How to rewrite the OS using C by strong type

How to rewrite the OS using C by strong type

How to rewrite the OS using C by strong type

How to rewrite the OS using C by strong type

How to rewrite the OS using C by strong type

Metasepi Project / Kiwamu OkabeMetasepi Project / Kiwamu OkabeMetasepi Project / Kiwamu OkabeMetasepi Project / Kiwamu OkabeMetasepi Project / Kiwamu Okabe

Who am I?Who am I?Who am I?Who am I?Who am I?

☆ http://www.masterq.net/☆ http://www.masterq.net/☆ http://www.masterq.net/☆ http://www.masterq.net/☆ http://www.masterq.net/

☆ Organizer of Metasepi Project☆ Organizer of Metasepi Project☆ Organizer of Metasepi Project☆ Organizer of Metasepi Project☆ Organizer of Metasepi Project

☆ A developer of Ajhc Haskell compiler☆ A developer of Ajhc Haskell compiler☆ A developer of Ajhc Haskell compiler☆ A developer of Ajhc Haskell compiler☆ A developer of Ajhc Haskell compiler

☆ A Debian Maintainer☆ A Debian Maintainer☆ A Debian Maintainer☆ A Debian Maintainer☆ A Debian Maintainer

☆ 10 years' experience in developing OS using NetBSD☆ 10 years' experience in developing OS using NetBSD☆ 10 years' experience in developing OS using NetBSD☆ 10 years' experience in developing OS using NetBSD☆ 10 years' experience in developing OS using NetBSD

AgendaAgendaAgendaAgendaAgenda

☆ [1] Problems of OS using C☆ [1] Problems of OS using C☆ [1] Problems of OS using C☆ [1] Problems of OS using C☆ [1] Problems of OS using C

☆ [2] Type safety☆ [2] Type safety☆ [2] Type safety☆ [2] Type safety☆ [2] Type safety

☆ [3] Existing OS using strong type☆ [3] Existing OS using strong type☆ [3] Existing OS using strong type☆ [3] Existing OS using strong type☆ [3] Existing OS using strong type

☆ [4] Snatch-driven development☆ [4] Snatch-driven development☆ [4] Snatch-driven development☆ [4] Snatch-driven development☆ [4] Snatch-driven development

☆ [5] Demo☆ [5] Demo☆ [5] Demo☆ [5] Demo☆ [5] Demo

☆ [6] Case study of Snatch☆ [6] Case study of Snatch☆ [6] Case study of Snatch☆ [6] Case study of Snatch☆ [6] Case study of Snatch

☆ [7] Future work☆ [7] Future work☆ [7] Future work☆ [7] Future work☆ [7] Future work

[1] Problems of OS using C[1] Problems of OS using C[1] Problems of OS using C[1] Problems of OS using C[1] Problems of OS using C

☆ Most OS uses C language☆ Most OS uses C language☆ Most OS uses C language☆ Most OS uses C language☆ Most OS uses C language

☆ C is good for system programming☆ C is good for system programming☆ C is good for system programming☆ C is good for system programming☆ C is good for system programming

☆ But C occurs many problems☆ But C occurs many problems☆ But C occurs many problems☆ But C occurs many problems☆ But C occurs many problems

Buffer overrunBuffer overrunBuffer overrunBuffer overrunBuffer overrun

☆ Pointer to array doesn't know the length☆ Pointer to array doesn't know the length☆ Pointer to array doesn't know the length☆ Pointer to array doesn't know the length☆ Pointer to array doesn't know the length

Page fault in kernelPage fault in kernelPage fault in kernelPage fault in kernelPage fault in kernel

☆ Page fault in user space => SEGV☆ Page fault in user space => SEGV☆ Page fault in user space => SEGV☆ Page fault in user space => SEGV☆ Page fault in user space => SEGV

☆ Page fault in kernel space => Halt!☆ Page fault in kernel space => Halt!☆ Page fault in kernel space => Halt!☆ Page fault in kernel space => Halt!☆ Page fault in kernel space => Halt!

