{"guid":"64d3f3f5-5665-4050-ba15-0db530ecc262","title":"Safe and Secure Drivers in High-Level Languages","subtitle":"How to write PCIe drivers in Rust, go, C#, Swift, Haskell, and OCaml","slug":"35c3-9670-safe_and_secure_drivers_in_high-level_languages","link":"https://fahrplan.events.ccc.de/congress/2018/Fahrplan/events/9670.html","description":"Drivers are usually written in C for historical reasons, this can be bad if you want your driver to be safe and secure. We show that it is possible to write low-level drivers for PCIe devices in modern high-level languages.\nWe are working on super-fast user space network drivers for the Intel 82599ES (ixgbe) 10 Gbit/s NICs in different high-level languages. We've got fully working implementations in Rust, C#, go, OCaml, Haskell, and Swift. All of them are written from scratch and require no kernel code.\n\nCheck out \u003ca href=\"https://github.com/ixy-languages/ixy-languages\"\u003eour GitHub page\u003c/a\u003e with links to all implementations, performance measurements, and publications for further reading.\n\nSupposedly modern user space drivers (e.g., DPDK or SPDK) are still being written in C in 2018 :(\n\nThis comes with all the well-known drawbacks of writing things in C that might be prevented by using safer programming languages.\nAlso, did you ever see a kernel panic because a driver did something stupid? It doesn't have to be that way, drivers should not be able to take down the whole system.\n\nThere are three steps to building better drivers:\n\n1. Write them in a safer programming language eliminating whole classes of bugs and security problems like bad memory accesses\n\n2. Isolating them from the rest of the operating system: user space drivers that drop privileges\n\n3. Isolating the hardware using the IOMMU\n\n\nWe show that it is possible to achieve all of these goals for PCIe drivers on Linux by implementing user space network drivers in all of the aforementioned programming languages. Our techniques are transferable to other drivers that would benefit from more modern implementations. \n\nOur drivers in \u003ca href=\"https://github.com/ixy-languages/ixy.rs\"\u003eRust\u003c/a\u003e, \u003ca href=\"https://github.com/ixy-languages/ixy.cs\"\u003eC#\u003c/a\u003e, \u003ca href=\"https://github.com/ixy-languages/ixy.go\"\u003ego\u003c/a\u003e, and \u003ca href=\"https://github.com/ixy-languages/ixy.swift\"\u003eSwift\u003c/a\u003e are completely finished, tuned for performance, evaluated, and benchmarked. And all of them except for Swift are about 80-90% as fast as \u003ca href=\"https://github.com/emmericp/ixy\"\u003eour user space C driver\u003c/a\u003e and 6-10 times faster than the kernel C driver. We also investigate how garbage collectod languages affects the latency of a packet forwarder built on top of our drivers.\n\nWe also got something for fans of functional languages: our implementations in \u003ca href=\"https://github.com/ixy-languages/ixy.ml\"\u003eOCaml\u003c/a\u003e and \u003ca href=\"https://github.com/ixy-languages/ixy.hs\"\u003eHaskell\u003c/a\u003e are working but not yet tuned for performance. We are also working on Python, Java, and Javascript.\nWe take a brief look at Haskell, Swift, OCaml, and C# in the talk and a deeper dive into Rust and Go.\n\nThe talk also features a quick summary from \u003ca href=\"https://media.ccc.de/v/34c3-9159-demystifying_network_cards\"\u003elast year's talk about user space driver basics\u003c/a\u003e, so no previous knowledge is required.