Jonathan Lalou's Blog

Posts Tagged ‘OxidizeConf2024’

Building a Cohesive Cloud Computer

Oxide Computer Company is redefining server hardware by designing a cohesive system from the ground up, leveraging Rust’s capabilities across its stack. Steve Klabnik, a prominent figure in the Rust community, delivered an insightful talk at OxidizeConf2024, detailing how Rust enables Oxide’s ambitious vision. From firmware to the host operating system and HTTP API backend, Steve highlighted Rust’s role in creating a robust, open-source server platform that contrasts with traditional fragmented server designs.

Oxide’s “cloud computer” integrates hardware and software, offering customers a rack-scale solution managed via an EC2-like API. Steve, drawing from his experience at Sun and Apple, emphasized the company’s commitment to open-source principles, making nearly all code publicly available. This approach not only fosters transparency but also allows the community to benefit from Oxide’s innovations, such as custom service processors that replace traditional baseboard management controllers (BMCs).

Rust in Low-Level Systems

Rust’s suitability for low-level tasks like firmware and operating systems is a cornerstone of Oxide’s strategy. Steve explained how Rust’s memory safety and type system prevent common errors in safety-critical components, such as the root of trust and service processor firmware. Unlike traditional C-based firmware, Rust’s borrow checker ensures robust code, reducing debugging time. This was evident in Oxide’s development board, which uses an ARM chip and custom firmware written in Rust, showcasing the language’s ability to handle complex initialization without relying on standard libraries.

However, Steve acknowledged challenges, such as the difficulty of system bring-up, where hardware-specific issues like bit-banging persist regardless of the programming language. Rust mitigates some risks by preventing accidental errors, but developers must still navigate low-level complexities. Oxide’s approach, combining Rust’s safety with rigorous testing, ensures that firmware and operating system components meet the high reliability standards required for server environments.

Enhancing Productivity and Security

A significant advantage of Rust, as Steve articulated, is its impact on developer productivity. Contrary to perceptions of slow iteration due to the borrow checker, experienced Rust developers find it accelerates development by catching errors early. Steve contrasted this with languages like Ruby, where initial coding is fast but debugging consumes significant time. Rust’s holistic cost of ownership—factoring in maintenance and debugging—makes it highly productive, a point often underappreciated by newcomers.

Security is another critical focus, particularly for Oxide’s government and enterprise clients. Steve discussed measures like running Cargo audit to mitigate supply chain attacks, ensuring that the firmware executed matches the intended code. While not foolproof, these practices, combined with Rust’s safety guarantees, provide a robust foundation for secure systems. As Oxide targets regulated industries, Steve anticipates further enhancements to address stringent security requirements.

Community and Future Directions

Oxide’s commitment to open-source extends beyond code to community engagement. Steve highlighted customers like Shopify and a U.S. Department of Energy lab, reflecting diverse use cases from tech companies to privacy-focused organizations. By sharing code and collaborating on platforms like GitHub, Oxide fosters innovation and reduces development costs for non-differentiating components, such as math libraries. This aligns with industry trends toward collaborative open-source solutions, similar to the adoption of Kubernetes in the 2000s.

Looking forward, Steve envisions Rust playing a larger role in server development, particularly as organizations prioritize data sovereignty and cost efficiency. Oxide’s success in selling to high-profile clients demonstrates Rust’s readiness for production environments, challenging the notion that it’s solely suited for high-level applications. By continuing to refine their processes and share insights, Oxide is poised to shape the future of systems programming with Rust.

Links:

• Oxide Computer Company website
• Oxide Computer Company GitHub

From C# to Rust: A Transformative Journey

The mobile gaming industry, long dominated by Unity and C#, is witnessing a shift toward open-source technologies that promise enhanced performance and developer experience. Stefan Dilly, founder of RustUnit, shared his five-year journey of adopting Rust for mobile game development at OxidizeConf2024. Stefan, a seasoned developer and maintainer of the open-source GitUI, traced his progression from integrating Rust libraries in a Go backend and C# frontend to building fullstack Rust mobile games, culminating in the launch of Zoolitaire, a testament to Rust’s growing viability in gaming.