Weak typeWeak typeWeak typeWeak typeWeak type

☆ Great use of (void *) type☆ Great use of (void *) type☆ Great use of (void *) type☆ Great use of (void *) type☆ Great use of (void *) type

☆ NetBSD kernel uses 45130 times!☆ NetBSD kernel uses 45130 times!☆ NetBSD kernel uses 45130 times!☆ NetBSD kernel uses 45130 times!☆ NetBSD kernel uses 45130 times!$ pwd/home/kiwamu/src/netbsd/sys$ grep "void \*" `find . -name "*.c"` | wc -l45130

$ pwd/home/kiwamu/src/netbsd/sys$ grep "void \*" `find . -name "*.c"` | wc -l45130

$ pwd/home/kiwamu/src/netbsd/sys$ grep "void \*" `find . -name "*.c"` | wc -l45130

$ pwd/home/kiwamu/src/netbsd/sys$ grep "void \*" `find . -name "*.c"` | wc -l45130

$ pwd/home/kiwamu/src/netbsd/sys$ grep "void \*" `find . -name "*.c"` | wc -l45130

☆ No choice but to use weak type for flexibility☆ No choice but to use weak type for flexibility☆ No choice but to use weak type for flexibility☆ No choice but to use weak type for flexibility☆ No choice but to use weak type for flexibility

[2] Type safety[2] Type safety[2] Type safety[2] Type safety[2] Type safety

☆ Get less runtime errors☆ Get less runtime errors☆ Get less runtime errors☆ Get less runtime errors☆ Get less runtime errors

Avoid buffer overrunAvoid buffer overrunAvoid buffer overrunAvoid buffer overrunAvoid buffer overrun

Strong type avoids buffer overrun.Strong type avoids buffer overrun.Strong type avoids buffer overrun.Strong type avoids buffer overrun.Strong type avoids buffer overrun.

Avoid page fault in kernelAvoid page fault in kernelAvoid page fault in kernelAvoid page fault in kernelAvoid page fault in kernel

Only touch the area constructed.Only touch the area constructed.Only touch the area constructed.Only touch the area constructed.Only touch the area constructed.

Flexibility without weak typeFlexibility without weak typeFlexibility without weak typeFlexibility without weak typeFlexibility without weak type

☆ Algebraic data type☆ Algebraic data type☆ Algebraic data type☆ Algebraic data type☆ Algebraic data typedata Node = Leaf Integer | Branch Node Nodedata Node = Leaf Integer | Branch Node Nodedata Node = Leaf Integer | Branch Node Nodedata Node = Leaf Integer | Branch Node Nodedata Node = Leaf Integer | Branch Node Node

☆ Type class☆ Type class☆ Type class☆ Type class☆ Type classclass Functor f where fmap :: (a -> b) -> f a -> f binstance Functor [] where fmap f (x:xs) = f x : fmap f xs fmap f [] = []instance Functor Maybe where fmap _ Nothing = Nothing fmap f (Just x) = Just (f x)

class Functor f where fmap :: (a -> b) -> f a -> f binstance Functor [] where fmap f (x:xs) = f x : fmap f xs fmap f [] = []instance Functor Maybe where fmap _ Nothing = Nothing fmap f (Just x) = Just (f x)

class Functor f where fmap :: (a -> b) -> f a -> f binstance Functor [] where fmap f (x:xs) = f x : fmap f xs fmap f [] = []instance Functor Maybe where fmap _ Nothing = Nothing fmap f (Just x) = Just (f x)

class Functor f where fmap :: (a -> b) -> f a -> f binstance Functor [] where fmap f (x:xs) = f x : fmap f xs fmap f [] = []instance Functor Maybe where fmap _ Nothing = Nothing fmap f (Just x) = Just (f x)

class Functor f where fmap :: (a -> b) -> f a -> f binstance Functor [] where

fmap f (x:xs) = f x : fmap f xsfmap f [] = []

instance Functor Maybe wherefmap _ Nothing = Nothingfmap f (Just x) = Just (f x)

☆ Type inference☆ Type inference☆ Type inference☆ Type inference☆ Type inference

Kernel needs strong typeKernel needs strong typeKernel needs strong typeKernel needs strong typeKernel needs strong type

☆ IoT：Internet of Things☆ IoT：Internet of Things☆ IoT：Internet of Things☆ IoT：Internet of Things☆ IoT：Internet of Things

☆ Poor hardware, and Rich feature☆ Poor hardware, and Rich feature☆ Poor hardware, and Rich feature☆ Poor hardware, and Rich feature☆ Poor hardware, and Rich feature

☆ Many custom requests shower kernel☆ Many custom requests shower kernel☆ Many custom requests shower kernel☆ Many custom requests shower kernel☆ Many custom requests shower kernel

☆ Strong type is needed by kernel rather than application on user space☆ Strong type is needed by kernel rather than application on user space☆ Strong type is needed by kernel rather than application on user space☆ Strong type is needed by kernel rather than application on user space☆ Strong type is needed by kernel rather than application on user space

[3] Existing OS using strong type[3] Existing OS using strong type[3] Existing OS using strong type[3] Existing OS using strong type[3] Existing OS using strong type

Alreadly we have.Alreadly we have.Alreadly we have.Alreadly we have.Alreadly we have.