\n\n\nAnother thing to take away from this talk is: writing drivers is neither scary nor hard. You can write one in your favorite programming language, so go ahead and try that :)\n\n\n\u003ca href=\"https://media.ccc.de/v/34c3-9159-demystifying_network_cards\"\u003ehttps://media.ccc.de/v/34c3-9159-demystifying_network_cards\u003c/a\u003e\n\n\u003ca href=\"https://github.com/ixy-languages/ixy-languages\"\u003ehttps://github.com/ixy-languages/ixy-languages\u003c/a\u003e","original_language":"eng","persons":["Paul Emmerich","Simon Ellmann","Sebastian Voit"],"tags":["35c3","9670","Resilience"],"view_count":6986,"promoted":false,"date":"2018-12-29T00:00:00.000+01:00","release_date":"2018-12-29T01:00:00.000+01:00","updated_at":"2026-04-02T14:00:09.403+02:00","length":3716,"duration":3716,"thumb_url":"https://static.media.ccc.de/media/congress/2018/9670-hd.jpg","poster_url":"https://static.media.ccc.de/media/congress/2018/9670-hd_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2018/9670-hd.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2018/9670-hd.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/35c3-9670-safe_and_secure_drivers_in_high-level_languages","url":"https://api.media.ccc.de/public/events/64d3f3f5-5665-4050-ba15-0db530ecc262","conference_title":"35C3: Refreshing Memories","conference_url":"https://api.media.ccc.de/public/conferences/35c3","related":[{"event_id":4766,"event_guid":"19b7e5d7-bba7-46da-afbc-f16d43fe395f","weight":79},{"event_id":6381,"event_guid":"c0e4f528-92c7-4170-aff3-d4dd5cd74b2c","weight":81},{"event_id":6385,"event_guid":"9d8d4506-03b2-483d-aee5-d106f0a3eef5","weight":65},{"event_id":6390,"event_guid":"6a5007f4-e7d6-4c63-9a10-26dd48a6eb6c","weight":64},{"event_id":6400,"event_guid":"527b56af-8d56-4edb-9027-9ca60767c742","weight":76},{"event_id":6408,"event_guid":"ffdc92f3-1a39-4931-9409-f8bfabe9f628","weight":64},{"event_id":6409,"event_guid":"a42e5a4f-fd9b-4571-bf17-483978afecb3","weight":44},{"event_id":6411,"event_guid":"42650545-4394-4455-a5f5-9efad111fedc","weight":90},{"event_id":6422,"event_guid":"e8385c89-d33a-42d8-afb6-8ae28fe5c89d","weight":100},{"event_id":6430,"event_guid":"462f9320-3a0e-4785-82de-15343803c2ba","weight":52},{"event_id":6435,"event_guid":"9777cea0-ac06-4274-85db-908c1e87e2f4","weight":66},{"event_id":6474,"event_guid":"f58a2b6d-bde0-483b-a8db-043ea9371cb6","weight":86},{"event_id":6477,"event_guid":"c85de43e-107e-4247-b550-946f376e2ec4","weight":65},{"event_id":6492,"event_guid":"bc545b26-8319-43fb-abc2-f624ef414ee8","weight":105},{"event_id":6493,"event_guid":"2375222b-7dae-4bca-a5b0-aea227ab0d76","weight":148},{"event_id":6499,"event_guid":"a750228d-a37d-43c0-8e2f-d46137a991dc","weight":131},{"event_id":6500,"event_guid":"064a7014-a88c-462a-b06f-7d6de62d622f","weight":7},{"event_id":6502,"event_guid":"e66cded3-7336-42bd-a7c8-d77073465ad2","weight":72},{"event_id":6503,"event_guid":"d0d6d058-f117-4ccb-ba6a-c41d9290a287","weight":123},{"event_id":6507,"event_guid":"787007cf-828d-4409-94b0-90a0b8d727a0","weight":71},{"event_id":6512,"event_guid":"25c54ce3-598c-42ee-8832-52fe9deae7ad","weight":16},{"event_id":6514,"event_guid":"7228f88d-8d6f-40a9-a5dd-b5c91b823ada","weight":5},{"event_id":6515,"event_guid":"4b765099-8cfa-4325-b132-0d9dc9b84267","weight":7},{"event_id":6517,"event_guid":"e77ef54a-5dd7-4be1-80c7-42726b273e6f","weight":17},{"event_id":6519,"event_guid":"5a8097ad-15c2-492e-8bc4-6b634fd8e963","weight":71},{"event_id":6530,"event_guid":"83bf042d-7382