Presentation is loading. Please wait.

Presentation is loading. Please wait.

Rust for Flight Software

Published by윤서 내 Modified over 5 years ago

Similar presentations

Presentation on theme: "Rust for Flight Software"— Presentation transcript:

1 Rust for Flight Software
11th Annual FSW Conference December 2018 Rust for Flight Software

2 Advanced Space exists to support the sustainable exploration, development, and settlement of space.
Projects Mission systems and enabling technology (Moon) Robust and resilient orbital transfers (Security) Interplanetary mission design (Mars) Earth orbit and highly challenging spacecraft navigation Trajectory optimization (chemical & electric) Satellite constellation planning, design, and engineering Spacecraft guidance and avionics Spacecraft autonomy Moon, Mars, satellite

3 Outline What is Rust? Where does Rust shine? Memory management
Error handling Dynamic libraries How have we used Rust? Potential applications

4 What is Rust? Systems programming language
Developed by Mozilla Research, used in Firefox Formally-proven memory safety Prevents segmentation faults and race conditions Efficient C bindings Dynamic library compilation for C linking Leverages the Application Binary Interface (ABI) Debuggable with gdb Zero-cost abstractions and optimized compilation Freely use structs, traits, and clean error handling Reproducible builds, extensive testing tools, and more!

5 Memory management in Rust (1/4)
Rust tries to store every variable on the stack Unless of variable length (like strings and mutable lists), Or explicitly marked as heap-allocated All primitives, and structures thereof, are initialized and sized at compile time Rust uses the concept of ownership of data, which is enforced by the compiler Each value in Rust has a variable that’s called its owner There can only be one owner at a time When the owner goes out of scope, the value will be dropped All variables are read-only unless explicitly stated otherwise

6 Memory management in Rust (2/4)

7 Memory management in Rust (3/4)

8 Memory management in Rust (4/4)
The C code returns an invalid value -- a silent failure Accidently defined invec2 to be of size 2 instead of 3. Even -Wall flag did not notice that we were overwriting stack data Need for static analysis tools Rust allocated on the stack as well Compiler noticed three calls to push on vector v2 Compiler updated stack requirements to fix the programmer error

9 Error handling in Rust (1/2)
Rust introduces a type called Result Represents either a success or a failure Compiler checks that failure case are handled Success and failure are containers for data of any type That data lives in the scope of the error handling Avoids the hazard err_no and use of uninitialized variables

10 Error handling in Rust (2/3)

11 Error handling in Rust (3/3)

12 Dynamic libraries in Rust (1/4)
Benefit from all the advantages of Rust without full rewrites Application Binary Interface enables very low overhead communication Example: Randomly generate two vectors of size three Subtract one from the other and compute the L2 norm Repeat 50 million times Case No external library C library Rust library Execution time (seconds) 5.28 5.30 8.37 Library size (MB) N/A 3.0 2.8

13 Dynamic libraries in Rust (2/4)

14 Dynamic libraries in Rust (3/4)

15 Dynamic libraries in Rust (4/4)

16 How have we used Rust? Core Flight App communication using Protocol Buffers Developed an orbit propagator interface in Rust Developed a set of Protocol Buffer messages Communication between Rust application and cFS App over TCP Advantages Orbit propagator tool developed “ported” to ARM platform without a single change in the code Test suite executed in on a x86_64 environment, but guaranteed to work on ARM as well Only possible for C applications which have an OSAL layer like cFE

17 Potential applications
Flight Software Frameworks Zero-cost abstractions can enable shared traits between applications Procedural macros allow compile-time optimization of routing Memory safeties ensure no race condition happen within the app Verbose yet versatile error handling allow for good readability Platform limitations Many Rust “crates” require the standard library Requires Windows, Linux, MacOS, iOS, Fushia, some *BSD Requires x86, x86_64, PowerPC, most ARM architectures, and some MIPS If standard library not available, Rust can be compiled for “no-std” Requires some customizations, but used in production for telematics

18 Any questions? Chris Rabotin 561-206-2271 rabotin@advancedspace.com

Download ppt "Rust for Flight Software"

Similar presentations

Northwestern University 2007 Winter – EECS 443 Advanced Operating Systems Exokernel: An Operating System Architecture for Application-Level Resource Management.

Northwestern University 2007 Winter – EECS 443 Advanced Operating Systems Exokernel: An Operating System Architecture for Application-Level Resource Management.
Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 10: Buffer Overflow.

Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 10: Buffer Overflow.
Lecture 16 Buffer Overflow modified from slides of Lawrie Brown.

Lecture 16 Buffer Overflow modified from slides of Lawrie Brown.
Breno de MedeirosFlorida State University Fall 2005 Buffer overflow and stack smashing attacks Principles of application software security.

Breno de MedeirosFlorida State University Fall 2005 Buffer overflow and stack smashing attacks Principles of application software security.
CS 326 Programming Languages, Concepts and Implementation Instructor: Mircea Nicolescu Lecture 18.

CS 326 Programming Languages, Concepts and Implementation Instructor: Mircea Nicolescu Lecture 18.
Contiki A Lightweight and Flexible Operating System for Tiny Networked Sensors Presented by: Jeremy Schiff.

Contiki A Lightweight and Flexible Operating System for Tiny Networked Sensors Presented by: Jeremy Schiff.
Names and Bindings Introduction Names Variables The concept of binding Chapter 5-a.

Names and Bindings Introduction Names Variables The concept of binding Chapter 5-a.
1 RISE: Randomization Techniques for Software Security Dawn Song CMU Joint work with Monica Chew (UC Berkeley)

1 RISE: Randomization Techniques for Software Security Dawn Song CMU Joint work with Monica Chew (UC Berkeley)
Operating Systems Concepts 1. A Computer Model An operating system has to deal with the fact that a computer is made up of a CPU, random access memory.

Operating Systems Concepts 1. A Computer Model An operating system has to deal with the fact that a computer is made up of a CPU, random access memory.
Chapter 3 Operating Systems Concepts 1. A Computer Model An operating system has to deal with the fact that a computer is made up of a CPU, random access.

Chapter 3 Operating Systems Concepts 1. A Computer Model An operating system has to deal with the fact that a computer is made up of a CPU, random access.
Chapter 3.1:Operating Systems Concepts 1. A Computer Model An operating system has to deal with the fact that a computer is made up of a CPU, random access.

Chapter 3.1:Operating Systems Concepts 1. A Computer Model An operating system has to deal with the fact that a computer is made up of a CPU, random access.
Previous Next 06/18/2000Shanghai Jiaotong Univ. Computer Science & Engineering Dept. C+J Software Architecture Shanghai Jiaotong University Author: Lu,

Previous Next 06/18/2000Shanghai Jiaotong Univ. Computer Science & Engineering Dept. C+J Software Architecture Shanghai Jiaotong University Author: Lu,
Security Exploiting Overflows. Introduction r See the following link for more info: operating-systems-and-applications-in-

Security Exploiting Overflows. Introduction r See the following link for more info: operating-systems-and-applications-in-
Secure Virtual Architecture John Criswell, Arushi Aggarwal, Andrew Lenharth, Dinakar Dhurjati, and Vikram Adve University of Illinois at Urbana-Champaign.

Secure Virtual Architecture John Criswell, Arushi Aggarwal, Andrew Lenharth, Dinakar Dhurjati, and Vikram Adve University of Illinois at Urbana-Champaign.
Introduction: Exploiting Linux. Basic Concepts Vulnerability A flaw in a system that allows an attacker to do something the designer did not intend,

Introduction: Exploiting Linux. Basic Concepts Vulnerability A flaw in a system that allows an attacker to do something the designer did not intend,
Native Client: A Sandbox for Portable, Untrusted x86 Native Code

Native Client: A Sandbox for Portable, Untrusted x86 Native Code
Old Chapter 10: Programming Tools A Developer’s Candy Store.

Old Chapter 10: Programming Tools A Developer’s Candy Store.
EECS 354 Network Security Reverse Engineering. Introduction Preventing Reverse Engineering Reversing High Level Languages Reversing an ELF Executable.

EECS 354 Network Security Reverse Engineering. Introduction Preventing Reverse Engineering Reversing High Level Languages Reversing an ELF Executable.
Processes and Virtual Memory

Processes and Virtual Memory
Efficient Software-Based Fault Isolation Authors: Robert Wahbe Steven Lucco Thomas E. Anderson Susan L. Graham Presenter: Gregory Netland.

Efficient Software-Based Fault Isolation Authors: Robert Wahbe Steven Lucco Thomas E. Anderson Susan L. Graham Presenter: Gregory Netland.

Similar presentations

Ads by Google