jagomart
digital resources
picture1_Programming Pdf 183909 | Rta Csit 2016 Paper


 203x       Filetype PDF       File size 0.26 MB       Source: edizsaykol.weebly.com


File: Programming Pdf 183909 | Rta Csit 2016 Paper
utilizing rust programming language for efi based bootloader design tun c uzlu and ediz s aykol beykent university department of computer engineering ayazaga 34396 istanbul turkey tuncuzlu9 gmail com ediz ...

icon picture PDF Filetype PDF | Posted on 01 Feb 2023 | 2 years ago
Partial capture of text on file.
                   Utilizing Rust Programming Language for EFI-Based
                                                    Bootloader Design
                                                      Tun¸c Uzlu and Ediz S¸aykol
                                         Beykent University, Department of Computer Engineering,
                                                                      ˙
                                                     Ayaza˘ga, 34396, Istanbul, Turkey
                                             tuncuzlu9@gmail.com; ediz.saykol@beykent.edu.tr
                                                                       in Servo, Mozilla Foundations massively parallel web
                                                                       browsing engine, which is unique because of its concur-
                                   Abstract                            rent process rendering and compositing steps [JML15].
                                                                       Rust, as being a systems programming language, has
                   Rust, as being a systems programming lan-           ability to operate at the lowest level without any run-
                   guage, offers memorysafetywithzerocostand            time penalty, like C, C++ or Cyclone, but offers com-
                   without any runtime penalty unlike other lan-       plete memory safety, unlike these languages. Systems
                   guages like C, C++ or Cyclone. System pro-          programming languages are crucial for time criticial
                   gramming languages are mainly used for low          tasks like signal processing and also for bare-metal op-
                   level tasks such as design of operating system      erations such as design of operating system compo-
                   components, web browsers, game engines and          nents, web browsers, game engines where raw hard-
                   time critical missions like signal processing.      ware access is a must. Existing systems languages are
                   Main disadvantages of the existing systems          memory unsafe and extremely complicated because of
                   languages are being memory unsafe and hav-          their low level nature.
                   ing low level design. On the other hand, Rust          Systems programming languages are considered es-
                   offers high level language semantics, advanced       sential for embedded systems because of low mem-
                   standard library with modern skill set includ-      ory availability and exiguous processing power [HL15].
                   ing most of the features and functional ele-        The main reason is the lack of garbage collector which
                   ments of widely-used programming languages.                                               +
                                                                       causes non-deterministic delays [LAC 15]. Garbage
                   Moreover, Rust can be used as a scripting lan-      collectors provide very safe memory management, but
                   guage like Python, and a functional language        poorly manages the memory space and unpredictably
                   like Haskell or any other low level procedural      runs at the background. This design choice also affects
                   language like C or C++, since Rust is both          energy consumption which is very important for em-
                   imperative and functional having no garbage         bedded systems and changes operating system design
                   collector. These design choices make Rust a                         +
                                                                       paradigm [LMP 05].
                   suitable match for low level tasks via includ-         On the other hand, Rust is both imperative and
                   ing high level scalability and maintainability.     functional language. Although including different fla-
                   Meanwhile, EFI (Extensible Firmware Inter-          vors, Rust is highly scalable with capable standard
                   face) specification is aimed to remove the lim-      library comparable to high level languages.     Rich
                   itations of legacy hardware. Hence, we present      language semantics and haveing no garbage collector
                   ouranalysis of utilizing Rust language on EFI-      makes Rust suitable match for low level tasks while
                   based bootloader design for x86 architecture,       having high maintainability level. Moreover, Rust can
                   to make it useful for both practitioners and        be used as a scripting language like Python or as a
                   technology developers.                              functional language like Haskell because of its inher-
                                                                       ited skill set has been mostly adpoted from modern
               1 Introduction                                          languages.
               Rust programming language has been designed by             C++ is the most powerful systems programming
               Graydon Hoare and currently it is actively being de-    language today. Because of its multi paradigm de-
               veloped by Mozilla Foundation. It is also being used    sign and zero cost runtime performance, it is widely
                                                                     1
                used by numerous organizations and people with dif-       tion.