☆ Funk☆ Funk☆ Funk☆ Funk☆ Funkhttp://home.gna.org/funk/http://home.gna.org/funk/http://home.gna.org/funk/http://home.gna.org/funk/http://home.gna.org/funk/

☆ snowflake-os☆ snowflake-os☆ snowflake-os☆ snowflake-os☆ snowflake-oshttps://code.google.com/p/snowflake-os/https://code.google.com/p/snowflake-os/https://code.google.com/p/snowflake-os/https://code.google.com/p/snowflake-os/https://code.google.com/p/snowflake-os/

☆ House☆ House☆ House☆ House☆ Househttp://programatica.cs.pdx.edu/House/http://programatica.cs.pdx.edu/House/http://programatica.cs.pdx.edu/House/http://programatica.cs.pdx.edu/House/http://programatica.cs.pdx.edu/House/

Why isn't it for daily use?Why isn't it for daily use?Why isn't it for daily use?Why isn't it for daily use?Why isn't it for daily use?

Poor design and less functionsPoor design and less functionsPoor design and less functionsPoor design and less functionsPoor design and less functions

☆ Design from scratch☆ Design from scratch☆ Design from scratch☆ Design from scratch☆ Design from scratch

☆ Polling interrupt☆ Polling interrupt☆ Polling interrupt☆ Polling interrupt☆ Polling interrupt

☆ Not have bus driver☆ Not have bus driver☆ Not have bus driver☆ Not have bus driver☆ Not have bus driver

☆ Support less devices☆ Support less devices☆ Support less devices☆ Support less devices☆ Support less devices

☆ Only for x86☆ Only for x86☆ Only for x86☆ Only for x86☆ Only for x86

☆ Can't run Firefox☆ Can't run Firefox☆ Can't run Firefox☆ Can't run Firefox☆ Can't run Firefox

No compatible POSIXNo compatible POSIXNo compatible POSIXNo compatible POSIXNo compatible POSIX

[4] Snatch-driven development[4] Snatch-driven development[4] Snatch-driven development[4] Snatch-driven development[4] Snatch-driven development

Rewrite kernel using C with strong type by little and little.Rewrite kernel using C with strong type by little and little.Rewrite kernel using C with strong type by little and little.Rewrite kernel using C with strong type by little and little.Rewrite kernel using C with strong type by little and little.

UNIX like OS needs reentrantUNIX like OS needs reentrantUNIX like OS needs reentrantUNIX like OS needs reentrantUNIX like OS needs reentrant

Strong type OS uses polling intrStrong type OS uses polling intrStrong type OS uses polling intrStrong type OS uses polling intrStrong type OS uses polling intr

Ajhc Haskell compilerAjhc Haskell compilerAjhc Haskell compilerAjhc Haskell compilerAjhc Haskell compiler

Context can run without lock.Context can run without lock.Context can run without lock.Context can run without lock.Context can run without lock.

[5] Demo[5] Demo[5] Demo[5] Demo[5] Demo

The proof of the pudding is in the eating.The proof of the pudding is in the eating.The proof of the pudding is in the eating.The proof of the pudding is in the eating.The proof of the pudding is in the eating.

MCU app without OS #1MCU app without OS #1MCU app without OS #1MCU app without OS #1MCU app without OS #1https://github.com/ajhc/demo-cortex-m3https://github.com/ajhc/demo-cortex-m3https://github.com/ajhc/demo-cortex-m3https://github.com/ajhc/demo-cortex-m3https://github.com/ajhc/demo-cortex-m3

MCU app without OS #2MCU app without OS #2MCU app without OS #2MCU app without OS #2MCU app without OS #2

Memory mapMemory mapMemory mapMemory mapMemory map

MCU app with OSMCU app with OSMCU app with OSMCU app with OSMCU app with OShttps://github.com/ajhc/demo-cortex-m3https://github.com/ajhc/demo-cortex-m3https://github.com/ajhc/demo-cortex-m3https://github.com/ajhc/demo-cortex-m3https://github.com/ajhc/demo-cortex-m3

[6] Case study of Snatch[6] Case study of Snatch[6] Case study of Snatch[6] Case study of Snatch[6] Case study of Snatch

We found some idioms that are useful to rewrite C language with Haskell.We found some idioms that are useful to rewrite C language with Haskell.We found some idioms that are useful to rewrite C language with Haskell.We found some idioms that are useful to rewrite C language with Haskell.We found some idioms that are useful to rewrite C language with Haskell.

