Is Rust gaining any traction for system-level programming? When I heard that there was now a memory-safe thread-safe language without a GC, my immediate thought was "Every OS from now on should be written in this thing".
Do you know of any discussion of rewriting parts of existing micro-kernels in Rust? There's lots of nuts and bolts details I don't know, but it seems like having OS components as separate services/processes would provide a nice way to start phasing out C/C++ and phasing in Rust.
MINIX 3 or OC.L4 would be candidates. QNX could use it as an extra differentiator. For now, the only things like that that I recall off top of head are Muen done with provably safe SPARK language and Redox done in Rust language.
There's Redox, which is progressing nicely, already boots in a VM and on some real hardware, and has a GUI and networking, and is intended to be a real general purpose OS someday.
There's also intermezzOS, which is a (still being written) "build-your-own-OS" tutorial project that uses Rust.
It's also worth noting that Rust isn't magic and especially when doing very low-level stuff the use of unsafe blocks is unavoidable. On the other hand, by isolating unsafe behavior you know where it is and can test it very carefully and keep it as contained as possible.
As more people use Rust and we see all the cases where unsafe is typically used, could more unsafe code patterns be formalized as safe code?
Are there any situations where unsafe code cannot be avoided at all, where there exists a program-theory proof that unsafe code must be used?
If it's for performance reasons, then a new safe language construct could be introduced to replace it - such as how a safe range-based loop eliminates the need for bounds-checking with fixed-length arrays.
For many uses this is already happening, but for writing an OS, there's no getting around the fact that you're going to need to, say, write to or read from a specific hard-coded memory address that, for a given platform, is magically mapped to a hardware register. That's always going to be unsafe. Certainly, though, Rust lets you sequester that kind of code away and isolate it from things that can be expressed safely.
I'll add that there's already tooling in Frama-C, SPARK Ada, and some proof assistants to prove safety of some of those operations. So, if they can't be safe, then a mock-up of them can be done in something that can prove their safety externally with proven component integrated into Rust. Eventually Rust itself might have such a capability but the external tools can work intermediate.
Not an OS, but Mozilla is rapidly updating pieces of Firefox with Rust (with lots of ideas & code coming from Servo). And while browsers don't necessarily match the complexity of modern operating systems, I think that having Rust be part of something as complex as a browser will be good for Rust and systems programming.
The problem is systems software is hard and takes awhile.
While HTML/CSS/JavaScript have historic oddities these only go back 15-20 years. x86/IBMPC legacy has 40years of horrible decisions burned into it.
To that end there is a lot of progress in the systems world, but core infrastructure isn't something you just rewrite/replace overnight.
* Redox is a full micro-kernel OS from scratch [1]
* Rustls is a TLSv1.3 compliant server [2]
* Ring is _mostly_ Rust (uses some C for where Rust doesn't work) [3]
* Subtle is consistent time library for building crypto libraries with [4]
* An entire webbrowser (well the JS is still C++) [5]
* A terminal emulator [6]
* A grep replacement [7]
* A non feature complete tar archiver that supports gzip, bzip2, xz, zstd, brotli, and lz4 [8]
The real challenge is Rust has been _released_ for 2 years now. C is approaching 50 years old. C/C++ has _a lot_ of momentum, history, and existent libraries.