                ferent backgrounds. C++ has features with compli-            Rust ecosystem includes Rustc compiler but also a
                cated runtime support like RTTI and exceptions dis-       verypowerfulpackagemanager,Cargowithitsregistry
                abled for most bootloader applications. As it includes    webpage for crates, Rustfmt for code formatting, and
                every element from its predecessor C language, it also    Rustdoc. for automatic document generation. Cargo
                includes every memory safety pitfall from C. This vari-   has very well dependency management as it offers
                ation makesC++evenmorevulnerabletomemoryun-               strict versions of dependencies to be defined. It allows
                safety especially architects with C background widely     arbitrary flags to pass to Rustc, the Rust compiler,
                rely on these language elements. Cyclone, on the other    but most importantly with target argument [HL15] it
                hand, developed as an extension to C language to pro-     is possible to cross compile to another system differ-
                vide Rust-like memory safety mechanism with ability       entiating from host operating system. There is also
                to port from C to Cyclone without much effort. How-        features argument for conditional compiling. Cargo
                ever, this design choice caused the language semantics    reads projects meta information from a Toml file which
                to become restrictive and unwieldy.                       is very much like JSON, but more suitable for human
                  Another language which is popular and somehow           editing, rather than data serialization.
                racing with Rust is Go language because of its low
                learning curve. Go is supported by Google and is a        2.1   Rust Programming Concepts
                high level language which can be compared to Python
                or Ruby.   Go neither have generic types nor pro-         Ownership is one of the most important language se-
                vides safety over its concurrency model, Goroutines.      mantics of Rust.     Variable bindings can have one
                Rust has generics with monomorphisation so they are       unique owner. They can be moved, can be borrowed
                statically dispatched and has good runtime perfor-        numerous times if they are not previously borrowed
                mance [Bal15].                                            as mutable, that can be happened only once. Own-
                  Here, we present our analysis of utilizing Rust lan-    ership also works on resources like files or sockets and
                guageonEFI-basedbootloaderdesignforx86architec-           across threads. Rust provides traits to offer functional-
                ture, to make it useful for both practitioners and tech-  ity similar to inheritance [JML15]. For example, to du-
                                                                                                                       +
                nology developers. Our analysis in this paper starts      plicate an object Rust have Clone trait [LAC 15] also
                with presenting Rust language basics in detail in Sec-    there is Copy trait for bitwise copying. Anonymous
                tion 2. Then, bootloading basics is presented in Sec-     closure functions are also defined in terms of traits in
                tion 3. Since the main idea behind using Rust is pro-     Rust like Fn or FnMut depending on mutability and if
                gramming a critical-and-safe low-level task with high-    the closure is called once it should be FnOnce. They
                level programming concepts, we found bootloader de-       can not be used as a return value so they should be
                sign a typical application for this purpose, and discuss  enclosed into a Box which allocates space from Heap
                design choices that make Rust suitable in Section 4.      memory [Lig15].
                Finally, Section 5 concludes our paper and states fu-        Rust have Structs in a very similar way to C. The
                ture work.                                                main difference is data structure itself may be pub-
                                                                          lic whereas its elements may be private in the code
                2 Rust Language Details                                   space. Rust offers algebraic Enum which is more func-
                                                                          tional and much more advanced compared to that of
                Rust is an open source programming language, includ-      C++, which only has type checking. Option generic
                ing an issue system for bug reporting and separate        type is a special Enum type with maybe characteris-
                RFC tracker for language standardization, which are       tic. It is being used as a selector between a return
                located on Github repository. With the help of numer-     value, Some, or an error value, Err (or absence None).
                ous contributors around the world, Rust provides pre-     This Option and Error types are suitable for repre-
                compiled development environment for Linux, Win-          senting Null pointers so that it is impossible Rust to
                dows and OS X. It is also possible to cross compile       have Null pointer errors. This paradigm is also suit-
                RustforIos, Android, RasperryPiandotheroperating          able for Null pointer optimization as Rust uses LLVM
                systems. As Rust is a separate development toolchain      compiler infrastructure and benefits from same back-
                from operating system, it is radically closer to deter-   end optimizations of C language family. Pointer safety
                ministic code generation process. Hence, Rust is com-     is guaranteed with holding Lifetimes. Like type infer-
                pletely decoupled in this perspective. On the other       ence, reference lifetimes can be guessed by Rust com-
                hand, languages like C or C++ depends on header           piled and this is called lifetime elision. Sometimes ex-
                files and libraries through the operating system, lots     plicit lifetime marks are required as references lifetime
                of applications along with various operating system       must be equal or larger than its originating binding.
                distributions and updates might influence the collec-         Concurrency is the core of Rust.      Same owner-
                                                                       2
                ship mechanism applies across threads and Rust offers         audience. Like borrowing a master chefs knife, imper-
                thread safety mostly on compile time. Channel, for           ative paradigm is powerful when used correctly, but
                example, allows data to be send safely across threads        tend to fail because of its destructive nature on global
                if the type satisfy Send Marker trait.     Markers are       data [Oka99].
