009) Additional formal prerequisites (B.Sc. Games Engineering) • Operating Systems and Hardware oriented Programming for Games (IN0034) 2 Practical Prerequisites Practical prerequisites • No previous experience with C or C++ required • Familiarity with another general-purpose programming language Operating System • Working Linux operating system (e.g. Ubuntu) • Basic experience with Linux (in particular with shell) • You are free to use your favorite OS, we only support Linux 3 Lecture & Tutorial • Lecture: Tuesday, 14:00 – 16:00, MI 02.11.018 • Tutorial: Friday, 10:00 – 12:00, MI 02.11.018 • Discuss assignments and any questions • First two tutorials are additional lectures • Everything will be in English • Attendance is mandatory • Announcements on the website 4 Assignments • Brief non-coding quizzes
    [Show full text]
  • Kednos PL/I for Openvms Systems User Manual
    ) Kednos PL/I for OpenVMS Systems User Manual Order Number: AA-H951E-TM November 2003 This manual provides an overview of the PL/I programming language. It explains programming with Kednos PL/I on OpenVMS VAX Systems and OpenVMS Alpha Systems. It also describes the operation of the Kednos PL/I compilers and the features of the operating systems that are important to the PL/I programmer. Revision/Update Information: This revised manual supersedes the PL/I User’s Manual for VAX VMS, Order Number AA-H951D-TL. Operating System and Version: For Kednos PL/I for OpenVMS VAX: OpenVMS VAX Version 5.5 or higher For Kednos PL/I for OpenVMS Alpha: OpenVMS Alpha Version 6.2 or higher Software Version: Kednos PL/I Version 3.8 for OpenVMS VAX Kednos PL/I Version 4.4 for OpenVMS Alpha Published by: Kednos Corporation, Pebble Beach, CA, www.Kednos.com First Printing, August 1980 Revised, November 1983 Updated, April 1985 Revised, April 1987 Revised, January 1992 Revised, May 1992 Revised, November 1993 Revised, April 1995 Revised, October 1995 Revised, November 2003 Kednos Corporation makes no representations that the use of its products in the manner described in this publication will not infringe on existing or future patent rights, nor do the descriptions contained in this publication imply the granting of licenses to make, use, or sell equipment or software in accordance with the description. Possession, use, or copying of the software described in this publication is authorized only pursuant to a valid written license from Kednos Corporation or an anthorized sublicensor.
    [Show full text]
  • Chapter 4 Introduction to UNIX Systems Programming
    Chapter 4 Introduction to UNIX Systems Programming 4.1 Introduction Last chapter covered how to use UNIX from from a shell program using UNIX commands. These commands are programs that are written in C that interact with the UNIX environment using functions called Systems Calls. This chapter covers this Systems Calls and how to use them inside a program. 4.2 What is an Operating System An Operating System is a program that sits between the hardware and the application programs. Like any other program it has a main() function and it is built like any other program with a compiler and a linker. However it is built with some special parameters so the starting address is the boot address where the CPU will jump to start the operating system when the system boots. Draft An operating system typically offers the following functionality: ● Multitasking The Operating System will allow multiple programs to run simultaneously in the same computer. The Operating System will schedule the programs in the multiple processors of the computer even when the number of running programs exceeds the number of processors or cores. ● Multiuser The Operating System will allow multiple users to use simultaneously in the same computer. ● File system © 2014 Gustavo Rodriguez-Rivera and Justin Ennen,Introduction to Systems Programming: a Hands-on Approach (V2014-10-27) (systemsprogrammingbook.com) It allows to store files in disk or other media. ● Networking It gives access to the local network and internet ● Window System It provides a Graphical User Interface ● Standard Programs It also includes programs such as file utilities, task manager, editors, compilers, web browser, etc.
    [Show full text]
  • Lecture 24 Systems Programming in C
    Lecture 24 Systems Programming in C A process is a currently executing instance of a program. All programs by default execute in the user mode. A C program can invoke UNIX system calls directly. A system call can be defined as a request to the operating system to do something on behalf of the program. During the execution of a system call , the mode is change from user mode to kernel mode (or system mode) to allow the execution of the system call. The kernel, the core of the operating system program in fact has control over everything. All OS software is trusted and executed without any further verification. All other software needs to request kernel mode using specific system calls to create new processes and manage I/O. A high level programmer does not have to worry about the mode change from user-mode to kernel-mode as it is handled by a predefined library of system calls. Unlike processes in user mode, which can be replaced by another process at any time, a process in kernel mode cannot be arbitrarily replaced by another process. A process in kernel mode can only be suspended by an interrupt or exception. A C system call software instruction generates an OS interrupt commonly called the operating system trap . The system call interface handles these interruptions in a special way. The C library function passes a unique number corresponding to the system call to the kernel, so kernel can determine the specific system call user is invoking. After executing the kernel command the operating system trap is released and the system returns to user mode.