Initially, Stefan’s team at GameRiser in 2019 used Rust for AI calculations within a Go backend, interfacing with a Unity-based C# frontend via a cumbersome C FFI and JSON serialization. This approach, while functional, was verbose and slow, hampered by Go’s garbage collector and Unity’s long iteration times. The challenges prompted a pivot to a Rust-based backend in late 2019, leveraging the stabilization of async/await. Despite early hurdles, such as a buggy MongoDB driver, this transition yielded a more robust server for games like Wheelie Royale, a multiplayer motorcycle racing game.

Advancing Frontend Integration

The next phase of Stefan’s journey focused on improving frontend integration. By replacing JSON with Protocol Buffers (protobuf), his team streamlined communication between Rust and Unity, reducing memory overhead and improving performance. This allowed shared code between backend and frontend, enhancing maintainability. However, Unity’s limitations, such as slow reload times, spurred Stefan to explore fullstack Rust solutions. The advent of the Bevy game engine, known for its Entity Component System (ECS) and WebGPU rendering, marked a turning point, enabling native Rust game development without Unity’s constraints.

Stefan showcased Zoolitaire, a mobile game built entirely in Rust using Bevy, featuring deterministic game logic shared between client and server. This ensures fairness by validating gameplay on the server, a critical feature for competitive games. The open-source Bevy plugins developed by RustUnit, supporting iOS-specific features like in-app purchases and notifications, further demonstrate Rust’s potential to deliver a complete gaming ecosystem. These plugins, available on GitHub, empower developers to create feature-rich mobile games with minimal dependencies.

The Future of Rust in Gaming

Looking ahead, Stefan envisions Rust playing a significant role in game development, particularly as companies seek alternatives to Unity’s licensing model. The Bevy engine’s rapid growth and community support make it a strong contender, though challenges remain, such as limited console support and the learning curve for Rust’s borrow checker. Stefan’s experience onboarding junior developers suggests that Rust’s reputation for complexity is overstated, as its safety features and clear error messages facilitate learning, especially for those without preconceived coding habits.

The launch of a new racing game at OxidizeConf2024, playable via a browser, underscores Rust’s readiness for mobile gaming. Stefan’s call to action—inviting attendees to beat his high score—reflects the community-driven spirit of Rust development. By open-sourcing critical components and fostering collaboration through platforms like Discord, Stefan is paving the way for Rust to challenge established game engines, offering developers a performant, safe, and open-source alternative.

Links:

• RustUnit company website
• GitUI GitHub repository

Revolutionizing Hardware Manufacturing

The landscape of hardware manufacturing has long been constrained by proprietary tools provided by chip vendors, often treated as opaque systems that limit developer control. Ryan Summers from Forged.dev delivered an engaging presentation at OxidizeConf2024, showcasing how Rust and the Probe.rs library are transforming hardware production processes. With a background in safety-critical embedded systems, including medical devices like neurostimulators, Ryan illustrated how Rust’s modern tooling empowers developers to achieve precise control over device programming, moving beyond the limitations of traditional black-box solutions.

Ryan’s talk focused on the production process for a hypothetical Bluetooth-enabled pacemaker, highlighting the need for meticulous device provisioning and testing. In traditional manufacturing, tasks like assigning serial numbers, calibrating sensors, and programming firmware rely on vendor-supplied binaries with limited customization options. Probe.rs, an open-source Rust library, changes this paradigm by offering fine-grained memory control, enabling developers to tailor device configurations and integrate them into automated production workflows. This approach ensures higher quality and reliability, particularly for safety-critical applications where failures are not an option.