Idiom1: Call functionIdiom1: Call functionIdiom1: Call functionIdiom1: Call functionIdiom1: Call function

C and Haskell call with each other.C and Haskell call with each other.C and Haskell call with each other.C and Haskell call with each other.C and Haskell call with each other.

Idiom2: Read/Write memoryIdiom2: Read/Write memoryIdiom2: Read/Write memoryIdiom2: Read/Write memoryIdiom2: Read/Write memory

Haskell can read/write memory directly.Haskell can read/write memory directly.Haskell can read/write memory directly.Haskell can read/write memory directly.Haskell can read/write memory directly.

Idiom3: Read/Write structIdiom3: Read/Write structIdiom3: Read/Write structIdiom3: Read/Write structIdiom3: Read/Write struct

Read structs chained with pointer.Read structs chained with pointer.Read structs chained with pointer.Read structs chained with pointer.Read structs chained with pointer.

Idiom4: Foreign PrimitivesIdiom4: Foreign PrimitivesIdiom4: Foreign PrimitivesIdiom4: Foreign PrimitivesIdiom4: Foreign Primitives

Directly insert the text following const.Directly insert the text following const.Directly insert the text following const.Directly insert the text following const.Directly insert the text following const.

[7] Future work[7] Future work[7] Future work[7] Future work[7] Future work

☆ Benchmark☆ Benchmark☆ Benchmark☆ Benchmark☆ Benchmark

☆ Pointer combinator☆ Pointer combinator☆ Pointer combinator☆ Pointer combinator☆ Pointer combinator

☆ Share state between contexts☆ Share state between contexts☆ Share state between contexts☆ Share state between contexts☆ Share state between contexts

☆ Porting libraries running on GHC☆ Porting libraries running on GHC☆ Porting libraries running on GHC☆ Porting libraries running on GHC☆ Porting libraries running on GHC

☆ Debug method☆ Debug method☆ Debug method☆ Debug method☆ Debug method

☆ Fix many bugs☆ Fix many bugs☆ Fix many bugs☆ Fix many bugs☆ Fix many bugs

Try to use the other languageTry to use the other languageTry to use the other languageTry to use the other languageTry to use the other language

☆ ATS☆ ATS☆ ATS☆ ATS☆ ATS

http://www.ats-lang.org/http://www.ats-lang.org/http://www.ats-lang.org/http://www.ats-lang.org/http://www.ats-lang.org/

JATS-UG - Japan ATS User GroupJATS-UG - Japan ATS User GroupJATS-UG - Japan ATS User GroupJATS-UG - Japan ATS User GroupJATS-UG - Japan ATS User Group

http://jats-ug.metasepi.org/http://jats-ug.metasepi.org/http://jats-ug.metasepi.org/http://jats-ug.metasepi.org/http://jats-ug.metasepi.org/

☆ Rust☆ Rust☆ Rust☆ Rust☆ Rust

http://www.rust-lang.org/http://www.rust-lang.org/http://www.rust-lang.org/http://www.rust-lang.org/http://www.rust-lang.org/

Workshop at NagoyaWorkshop at NagoyaWorkshop at NagoyaWorkshop at NagoyaWorkshop at Nagoya

☆ Functional MCU programing workshop at Nagoya☆ Functional MCU programing workshop at Nagoya☆ Functional MCU programing workshop at Nagoya☆ Functional MCU programing workshop at Nagoya☆ Functional MCU programing workshop at Nagoya

☆ Meeting minutes☆ Meeting minutes☆ Meeting minutes☆ Meeting minutes☆ Meeting minuteshttp://metasepi.org/posts/2014-01-05-mbed_fp_0.htmlhttp://metasepi.org/posts/2014-01-05-mbed_fp_0.htmlhttp://metasepi.org/posts/2014-01-05-mbed_fp_0.htmlhttp://metasepi.org/posts/2014-01-05-mbed_fp_0.htmlhttp://metasepi.org/posts/2014-01-05-mbed_fp_0.html