From: Juan Quintela <quintela@redhat.com>
To: Stefan Hajnoczi <stefanha@gmail.com>
Cc: Peter Maydell <peter.maydell@linaro.org>,
QEMU Developer <qemu-devel@nongnu.org>,
KVM devel mailing list <kvm@vger.kernel.org>
Subject: Re: KVM call for 2017-03-14
Date: Tue, 14 Mar 2017 09:53:17 +0100 [thread overview]
Message-ID: <871su0utmq.fsf@secure.mitica> (raw)
In-Reply-To: <20170314081312.GB13140@stefanha-x1.localdomain> (Stefan Hajnoczi's message of "Tue, 14 Mar 2017 16:13:12 +0800")
Stefan Hajnoczi <stefanha@gmail.com> wrote:
>> - on the "VM support" side, QEMU is more used because it's the only
>> production-quality option in this space, rather than because its
>> users love it. (cf the Google choice to replace it.) It's also got
>> a pretty poor security record. It wouldn't be too surprising if
>> some time in the next five years somebody writes a replacement in
>> a safer language (perhaps also targeting only the VM support role)
>> and it got enough mindshare and takeup to eclipse QEMU.
>> [Is it too early/daft to think about prototyping being able to
>> write QEMU device emulation in Rust ?]
>
> We can move to a safer language starting with the device emulation
> layer. Keep the rest in C for now. Use a language that has good C
> interoperability or a convenient foreign function interface.
>
> Start writing new device models in the new language. Convert existing
> devices if they are good candidates, like the e1000 NIC emulation.
>
> The minimum requirements for the new language:
> 1. Does it support the host operating systems that QEMU runs on?
> 2. Does it support the host architectures that QEMU runs on?
> 3. Is it safer than C even when writing code to operate on guest RAM
> (i.e. it's no good if you must use unsafe primitives to do the
> systems programming tasks that QEMU requires)?
> 4. Is C interoperability convenient and high performance?
That is one approach. Other is to move to a "safer" language the parts
that are not performance sensitive. Our command line parsing and device
object done is C just make things much, much worse for no gain. A
language better for dealing with strings and things like that?
Later, Juan.
PD. And before anyone asked, a language that is not able to get right:
a = "hello"
b = "world"
c = a + " " + b
(put any syntax you like) without having to wonder about memory
allocation, sizes, etc is not really valid to work with strings IMHO.
WARNING: multiple messages have this Message-ID (diff)
From: Juan Quintela <quintela@redhat.com>
To: Stefan Hajnoczi <stefanha@gmail.com>
Cc: Peter Maydell <peter.maydell@linaro.org>,
QEMU Developer <qemu-devel@nongnu.org>,
KVM devel mailing list <kvm@vger.kernel.org>
Subject: Re: [Qemu-devel] KVM call for 2017-03-14
Date: Tue, 14 Mar 2017 09:53:17 +0100 [thread overview]
Message-ID: <871su0utmq.fsf@secure.mitica> (raw)
In-Reply-To: <20170314081312.GB13140@stefanha-x1.localdomain> (Stefan Hajnoczi's message of "Tue, 14 Mar 2017 16:13:12 +0800")
Stefan Hajnoczi <stefanha@gmail.com> wrote:
>> - on the "VM support" side, QEMU is more used because it's the only
>> production-quality option in this space, rather than because its
>> users love it. (cf the Google choice to replace it.) It's also got
>> a pretty poor security record. It wouldn't be too surprising if
>> some time in the next five years somebody writes a replacement in
>> a safer language (perhaps also targeting only the VM support role)
>> and it got enough mindshare and takeup to eclipse QEMU.
>> [Is it too early/daft to think about prototyping being able to
>> write QEMU device emulation in Rust ?]
>
> We can move to a safer language starting with the device emulation
> layer. Keep the rest in C for now. Use a language that has good C
> interoperability or a convenient foreign function interface.
>
> Start writing new device models in the new language. Convert existing
> devices if they are good candidates, like the e1000 NIC emulation.
>
> The minimum requirements for the new language:
> 1. Does it support the host operating systems that QEMU runs on?
> 2. Does it support the host architectures that QEMU runs on?