The Power of Probe.rs

Central to Ryan’s presentation was the Probe.rs library, which redefines how developers interact with microcontrollers during production. Unlike vendor-supplied tools that restrict operations to basic flashing and erasing, Probe.rs provides a programmatic interface for memory manipulation and direct communication with devices. Ryan demonstrated how this enables tasks like assigning unique Bluetooth addresses and storing calibration data in external memory chips, streamlining the provisioning process. The library’s flexibility allows manufacturers to integrate these tasks into automated systems, reducing errors and improving efficiency.

Moreover, Probe.rs extends beyond manufacturing to support advanced use cases like embedded testing and performance profiling. Ryan highlighted the emerging embedded-test feature, which allows unit tests to run directly on hardware, a boon for validating safety-critical systems. By leveraging Rust’s type safety and memory guarantees, Probe.rs minimizes the risk of errors during programming, ensuring that devices meet stringent quality standards. This capability is particularly valuable in medical and automotive industries, where precision is paramount.

Scaling Production with Rust

Ryan also discussed scaling hardware production with Rust, addressing both small-scale and high-volume manufacturing. For safety-critical devices, such as pacemakers, every unit must undergo rigorous testing to detect defects like cold solder joints or short circuits. Probe.rs facilitates this by enabling automated testing workflows that integrate with production lines, ensuring consistent quality. Ryan noted that while some consumer markets may prioritize speed over quality, safety-critical sectors demand the precision that Rust and Probe.rs deliver.

For large-scale production, Ryan and Probe.rs founder Noah collaborated on Forged.dev Marinas, a tool designed to manage firmware deployment, serial number assignment, and cloud-based data storage. This solution caters to manufacturers needing to comply with regulations like FDA standards, ensuring traceability and accountability. Ryan’s insights underscored Rust’s potential to unify development and production processes, offering a cohesive ecosystem that contrasts with the fragmented tools of traditional manufacturing.

Links:

• Forged.dev company website

The Evolution of GUI Development

In the ever-evolving realm of graphical user interface (GUI) development, the quest for robust, safe, and efficient tools is paramount. David Vincze, a senior software engineer at Felgo, presented a compelling exploration of Slint as a Rust-based alternative to QML at OxidizeConf2024. With a background steeped in C++ and Qt, particularly in automotive instrument clusters, David shared his insights into how Slint offers a fresh perspective for developers accustomed to QML’s declarative approach within the Qt framework. His presentation illuminated the potential of Slint to address the limitations of QML, particularly its reliance on C++ and JavaScript, which can introduce runtime errors that challenge developers in safety-critical environments.

QML, a mature language with over a decade of use, has been a cornerstone for cross-platform GUI development, enabling developers to write a single codebase that runs on embedded, mobile, desktop, and web platforms. Its JSON-like syntax, coupled with reactive property bindings and JavaScript logic, simplifies prototyping and maintenance. However, David highlighted the inherent risks, such as performance bottlenecks due to JavaScript’s runtime interpretation and the dependency on the extensive Qt ecosystem, which can entail licensing costs. Slint, a newer toolkit built with Rust, emerges as a promising alternative, compiling to native code to catch errors at build time, thus enhancing reliability for embedded systems.

Comparing Slint and QML

David’s analysis centered on a practical comparison between Slint and QML, drawing from a demo weather application and home automation UI developed at Felgo. This project, available on Felgo’s GitHub as the Rusty Weather App, reimplemented a QML-based application in Slint, showcasing its multiplatform capabilities on desktop, embedded Raspberry devices, and Android. The comparison revealed striking similarities in their declarative syntax, with both languages using component-based structures to define UI elements. However, Slint’s code is notably more compact, and its components can be exported to native code, offering greater integration flexibility compared to QML’s C++-centric approach.