                Rusts internals to enforce safety rules. Other impor-
                tant markers are Sync, can be shared across threads,
                Sized, type has a known size at compile time. When
                multiple threads need to modify same region of mem-          2.2   Comparing Rust with C and C++
                ory classical lock mechanisms like Mutex or RWLock
                are provided. The key point is locking in Rust works
                on the data itself, not on the code. Software architects     Rust is the remedy for numerous systems program-
                using C++ tries to prevent data race by locking the          ming bugs by design. First one is buffer overflow or
                code itself by design.                                       underflow on arrays. C++ has no bounds checking
                   Awell-known analysis on the cost of software test-        for arrays so writing or reading outside of bounds may
                ing [Pat01] states that if a design error at the specifi-     cause corruption or page fault depending on operation.
                cation phase costs about zero to 10 cents, in the soft-      Rust checks array bounds at runtime because there is
                ware testing phase it costs 1 to 10 dollars. However,        no way to detect array size at compile time. Also Rust
                if the error is found by the eventual user the cost is       does not allow indexing operation with negative argu-
                at least 100 dollars, hence the increase is logarithmic.     ment. Array elements are accessed with Index trait
                To help in reducing the errors, Rust is designed to be       andthis trait is not defined for negative values. At last
                a strong and static language. Dynamic languages suf-         integer overflow remains. Fortunately, Rust checks for
                fer from compiler aid or lack of typing depending on         arithmetic overflows if the number is unsigned. This
                language design. They have low learning curve and            type of corruption is the main source of buffer related
                high portability or embedibility. On the other hand,         attacks for years.
                languages with strong typing such as Rust or Haskell            The second is iterator invalidation.    With C++,
                have higher learning curve but provide superior type         while an iterator is looping over a collection and the
                safety at compiling stage. Compilers are far better at       collection has been modified, this causes the iterator
                catching bugs than human eye. There are also weak            to be invalid. Data is corrupt or iterator goes into
                static languages exist. They offer automatic type con-        an infinite loop depending on operation. With Rust,
                version and this unpredictability causes bugs just like      as the collection is borrowed by the iterator, it can
                dynamic languages. Undefined behaviors have always            not be borrowed mutably by modifier functions like
                been spots for hard to find bugs. For example, C++            Push [Bei15].
                language, unlike Rust, does not define size of its main          The last one is use-after-free memory bugs. High
                integer type, int, or char type can be signed or un-         level languages prevent this kind of error by using
                signed depending on various factors like compiler, op-       garbage collector while Rust has its unique ownership
                erating system or building flags.                             and lifetime semantics to prevent this memory pitfall
                   Charles Petzold described a telegraph relay as a de-      with zero runtime performance cost. Rust also has hy-
                vice that a clicker and a sound magnet connected with        gienic macros and the macros are part of AST trans-
                a stick by lazy operator. Because they were moving           formation [Lig15].
                simultaneously [Pet00]. As it is acceptable for the op-
                erator to make mistakes when hearing the Morse code             Rust has unsafe blocks for non-ideal conditions like
                for a day and clicking the correct dash or dot code          dereferencing raw pointers, type transmute or foreign
                as there is no mechanical aid. Dynamic languages are         function interface. With Rust, there is no possibility
                somehow the same. Compiler support is an example             to cause concurrency failure outside of unsafe block
                for the relay device, with strong type checking, is seri-    even if the design of application is tremendously bad.
                ously important to prevent human errors. Rust takes          Raw pointers are ideal for storing MMIO or interrupt
                this a step forward by providing compile time memory         controller, system tables memory address as they are
                and thread safety. Runtime checks are done only if           stored on constant memory location. C language does
                there is no any other choice, like bound checking for        not prevent pointers to be modified outside of their
                arrays.                                                      lifetime this is a problem with Rust only when unsafe is
                   Rust also have borrowed functional elements from          used. Rust also offers strong foreign function interface
                various languages, for example, Iterators. They are          to C language with Extern keyword and talking to C
                lazily evaluated and offers numbers of higher order           has no runtime performance cost. This makes calling
                functions when an iterator is defined or converted into.      foreign function from EFI is extremely simple with a
                Functional flavor is harder for systems programming           simple binding module.
                                                                          3
                3 Bootloading Basics                                       most importantly runs the system in long mode.
                3.1   Legacy Bootloading                                   3.2   Unified Extensible Firmware Interface
                Bootloaders are responsible for building memory map,             (UEFI)
                finding system tables and launching operating system        EFI specification has been designed by Intel in 1999
                kernel.  For backwards compatibility reasons CPUs          and now it maintained by UEFI consortium that in-
                with x86 architecture used to start in 16-bit real mode    cludes more than 160 companies [ZRM11]. EFI has
                which only has access to 1MB of memory. Typical            lots of modern features such as networking, human in-
                routine of a bootloader should be first enabling higher     terface device support and bootloader driver model.