> 3. Is it safer than C even when writing code to operate on guest RAM
> (i.e. it's no good if you must use unsafe primitives to do the
> systems programming tasks that QEMU requires)?
> 4. Is C interoperability convenient and high performance?
That is one approach. Other is to move to a "safer" language the parts
that are not performance sensitive. Our command line parsing and device
object done is C just make things much, much worse for no gain. A
language better for dealing with strings and things like that?
Later, Juan.
PD. And before anyone asked, a language that is not able to get right:
a = "hello"
b = "world"
c = a + " " + b
(put any syntax you like) without having to wonder about memory
allocation, sizes, etc is not really valid to work with strings IMHO.
next prev parent reply other threads:[~2017-03-14 8:53 UTC|newest]
Thread overview: 49+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-03-12 20:45 KVM call for 2017-03-14 Juan Quintela
2017-03-12 20:45 ` [Qemu-devel] " Juan Quintela
2017-03-13 10:02 ` Peter Maydell
2017-03-13 12:50 ` Alex Bennée
2017-03-13 14:12 ` Juan Quintela
2017-03-13 14:12 ` [Qemu-devel] " Juan Quintela
2017-03-13 14:17 ` Peter Maydell
2017-03-13 14:17 ` [Qemu-devel] " Peter Maydell
2017-03-14 8:03 ` Stefan Hajnoczi
2017-03-14 8:13 ` Stefan Hajnoczi
2017-03-14 8:37 ` Peter Maydell
2017-03-14 8:59 ` Juan Quintela
2017-03-14 8:59 ` [Qemu-devel] " Juan Quintela
2017-03-14 10:56 ` Peter Maydell
2017-03-14 10:56 ` [Qemu-devel] " Peter Maydell
2017-03-15 8:39 ` Christian Borntraeger
2017-03-15 8:39 ` [Qemu-devel] " Christian Borntraeger
2017-03-15 10:29 ` Greg Kurz
2017-03-15 11:25 ` Laurent Vivier
2017-03-15 11:25 ` Laurent Vivier
2017-03-15 16:35 ` Greg Kurz
2017-03-14 16:01 ` Dr. David Alan Gilbert
2017-03-14 16:20 ` Daniel P. Berrange
2017-03-14 16:54 ` Obsolete QEMU host environments (was: Re: KVM call for 2017-03-14) Thomas Huth
2017-03-14 16:54 ` [Qemu-devel] " Thomas Huth
2017-03-14 17:07 ` Peter Maydell
2017-03-14 17:07 ` [Qemu-devel] " Peter Maydell
2017-03-14 21:09 ` Obsolete QEMU host environments Richard Henderson
2017-03-14 21:09 ` [Qemu-devel] " Richard Henderson
2017-03-15 9:40 ` Daniel P. Berrange
2017-03-15 9:40 ` [Qemu-devel] " Daniel P. Berrange
2017-03-15 10:02 ` Thomas Huth
2017-03-15 10:02 ` [Qemu-devel] " Thomas Huth
2017-03-15 15:46 ` Aurelien Jarno
2017-03-15 15:46 ` [Qemu-devel] " Aurelien Jarno
2017-03-14 17:14 ` [Qemu-devel] KVM call for 2017-03-14 Paolo Bonzini
2017-03-14 17:18 ` Peter Maydell
2017-03-14 17:29 ` Dr. David Alan Gilbert
2017-03-15 8:30 ` Gerd Hoffmann
2017-03-14 9:33 ` Markus Armbruster
2017-03-14 8:53 ` Juan Quintela [this message]
2017-03-14 8:53 ` Juan Quintela
2017-03-14 10:39 ` Peter Maydell
2017-03-14 10:44 ` Paolo Bonzini
2017-03-14 9:24 ` Thomas Huth
2017-03-14 10:13 ` Kevin Wolf
2017-03-14 12:20 ` Markus Armbruster
2017-03-14 12:35 ` Kevin Wolf
2017-03-14 10:32 ` Peter Maydell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=871su0utmq.fsf@secure.mitica \
--to=quintela@redhat.com \
--cc=kvm@vger.kernel.org \
--cc=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
--cc=stefanha@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.