An annotated Rust bibliography

tags: rust type systems

This is meant to be a collection of Rust papers I have read and appreciated, along with a summary of where they fit into the ecosystem. Feel free to email me with suggestions!

First-hand experiences of using Rust

Ownership is Theft: Experiences Building an Embedded OS in Rust (2015) [BiBTeX entry]

by Levy, Amit and Andersen, Michael P. and Campbell, Bradford and Culler, David and Dutta, Prabal and Ghena, Branden and Levis, Philip and Pannuto, Pat.


Rust, a new systems programming language, provides compile-time memory safety checks to help eliminate runtime bugs that manifest from improper memory management. This feature is advantageous for operating system development, and especially for embedded OS development, where recovery and debugging are particularly challenging. However, embedded platforms are highly event-based, and Rust's memory safety mechanisms largely presume threads. In our experience developing an operating system for embedded systems in Rust, we have found that Rust's ownership model prevents otherwise safe resource sharing common in the embedded domain, conflicts with the reality of hardware resources, and hinders using closures for programming asynchronously. We describe these experiences and how they relate to memory safety as well as illustrate our workarounds that preserve the safety guarantees to the largest extent possible. In addition, we draw from our experience to propose a new language extension to Rust that would enable it to provide better memory safety tools for event-driven platforms.

A nice discussion of what it means to write an operating system kernel in Rust. This paper is from the developers of Tock, a kernel for embedded systems, so they would know. I am still angry that they stole the excellent name.

The Case for Writing a Kernel in Rust (2017) [BiBTeX entry]

by Levy, Amit and Campbell, Bradford and Ghena, Branden and Pannuto, Pat and Dutta, Prabal and Levis, Philip.


An operating system kernel written in the Rust language would have extremely fine-grained isolation boundaries, have no memory leaks, and be safe from a wide range of security threats and memory bugs. Previous efforts towards this end concluded that writing a kernel requires changing Rust. This paper reaches a different conclusion, that no changes to Rust are needed and a kernel can be implemented with a very small amount of unsafe code. It describes how three sample kernel mechanisms---DMA, USB, and buffer caches---can be built using these abstractions.

A follow-up to Ownership is Theft that suggests some work-arounds and mitigations to the problems the authors experienced.

Surveys and collected experiences