-4975-a3f8-92229944b8fc","weight":67},{"event_id":6531,"event_guid":"4fff6281-e452-4d64-bf9a-bc677614776a","weight":103},{"event_id":6535,"event_guid":"a875f05c-5eeb-4478-9e6f-863fc52b8868","weight":86},{"event_id":6536,"event_guid":"0a4a43e0-2b8d-424c-aaa3-101c843de75c","weight":17},{"event_id":6543,"event_guid":"48ed6dea-e67d-4866-8c35-318e9d892363","weight":73},{"event_id":6551,"event_guid":"3a571c21-31ed-453b-886d-7dea7b5751cd","weight":101},{"event_id":6577,"event_guid":"49fe1044-4038-4cec-8e80-71621c9e7d6e","weight":91},{"event_id":6603,"event_guid":"ea00d1e0-a580-415f-a8cf-f02883d939dc","weight":176},{"event_id":6611,"event_guid":"b1b28bd0-5279-4950-8385-9ee8a57187f9","weight":108}],"recordings":[{"size":null,"length":null,"mime_type":"application/x-subrip","language":"eng","filename":"DRAFT_35c3-9670-eng-deu-Safe_and_Secure_Drivers_in_High-Level_Languages.en_DRAFT.srt","state":"todo","folder":"","high_quality":true,"width":null,"height":null,"updated_at":"2024-02-18T17:52:05.751+01:00","recording_url":"https://cdn.media.ccc.de/congress/2018/DRAFT_35c3-9670-eng-deu-Safe_and_Secure_Drivers_in_High-Level_Languages.en_DRAFT.srt","url":"https://api.media.ccc.de/public/recordings/51428","event_url":"https://api.media.ccc.de/public/events/64d3f3f5-5665-4050-ba15-0db530ecc262","conference_url":"https://api.media.ccc.de/public/conferences/35c3"},{"size":354,"length":3716,"mime_type":"video/mp4","language":"eng","filename":"35c3-9670-eng-Safe_and_Secure_Drivers_in_High-Level_Languages.mp4","state":"new","folder":"h264-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2018-12-29T21:16:19.951+01:00","recording_url":"https://cdn.media.ccc.de/congress/2018/h264-hd/35c3-9670-eng-Safe_and_Secure_Drivers_in_High-Level_Languages.mp4","url":"https://api.media.ccc.de/public/recordings/31949","event_url":"https://api.media.ccc.de/public/events/64d3f3f5-5665-4050-ba15-0db530ecc262","conference_url":"https://api.media.ccc.de/public/conferences/35c3"},{"size":354,"length":3716,"mime_type":"video/mp4","language":"deu","filename":"35c3-9670-deu-Safe_and_Secure_Drivers_in_High-Level_Languages.mp4","state":"new","folder":"h264-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2018-12-29T21:16:33.494+01:00","recording_url":"https://cdn.media.ccc.de/congress/2018/h264-hd/35c3-9670-deu-Safe_and_Secure_Drivers_in_High-Level_Languages.mp4","url":"https://api.media.ccc.de/public/recordings/31950","event_url":"https://api.media.ccc.de/public/events/64d3f3f5-5665-4050-ba15-0db530ecc262","conference_url":"https://api.media.ccc.de/public/conferences/35c3"},{"size":473,"length":3716,"mime_type":"video/mp4","language":"eng-deu","filename":"35c3-9670-eng-deu-Safe_and_Secure_Drivers_in_High-Level_Languages_hd.mp4","state":"new","folder":"h264-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2018-12-29T21:16:48.168+01:00","recording_url":"https://cdn.media.ccc.de/congress/2018/h264-hd/35c3-9670-eng-deu-Safe_and_Secure_Drivers_in_High-Level_Languages_hd.mp4","url":"https://api.media.ccc.de/public/recordings/31951","event_url":"https://api.media.ccc.de/public/events/64d3f3f5-5665-4050-ba15-0db530ecc262","conference_url":"https://api.media.ccc.de/public/conferences/35c3"},{"size":180,"length":3716,"mime_type":"video/mp4","language":"eng-deu","filename":"35c3-9670-eng-deu-Safe_and_Secure_Drivers_in_High-Level_Languages_hd-slides.mp4","state":"new","folder":"slides-h264-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2018-12-29T21:17:42.936+01:00","recording_url":"