Performance is basically the same (in microbenchmarks), they went as far as preserving the use of red black trees for an apples to apples comparison, but it’s going to improve security as binder runs inside every process.

That means binder is going to join Asahi graphics, the Android Bluetooth stack, and puzzlefs in the serious drivers written in Rust club.

  • StarDreamer@lemmy.blahaj.zone
    link
    fedilink
    English
    arrow-up
    9
    ·
    edit-2
    1 year ago

    Having one program (process) talk to another is dangerous. Think of a stranger trying to come over to me and deliver a message. There’s no way I can guarantee that he isn’t planning to stab me as soon as he sees me.

    That’s why we have special mechanisms for programs talking to other programs. Instead of having the stranger deliver the message directly to me, our mutual friend Bob (IPC Library, binder in this case) acts as an intermediary. This way at least I can’t be “directly” stabbed.

    What’s preventing the stranger from convincing Bob to stab me? Not much (except for Bob’s own ethics/programming)

    To work around this, we have designed programming languages (rust) that don’t work if there’s a possibility of it being corrupted (I would add “at least superficially”, but that’s not the main topic here). Bob was trained by the CIA in anti-brainwashing techniques. It’s really hard to convince Bob to stab me. That’s why it’s such a big deal. We now have a way of delivering messages between two programs that is much safer than before.

    The only problem is that the CIA anti-brainwashing techniques (rust) tend to make people slow. So we deliver messages less efficiently than before. Good news is in this case we managed to make Bob almost as fast as before, so we don’t lose our own much while gaining additional security. The people who checked on Bob even made sure to have Bob do the exact same thing as before when delivering messages (using RB Trees), hence this evidence is most likely credible.