                memory over A20 gate [Cor16]. Bootloading concepts         It provides safer way to update firmware update with
                heavily relies on chipset specification and BIOS inter-     packages, Capsules, that enforce EEPROM valida-
                rupts.  As they are designed by different hardware          tion [BZ15]. The flowchart of EFI-based bootloading
                vendors, conflicts exist on different systems.      Such     process is shown in Figure 1.
                units have grown organically over years and they have         EFI is built up with numerous modules while boot,
                poorly standardized.                                       runtime and driver modules are mandatory.         Boot
                   Nextstepshouldbeenablingprotectedmode,which             module is the key to generating memory map and lo-
                provides 32-bit addressing and paging. Activation of       cating systems tables. x86 memory model, while de-
                paging is mandatory and also very useful as it provides    pending on memory controller or chipset, has lots of
                separation between kernels and user applications pages     gaps in the memory [YZ15]. These include MMIO,
                in terms of permissions. Also paging is the key for vir-   configuration registers for PCI devices4, legacy timers,
                tual memory along with creation noexecutable pages         video frame buffers or regions belongs to ACPI or
                to prevent runtime code execution from text sections.      interrupt controller tables (reclaimable or not).   As
                Paging is also being used on high level, for example       brute-forcing to generate a memory map is extremely
                guard paging is being used to grow stack when there        unstable, EFI provides the map out of the box. Driver
                is a page fault exception at the end of program stack.     model allows to create drivers for file systems or NIC
                On real mode there is another memory management            devices for richer bootloading environment.      While
                called segmentation. It works by using different selec-     runtime module offers monotonic timers, system time,
                tors for sectioning areas of code and data blocks. After   power supply commands or firmware updating.
                protected mode switch segmentation is now obsolete,           EFI bootloader applications can be developed with
                but at the same time it is still active and has to be      Rust like any other applications uses foreign function
                configured such as it should provide the same flat ad-       interface, but there should be no standard library for
                dressing. Some segment registers are still being used      all types of operating systems. The library of Rust
                in Linux kernel to detect buffer overflow over function      is rich as high level languages. Most of the language
                call return address on stack.                              characteristics provided over standard library and not
                   Lastly, there is long mode with provides 64-bit ad-     embedded into languages itself. Rust binaries should
                dressing in canonical form and removes historical fea-     be linked into a final Portable Executable (PE). PE
                tures like BCD [Cor16]. Different kernels have strict       file format is being used in Windows operating system
                requirements about the state that it is going to be        and offers sectioning along with relocation [Hah14].
                started. There are also various sub-modes like for em-
                ulating real mode interrupts in protected mode, called     4 Designing           EFI-based         Bootloader
                virtual-8086 mode, or emulating complicated driver-             with Rust
                required devices in early modes, called system man-
                agement mode. Between this mode switches interrupt         In order to create an EFI application with Rust, first
                controller must be reconfigured correctly. At the old       Libcore should be compiled for target platform. Lib-
                times real mode interrupts which were invoking appro-      core is the bare-metal subset of Rust standard library
                priate BIOS support were being used in place of device     that has no operating system dependency. A few mem-
                drivers in order to talk to the hardware.                  ory functions are needed to build Libcore, which can
                   As devices became much more complicated operat-         be obtained from Rlibc. It is also possible to use their
                ing systems took over all hardware interaction. BIOS       C counterparts. EFI application, Rlibc library and
                were started to be used as a bootloader firmware. Its       Libcore should be cross-compiled to target system by
                complex nature was such a boredom and also lack in-        correct triplet. Although x86 64-pc-windowsgnu is the
                teraction with modern technology, such as network ac-      most suitable triplet (because of a future PE linkage)
                cess, was led Intel to design EFI specification which       for such a bootloader application, it is not sufficient.
                is a modern platform firmware for bootloading. EFI             There should be a custom target triplet definition
                can run applications just like an operating system and     file in JSON format and it should disable few language
                                                                        4
The words contained in this file might help you see if this file matches what you are looking for:

...Utilizing rust programming language for efi based bootloader design tun c uzlu and ediz s aykol beykent university department of computer engineering ayazaga istanbul turkey tuncuzlu gmail com saykol edu tr in servo mozilla foundations massively parallel web browsing engine which is unique because its concur abstract rent process rendering compositing steps as being a systems has lan ability to operate at the lowest level without any run guage oers memorysafetywithzerocostand time penalty like or cyclone but runtime unlike other plete memory safety these languages guages system pro are crucial criticial gramming mainly used low tasks signal processing also bare metal op such operating erations compo components browsers game engines nents where raw hard critical missions ware access must existing main disadvantages unsafe extremely complicated hav their nature ing on hand considered es high semantics advanced sential embedded mem standard library with modern skill set includ ory availab...

no reviews yet
Please Login to review.