https://cdn.media.ccc.de/congress/2018/slides-h264-hd/35c3-9670-eng-deu-Safe_and_Secure_Drivers_in_High-Level_Languages_hd-slides.mp4","url":"https://api.media.ccc.de/public/recordings/31952","event_url":"https://api.media.ccc.de/public/events/64d3f3f5-5665-4050-ba15-0db530ecc262","conference_url":"https://api.media.ccc.de/public/conferences/35c3"},{"size":56,"length":3716,"mime_type":"audio/mpeg","language":"eng","filename":"35c3-9670-eng-Safe_and_Secure_Drivers_in_High-Level_Languages_mp3.mp3","state":"new","folder":"mp3","high_quality":false,"width":0,"height":0,"updated_at":"2018-12-29T21:19:38.258+01:00","recording_url":"https://cdn.media.ccc.de/congress/2018/mp3/35c3-9670-eng-Safe_and_Secure_Drivers_in_High-Level_Languages_mp3.mp3","url":"https://api.media.ccc.de/public/recordings/31954","event_url":"https://api.media.ccc.de/public/events/64d3f3f5-5665-4050-ba15-0db530ecc262","conference_url":"https://api.media.ccc.de/public/conferences/35c3"},{"size":39,"length":3716,"mime_type":"audio/opus","language":"eng","filename":"35c3-9670-eng-Safe_and_Secure_Drivers_in_High-Level_Languages_opus.opus","state":"new","folder":"opus","high_quality":false,"width":0,"height":0,"updated_at":"2018-12-29T21:20:07.252+01:00","recording_url":"https://cdn.media.ccc.de/congress/2018/opus/35c3-9670-eng-Safe_and_Secure_Drivers_in_High-Level_Languages_opus.opus","url":"https://api.media.ccc.de/public/recordings/31955","event_url":"https://api.media.ccc.de/public/events/64d3f3f5-5665-4050-ba15-0db530ecc262","conference_url":"https://api.media.ccc.de/public/conferences/35c3"},{"size":196,"length":3716,"mime_type":"video/mp4","language":"eng-deu","filename":"35c3-9670-eng-deu-Safe_and_Secure_Drivers_in_High-Level_Languages_sd.mp4","state":"new","folder":"h264-sd","high_quality":false,"width":720,"height":576,"updated_at":"2018-12-30T00:35:17.051+01:00","recording_url":"https://cdn.media.ccc.de/congress/2018/h264-sd/35c3-9670-eng-deu-Safe_and_Secure_Drivers_in_High-Level_Languages_sd.mp4","url":"https://api.media.ccc.de/public/recordings/32018","event_url":"https://api.media.ccc.de/public/events/64d3f3f5-5665-4050-ba15-0db530ecc262","conference_url":"https://api.media.ccc.de/public/conferences/35c3"},{"size":301,"length":3716,"mime_type":"video/webm","language":"eng-deu","filename":"35c3-9670-eng-deu-Safe_and_Secure_Drivers_in_High-Level_Languages_webm-sd.webm","state":"new","folder":"webm-sd","high_quality":false,"width":720,"height":576,"updated_at":"2018-12-30T00:58:21.358+01:00","recording_url":"https://cdn.media.ccc.de/congress/2018/webm-sd/35c3-9670-eng-deu-Safe_and_Secure_Drivers_in_High-Level_Languages_webm-sd.webm","url":"https://api.media.ccc.de/public/recordings/32060","event_url":"https://api.media.ccc.de/public/events/64d3f3f5-5665-4050-ba15-0db530ecc262","conference_url":"https://api.media.ccc.de/public/conferences/35c3"},{"size":718,"length":3716,"mime_type":"video/webm","language":"eng-deu","filename":"35c3-9670-eng-deu-Safe_and_Secure_Drivers_in_High-Level_Languages_webm-hd.webm","state":"new","folder":"webm-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2018-12-30T01:02:34.862+01:00","recording_url":"https://cdn.media.ccc.de/congress/2018/webm-hd/35c3-9670-eng-deu-Safe_and_Secure_Drivers_in_High-Level_Languages_webm-hd.webm","url":"https://api.media.ccc.de/public/recordings/32066","event_url":"https://api.media.ccc.de/public/events/64d3f3f5-5665-4050-ba15-0db530ecc262","conference_url":"https://api.media.ccc.de/public/conferences/35c3"}]}