A key differentiator is Slint’s compilation to native code, which eliminates runtime errors common in QML’s JavaScript logic. This is particularly advantageous for embedded systems, where performance and reliability are critical. David demonstrated how Slint’s lightweight runtime and reactive property bindings mirror QML’s strengths but leverage Rust’s memory safety to prevent common programming errors. However, Slint lacks some of QML’s advanced features, such as multimedia support, 3D rendering, and automated UI testing, which are still in development. Despite these gaps, Slint’s rapid evolution, with frequent releases, signals its potential to rival QML in the future.

Challenges and Opportunities in Transitioning

Transitioning from QML to Slint presents both opportunities and challenges. David emphasized Slint’s benefits, including its integration with Rust’s ecosystem, which offers a robust package manager (Cargo) and seamless cross-compilation. The Slint VS Code extension, with its live preview feature, accelerates development by allowing real-time UI modifications without recompilation. This contrasts with QML’s reliance on tools like Qt Creator, which, while comprehensive, tie developers to the Qt ecosystem. Slint’s open-source nature and multi-language APIs (supporting Rust, C++, JavaScript, and Python) further enhance its appeal for diverse projects.

However, David acknowledged challenges, particularly in areas like internationalization, where Slint’s reliance on the Gettext library complicates translation processes compared to Qt’s well-established framework. Features like multi-window support and internal timers are also underdeveloped in Slint, posing hurdles for developers accustomed to QML’s mature ecosystem. Despite these, David advocated for Slint’s adoption in Rust-centric projects, citing its predictability and performance advantages, especially for embedded development. The community’s active development and planned UI testing support suggest that Slint’s limitations may soon be addressed, making it a compelling choice for forward-thinking developers.

Links:

• Felgo company website

Understanding OxidOS and ISO 26262

Georgiana Vlădulescu and Alexandru Radovici, representing OxidOS, shared their journey of certifying an operating system written entirely in Rust for ISO 26262 ASIL-D compliance at OxidizeConf2024. OxidOS, a professional derivative of the open-source Tock operating system, is designed for safety-critical applications in small electronic control units (ECUs). Their presentation provided a deep dive into the challenges and innovative solutions encountered while aligning OxidOS with the stringent requirements of ISO 26262, a standard that defines functional safety for automotive components.

ISO 26262 categorizes safety requirements into Automotive Safety Integrity Levels (ASILs), ranging from QM (Quality Management) to ASIL-D, based on factors like severity, exposure, and controllability. Georgiana and Alexandru explained that OxidOS aims to achieve ASIL-D certification out of context, meaning it can be used across various automotive applications, from infotainment to critical systems like airbags. This ambitious goal requires meticulous documentation and process adherence, which their team has approached with a focus on automation and open-source tools.

Challenges in Certification

The certification process for OxidOS revealed significant hurdles, primarily due to the automotive industry’s reliance on legacy tools and processes. Georgiana noted that traditional expectations, such as exchanging Excel documents, felt archaic to a team accustomed to modern software development practices. These manual processes were not only time-consuming but also prone to errors, as they lacked integration with development workflows. Additionally, the absence of Rust-specific tools in the certification domain posed a challenge, as most existing solutions cater to C-based systems.

Another significant obstacle was maintaining team motivation, as developers often prefer coding over documentation. To address this, the OxidOS team transformed the certification process into a challenge, encouraging developers to innovate by creating custom tools and workflows. This approach empowered the team, fostering a sense of autonomy and reducing burnout by allowing developers to switch between projects during downtime.

Innovative Solutions with Rust

Rust’s ecosystem proved instrumental in overcoming these challenges. The team adopted Sphinx Needs, an extension of the Sphinx documentation tool, to implement a “document as code” philosophy. This approach allowed them to version control requirements using GitHub, enabling asynchronous collaboration and historical tracking. By integrating tools like Cargo Doc, they automated the generation of certification documents from Rust code, significantly reducing manual effort.

