RustInQemu

From QEMU

For the old RustInQemu page, see RustInQemu/2022

Active efforts in 2024

  • Subject: [RFC 0/6] scripts: Rewrite simpletrace printer in Rust
    Date: Mon, 27 May 2024 16:14:15 +0800
    RFC v1
  • ARM PL011 UART device model in Rust
    Subject: [RFC PATCH v1 0/6] Implement ARM PL011 in Rust
    Date: Mon, 10 Jun 2024 21:22:35 +0300
    RFC v1 v2
    • Meson integration
    • Bindings generation

Past efforts

  • [RFC v3 00/32] Rust binding for QAPI and qemu-ga QMP handler examples
    on patchew on lore

Minimum supported version

  • 1.56.0: 2021 edition
  • 1.59.0: const CStr::from_bytes_with_nul_unchecked (needed by cstr crate, see below)
  • 1.64.0: std::ffi::c_* (can use libc or std::os::raw)
  • 1.74.0: Clippy can be configured in Cargo.toml
  • 1.77.0: C string literals, offset_of!

TODO

Before commit wishlist - done:

  • module structure should resemble the C part of the tree?
  • only generate bindings.rs.inc once
  • disabling the cast_ptr_alignment lint is too broad

To do (patch available):

  • update bundled meson to 1.5.0
  • add support for --rustc and RUSTC environment variables
  • remove --no-include-path-detection from bindgen invocation
  • rename subprojects to use Meson 1.5.0+ convention and add meson.override_dependency() call
  • add support for cross compilation of Rust subprojects (native: true for deps of procedural macro crates)
  • fix licenses for Rust subprojects
  • fix cfgs so that proc-macro2 can be compiled with 1.63.0
  • demonstrate patching of subprojects (needed for bilge-impl to support 1.63.0)

After commit:

  • add more safety docs
  • trait to generate all-zero structs without having to type "unsafe { MaybeUninit::zeroed().assume_init() }"
  • use ctor instead of non-portable linker magic, and the cstr crate instead of CStr statics or c""
  • TODO comments when the code is doing potential undefined behavior
  • single cargo workspace for clippy etc.?
  • CI integration
    • clean up lints (see below)
  • lower minimum supported version in QEMU code too (Debian needs 1.63.0)
  • eliminate undefined behavior:

other experiments at https://github.com/bonzini/rust-qemu

  • Generic Rust<->C interop, Error, QOM reference counting
  • Chardev
  • MemoryRegion, SysbusDevice

Ideas for lints without breaking CI

See https://github.com/bonzini/rust-qemu/commit/95b25f7c5f4e2694a85a5503050cc98da7562c7c

  • run clippy as part of "make check", possibly only if Rust is newer than some version (1.74.0 so that clippy can be configured in Cargo.toml?)
  • deny many individual lints, do not deny groups (complexity, perf, style, suspicious) on regular builds. allow unknown_lints.
  • add to CI a fallible job that runs on nightly clippy with -Dclippy::complexity -Dclippy::perf -Dclippy::suspicious -Dclippy::style -Dunknown_lints. the job should generally pass, and if a new lint triggers it probably should be added to Cargo.toml as either "allow" (rare) or "deny" (possibly after adding #[allow()] to the source).

Possible project targets

Miscellanea

- qemu-bridge-helper.c Re-write SUID C executable with useful features.

Devices

- hw/block/pflash_cfi01.c, hw/block/pflash_cfi02.c (claimed, WIP)

- hw/mem/nvdimm.c (suggested by Manos)

- hw/timer/i8254.c (claimed, WIP)