    [Show full text]
  • 8297 SYSTEMS PROGRAMMER 1 Nature of Work Under General
    8297 SYSTEMS PROGRAMMER 1 Nature of Work Under general supervision, an employee in this class performs work of considerable difficulty to provide software support through installing and maintaining software systems such as TSO, IMS, TMS, SAS, CICS, WYLBUR, or other major subsystems. Work includes monitoring, debugging, updating and controlling software packages which interface with application programs of the various users. The incumbent works closely with higher level Systems Programmers on the more complex aspects of installations to assure compatibility with existing software/hardware environment. The incumbent participates in self-study and on-the-job training to improve skills in complex systems programming. An irregular work schedule and on-call duty is required of the position. May function as a consultant in the choice of installation and implementation of office automation equipment and software; the assignments involve multiple application, multiple platforms and complex, interdepartmental communications. Performs related work as required. Distinguishing Characteristics Systems Programmer 1 provides software support for systems which affect a large percentage of the user community. Errors in judgment at this level could affect a number of user operations for a period of time; however, the central mainframe system would continue to operate. Systems Programmer 2 provides support for major software systems; errors in judgment at this level could shut-down the entire central mainframe system. Examples of Work Installs and maintains systems software packages or data base management and data communications systems. Receives advanced training to improve techniques and methodologies used in support of complex host resident software packages. Monitors computer performance to identify, correct and/or improve the operational efficiency of the hardware/software configuration.
    [Show full text]
  • Blueprint for an Embedded Systems Programming Language
    Blueprint for an Embedded Systems Programming Language Paul Soulier Depeng Li Dept. of Information and Computer Sciences Dept. of Information and Computer Sciences University of Hawaii, Manoa University of Hawaii, Manoa Honolulu, Hawaii 96822 Honolulu, Hawaii 96822 Email: [email protected] Email: [email protected] Abstract Given the significant role embedded systems have, the implications of faulty software is clearly evident. Embedded systems have become ubiquitous and are However, software logic errors are not the only manner found in numerous application domains such as sen- in which a system can malfunction. The Stuxnet virus sor networks, medical devices, and smart appliances. [14] is an example of a failure caused by a malicious Software flaws in such systems can range from minor software attack that ultimately caused an industrial nuisances to critical security failures and malfunc- control system to destroy itself. As Internet connectiv- tions. Additionally, the computational power found in ity becomes increasingly common in embedded sys- these devices has seen tremendous growth and will tems, they too will be susceptible to software-based likely continue to advance. With increasingly powerful security exploits. hardware, the ability to express complex ideas and Many areas of software development have benefitted concepts in code becomes more important. Given the from the improvements made to programming lan- importance of developing safe and secure software guages. Modern languages are more capable of detect- for these applications, it is interesting to observe that ing errors at compile-time through their type system the vast majority of software for these devices is and many of the low-level and error prone aspects of written in the C programming language —an inher- programming have been abstracted away.
    [Show full text]
  • CS 52 / LECTURENOTES on a COURSE in SYSTEMS PROGRAMMING . BY. . AIANC. SHAW DECEMBER 9, 1966 COMPUTER SCIENCE DEPARTMENT School
    CS 52 / , / . LECTURENOTES ON A COURSE iN SYSTEMS PROGRAMMING . BY. AIANC. SHAW $F) pq WEET n+KLUWD --. K~~NICALREPORT NO. 52 DECEMBER 9, 1966 These notes are based on the lecturei of Professor Niklaus Wirth which were given during the winter and spring of 1965/66 as CS 236a and part of CS 236b, Computer Science Department, Stanford University. COMPUTER SCIENCE DEPARTMENT School of Humanities and Sciences STANFORD UNIVERSITY . ,’ January 15, 1967 ERRATA in . ALAN c. SHAW, LECTURE NOTES.CN A COURSE IN SYSTEMS PROGRAMMING * . CS TR No. 52, Dec. 9, 1966 P* 17, line 5, read "Si+l'! for "Si+k" . P* 34, line 4, read "operand[O:m];" for "operands[O:m];" . P* 35, line 3, read "real or" for "real of" . P* 39, line -7, read "KDF-9" for "KDK-9" . P* 50, line -8, read "careful" for "cardful" . P* 5% add an arrow from "Data Channel" to "Memory" in the diagram. P* 74, last box on page, read "TSXf, 4" for "TSX 4,r" in all cases. P* 75, diagram, read "SQRT" for "S$RT" . P* 86, line 10, append "~2 := s2 + a[j] X b[jl;" , line -10, read "C[l:&l:n];" for "C[l:.!,l:m];" . F* 91, last paragraph, replace by 11 "Dijkstra has developed a solution to the more general problem where there are n processes, instead of only 2, operating in parallel. See K.nuth13 for a discussion and extension of Dijkstra's solution.". p. 100, left, insert between lines -6 and -7, "TRA EQ" . left, line -2, read "1" for "7" .