Alexandru emphasized the importance of minimizing transitive dependencies in OxidOS, relying solely on libcore to maintain control over the codebase. This policy, coupled with Rust’s safety guarantees, ensured that the operating system remained robust and compliant. The team also developed custom scripts to link code changes to documentation, ensuring that updates to Tock’s upstream repository could be seamlessly integrated into the certification process without requiring extensive manual rework.

Future Directions and Industry Impact

Looking ahead, Georgiana and Alexandru outlined plans to enhance automation further, particularly in tracking code changes and their impact on certification requirements. By creating a link between code and documentation, they aim to streamline the process of updating requirements as Tock evolves. This approach addresses a critical industry challenge: certifying open-source software that lacks the controlled development environment of proprietary systems.

The presentation also highlighted broader industry implications. Alexandru noted that many automotive companies face similar tool-related challenges, often duplicating efforts due to non-disclosure agreements. By open-sourcing their tools in the future, the OxidOS team hopes to foster collaboration and reduce redundancy, potentially transforming how open-source software is certified in the automotive sector.

Links:

• OxidOS company website

Introduction to Automotive Compliance

The automotive industry, with its intricate blend of mechanical and electronic systems, demands rigorous standards to ensure safety and reliability. Vignesh Radhakrishnan from Thoughtworks delivered an insightful presentation at OxidizeConf2024, exploring the concept of continuous compliance in automotive software development using Rust. He elucidated how the shift from mechanical to software-driven vehicles has amplified the need for robust compliance processes, particularly in adhering to standards like ISO 26262 and Automotive SPICE (ASPICE). These standards are pivotal in ensuring that automotive software meets stringent safety and quality requirements, safeguarding drivers and passengers alike.

Vignesh highlighted the transformation in the automotive landscape, where modern vehicles integrate complex software for features like adaptive headlights and reverse assist cameras. Unlike mechanical components with predictable failure patterns, software introduces variability that necessitates standardized compliance to maintain quality. The presentation underscored the challenges of traditional compliance methods, which are often manual, disconnected from development workflows, and conducted at the end of the development cycle, leading to inefficiencies and delayed feedback.

Continuous Compliance: A Paradigm Shift

Continuous compliance represents a transformative approach to integrating safety and quality assessments into the software development lifecycle. Vignesh emphasized that this practice involves embedding compliance checks within the development pipeline, allowing for immediate feedback on non-compliance issues. By maintaining documentation close to the code, such as requirements and test cases, developers can ensure traceability and accountability. This method not only streamlines the audit process but also reduces the mean-time-to-recovery when issues arise, enhancing overall efficiency.

The use of open-source tools like Sphinx, a Python documentation generator, was a focal point of Vignesh’s talk. Sphinx facilitates bidirectional traceability by linking requirements to code components, enabling automated generation of audit-ready documentation in HTML and PDF formats. Vignesh demonstrated a proof-of-concept telemetry project, showcasing how Rust’s cohesive toolchain, including Cargo and Clippy, integrates seamlessly with these tools to produce compliant software artifacts. This approach minimizes manual effort and ensures that compliance is maintained iteratively with every code commit.

Rust’s Role in Simplifying Compliance

Rust’s inherent features make it an ideal choice for automotive software development, particularly in achieving continuous compliance. Vignesh highlighted Rust’s robust toolchain, which includes tools like Cargo for building, testing, and formatting code. Unlike C or C++, where developers rely on disparate tools from multiple vendors, Rust offers a unified, developer-friendly environment. This cohesiveness simplifies the integration of compliance processes into continuous integration (CI) pipelines, as demonstrated in Vignesh’s example using CircleCI to automate compliance checks.

Moreover, Rust’s emphasis on safety and ownership models reduces common programming errors, aligning well with the stringent requirements of automotive standards. By leveraging Rust’s capabilities, developers can produce cleaner, more maintainable code that inherently supports compliance efforts. Vignesh’s example of generating traceability matrices and architectural diagrams using open-source tools like PlantUML further illustrated how Rust can enhance the compliance process, making it more accessible and cost-effective.