    [Show full text]
  • SIE 507 Information Systems Programming
    SIE 507 Information Systems Programming Course Description Coding and understanding of basic programming techniques are essential for students regardless of their field of studies. This course is tailored for graduate students with little to no previous programming experience that have a need for practical programming skills. Firstly, this course will introduce basic programming concepts (variables, conditions, loops, data structures, etc.), and the Python programming environment. The second half of this course will be a getting started guide for data analysis in Python including data manipulation and cleaning techniques. By the end of this course, students will be able to take tabular data, read it, clean it, manipulate it, and run basic statistical analyses using Python. (Lec. 3. Cr. 3.) Prerequisites SIE or MSIS graduate students or permission of the instructor Course text Python Programming: An Introduction to Computer Science by John M. Zelle, Ph.D. (Power-point slides, video guides, and other lecture materials will be available in Blackboard) Course Goals and Objectives • Introduce students to central concepts of information system development • Develop an understanding of software design processes • Acquire essential computer programming skills • Acquire skills in basic data analysis in Python Faculty Information Dr. Nimesha Ranasinghe School of Computing and Information Science 333 Boardman Hall [email protected] Grading, Class Policies and Course Expectations As a graduate level course, you are expected to exhibit high-quality work that demonstrates a sound understanding of the concepts and their complexity. Earning an “A” represents oral and written work that is of exceptionally high quality and demonstrates a superb understanding of the course material.
    [Show full text]
  • UW/CSE Systems Programming — CSE 333 Course Description Draft of September 14, 2009
    UW/CSE Systems Programming — CSE 333 Course Description Draft of September 14, 2009 Structural place in the curriculum • 4 credits (3 weekly lectures, 1 weekly section, no lab) • Pre-requisites: Hardware/Software Interface • Subsequent courses: The following courses would have this course as a pre-requisite: Computer Graph- ics, Computer Vision, Software for Embedded Systems. The following courses would have this course as recommended or strongly recommended: Operating Systems, Networks. It would also be useful to students in Databases, Compilers, and similar areas. • Taken by: Required for CE hardware track and students in other courses that list it as a prerequsite; elective for all other CS and CE students. • Catalog description: To be determined Course Overview / Goals The focus of this course is techniques for designing, developing, and debugging programs in C and C++, in- cluding programs that have multiple source files, communicate with the operating system, and potentially do asynchronous or parallel computation and I/O. The course would include tools like debuggers and Makefiles that are needed for effective programming in this environment, but that would not be the core intellectual component of the course. The focus would be programs that are “closer to the machine” than those in the Software Design and Implementation course, which would be complementary to the material covered here. A goal of this course is to have a single 300-level course that would provide introductory C/C++ competency so that relevant 400-level courses could focus on the material important to their particular area and not have to cover the basics taught here.
    [Show full text]
  • Systems Programmer Ii
    SYSTEMS PROGRAMMER II DISTINGUISHING FEATURES OF THE CLASS: This is a high level technical position responsible for generating and maintaining the operating systems, programs, systems design and other software required by a computer system and its user agencies. The work involves the investigation of new computer industry developments, such as software alternatives, systems productivity tools, design methodologies, documentation approaches and programming efficiency, and the preparation of recommendations for present and future departmental requirements. The position is distinguished from Systems Programmer I by the supervision received and the complexity of assignments. Work is performed under the general supervision of the Director of Computer Services. Supervision may be exercised over technical employees involved in systems programming. Does related work as required. TYPICAL WORK ACTIVITIES: Evaluates operating systems releases, upgrades, makes recommendations, installs and maintains the software; Develops and prepares operator instructions and documentation relating to the system programs; Acts as debugging expert for the computer center; Reviews new technical developments for applicability to operating systems and system software; Advises Programmers and Operators on system functions, determines optimum equipment configuration, and selects standards routines; Confers with administrative supervisor on program ideas to improve production output; Works with operations staff to determine and recommend to the Director increased hardware
    [Show full text]
  • CSE 410: Systems Programming C and POSIX
    CSE 410: Systems Programming C and POSIX Ethan Blanton Department of Computer Science and Engineering University at Buffalo Introduction Basic C Basic POSIX The C Toolchain More C Pointers Text I/O Compiling Summary Coming Up References C and POSIX In this course, we will use: The C programming language POSIX APIs C is a programming language designed for systems programming. POSIX is a standardized operating systems interface based on UNIX. The POSIX APIs are C APIs. © 2018 Ethan Blanton / CSE 410: Systems Programming Introduction Basic C Basic POSIX The C Toolchain More C Pointers Text I/O Compiling Summary Coming Up References Why C? There are dozens of programming languages. Why C? C is “high level” — but not very. C provides functions, structured programming, complex data types, and many other powerful abstractions …yet it also exposes many architectural details Most operating system kernels are written in C. © 2018 Ethan Blanton / CSE 410: Systems Programming Introduction Basic C Basic POSIX The C Toolchain More C Pointers Text I/O Compiling Summary Coming Up References Why POSIX? POSIX is a standardization of the UNIX API. Portable Operating System Interface …X? In the 80s and 90s, UNIX implementations became very fragmented. Interoperability suffered, and a standard was developed. POSIX is probably the most widely implemented OS API. All UNIX systems (Linux, BSD, etc.) macOS Many real-time operating systems (QNX, RTEMS, eCos, …) Microsoft Windows (sort of) © 2018 Ethan Blanton / CSE 410: Systems Programming Introduction Basic C Basic POSIX The C Toolchain More C Pointers Text I/O Compiling Summary Coming Up References But really …why? We had to choose something.
    [Show full text]