Practical Implementation and Benefits

In his demonstration, Vignesh showcased a practical implementation of continuous compliance using a telemetry project that streams data to AWS. By integrating Sphinx with Rust code, he illustrated how requirements, test cases, and architectural designs could be documented and linked automatically. This setup allows for real-time compliance assessments, ensuring that software remains audit-ready at all times. The use of open-source plugins and tools provides flexibility, enabling adaptation to various input sources like Jira, further streamlining the process.

The benefits of this approach are manifold. Continuous compliance fosters greater accountability within development teams, as non-compliance issues are identified early. It also enhances flexibility by allowing integration with existing project tools, reducing dependency on proprietary solutions. Vignesh cited the Ferrocene compiler as a real-world example, where similar open-source tools have been used to generate compliance artifacts, demonstrating the feasibility of this approach in large-scale projects.

Links:

• Thoughtworks company website

Crafting Safe Interfaces for Embedded Systems

In the domain of embedded systems, where reliability and efficiency are paramount, Rust has emerged as a powerful tool for building robust software. At OxidizeConf2024, Sojan James from Acsia Technologies delivered an engaging presentation on creating Rust bindings for ThreadX, a compact real-time operating system (RTOS) tailored for microcontrollers. With nearly two decades of experience in C programming and a passion for Rust since 2018, Sojan shared his journey of developing bindings that bridge ThreadX’s C-based architecture with Rust’s safety guarantees, offering practical strategies for embedded developers.

ThreadX, known for its lightweight footprint and static memory allocation, is widely used in automotive digital cockpits and other resource-constrained environments. Sojan’s goal was to create a safe Rust API over ThreadX’s C interfaces, enabling developers to leverage Rust’s type safety and ownership model. His approach involved generating unsafe bindings, wrapping them in a safe abstraction layer, and building sample applications on an STM32 microcontroller. This process, completed primarily during a week-long Christmas project, demonstrates Rust’s potential to enhance embedded development with minimal overhead.

Strategies for Binding Development

Sojan outlined a systematic approach to developing Rust bindings for ThreadX. The first step was creating unsafe bindings to interface with ThreadX’s C API, using Rust’s foreign function interface (FFI) to call C functions directly. This required careful handling of callbacks and memory management, as ThreadX’s static allocation model aligns well with Rust’s borrow checker. Sojan emphasized the importance of reviewing the generated bindings to identify areas where Rust’s ownership semantics could expose architectural inconsistencies, though he noted ThreadX’s maturity minimized such issues.

To create a safe API, Sojan wrapped the unsafe bindings in Rust structs and enums, introducing a typed channel interface for message passing. For example, he demonstrated a queue of type Event, an enum ensuring type safety at compile time. This approach prevents common errors, such as mixing incompatible data types, enhancing reliability in safety-critical applications like automotive systems. A demo on an STM32 showcased two tasks communicating via a 64-byte queue within a 2KB block pool, highlighting the practical application of these bindings in real-world scenarios.

Future Directions and Community Engagement

While Sojan’s bindings are functional, challenges remain, particularly with ThreadX’s timer callbacks, which lack a context pointer, complicating Rust’s safe abstraction. He plans to address this by exploring alternative callback mechanisms or additional abstractions. The bindings, hosted on GitHub, are open for community contributions, reflecting Sojan’s commitment to collaborative development. At Acsia, Rust is being integrated into automotive platforms, including an R&D project, signaling its growing adoption in the industry.

Sojan’s work underscores Rust’s potential to modernize embedded development, offering memory safety without sacrificing performance. By sharing his code and inviting contributions, he fosters a community-driven approach to refining these bindings. As Rust gains traction in automotive and other embedded domains, Sojan’s strategies provide a blueprint for developers seeking to integrate modern programming paradigms with established RTOS platforms, paving the way for safer, more efficient systems.

Links:

• Acsia Technologies company website
• ThreadX Rust bindings repository