Creating a New Ecosystem with Highly Reliable System-software Technology in a Way that Contributes Globally

Creating new software with Rust―which combines high performance and security

―What is your approach to “highly reliable system-software technology”?

The “highly reliable system-software technology” that I am researching aims to ensure that system software that controls hardware can withstand hardware failures and network attacks and continue to operate as expected. Achieving that aim requires a variety of basic technologies, and I’m currently working on avoiding software problems that can lead to system outages and external attacks. In particular, I’m aiming to create high-performance system software by using Rust―instead of the mainstream C language―as the programming language for developing that system software because Rust offers an advantageous safety feature; namely, it can prevent errors by developers.

The background to my research is the increased demand for software with the reliability to support today’s Internet-enabled world. In the 1990s, when the Internet was just becoming popular, its users were limited, and its applications had little impact on people’s lives. Today, however, utilization of information and communication technology (ICT) has spread throughout society, and the Internet has become part of the infrastructure that supports our daily lives. Systems outages affecting the Internet have thus become unacceptable. Moreover, important information (such as credit-card numbers) is exchanged over the Internet, so security breaches (such as the occurrence of financial damage) can occur if flaws in the system occur. People take it for granted that the Internet as a social infrastructure will always continue to operate as expected without such problems, and expectations concerning the reliability of the system software that supports the Internet have risen enormously. A major problem, however, is that much of the system software designed in the 1990s is still used to support the current Internet―even though expectations concerning reliability have changed considerably.

The choice of programming language is critical in regard to a reliable system because the chosen language must prevent software defects and vulnerabilities that can lead to external attacks. As the current mainstream programming language, C allows developers free and flexible manipulation of hardware, such as memory and central processing units (CPUs), in a manner that makes it easy to maximize the performance of the hardware. However, programming with C, developed in the 1970s, is known to be risky because it does not take safety into account; that is, C is not contrived to assist developers in preventing errors that cause bugs and vulnerabilities. In 2022, the US National Security Agency issued guidelines recommending the use of programming languages other than C. Since around 2000, a number of safety-oriented programming languages targeting high-performance software have been proposed, and we are currently working on one of them, Rust, with the aim of implementing new system software for supporting the Internet.

―What are the characteristics of the Rust programming language?

The main feature of Rust is that it enables safe implementation of high-performance software. For example, the methods that the languages Java and Go use for memory management prevent illegal memory operations through a mechanism called “garbage collection,” which monitors memory usage while software is running and deallocates memory areas that are no longer in use. Although garbage collection assures safe memory operations, it has a negative impact on performance because it operates during execution of software. In contrast, Rust does not use garbage collection, which degrades performance; instead, it is designed to infer memory usage when the software is compiled (source-code conversion) and manage it appropriately. Although balancing high performance and safety is a challenge, Rust achieves that balance by requiring developers to use their own specific designs and expressions.

I’m currently working on implementing a Linux-based operating system and a Border Gateway Protocol (BGP) daemon^* (Fig. 1). As for the Linux operating system, we are working with developers from other companies, such as Microsoft and Google, to implement the core function (kernel) of the operating system in Rust. Considering the software scale and popularity of the Linux kernel, we believe that it is not realistic to replace Linux with a new operating system implemented in Rust; instead, we aim to gradually replace the Linux kernel implemented in C with one implemented in Rust.

Fig. 1. Current targeted system software.

Used in large-scale cloud infrastructure networks, the BGP daemon, which supports the BGP (the backbone of the Internet), is a piece of system software that requires high performance and reliability. Currently, BGP daemons implemented in C are widely used; however, they lack the parallelism to take advantage of multiple CPUs, and they cannot exploit the performance of modern hardware. We have therefore implemented a new BGP daemon that takes advantage of Rust’s support for safely handling parallelism, and our BGP daemon has demonstrated five-times-higher performance than that of widely used BGP daemons.

―What are some of the difficulties you are currently facing in your research?

It takes time for new programming technologies to become widely used. In particular, the field of system software, which forms the backbone of infrastructure, tends to take longer to adopt new technologies.

Many safety-focused programming languages have been developed to replace C; nevertheless, C is still the dominant language for system-software development. One reason for C’s dominance may be the fact that it is a significant burden for developers to develop and maintain software in a language other than C.

Additionally, in the case of Rust, its unique specifications not possessed by conventional languages are said to be a barrier to its widespread use. In fact, it was controversial when functions of the Linux kernel were made available for implementation in Rust in addition to C. After much discussion, it became possible to implement features of the Linux kernel in Rust; however, at present, the Linux kernel does not yet have any features implemented in Rust.

I realize that there is no shortcut to overcoming this current situation, so I’m being careful to first implement small functions in Rust and demonstrate their usefulness. Specifically, when we proposed a feature that would make it possible to implement device drivers that control network-communication hardware of the Linux kernel in Rust, we encountered significant resistance from developers. Acknowledging that resistance, we are negotiating with such developers to reduce the scope of the impact of Rust and allow some features of network device drivers to be implemented in Rust.

In the field of development of open-source software (OSS), it is rare for 100% of your proposal to be accepted, and in my younger days, I myself was shocked every time my proposal was rejected. However, over the years of working in OSS development, I have realized the importance of continuing to improve and advance proposals with input from other developers and persisting even if only 10% of my proposals are accepted.

Engage in research that involves many people and has a big impact on the world

―Please tell us about your future research vision.

As a next step, I believe we need to demonstrate the value of applying a safety-focused programming language such as Rust to system software. Since the Linux-kernel development community has been divided on both sides of the Rust-application issue, the question of whether it is sufficiently meritorious to use a language other than C in development of system software has not yet been answered. To increase the usage of Rust for the Linux kernel, I think it is necessary to get the widely used features implemented in Rust adopted and demonstrate their benefits in terms of bugs and vulnerabilities. Moreover, since the use of a safety-focused programming language like Rust cannot prevent all bugs and vulnerabilities, we plan to consider other approaches, for example, preventing design defects.

By disseminating the results of our research on preventing system-software bugs and vulnerabilities as de facto technology, we aim to increase the reliability of system software throughout the industry. I believe that this approach will not only improve the reliability of the infrastructure that supports our daily lives but also enhance the value of our services by allowing us to use resources previously spent on addressing bugs and vulnerabilities to develop new functions.

And in regard to the concept called the Innovative Optical and Wireless Network (IOWN) proposed by NTT, technologies for preventing system outages and unauthorized use are extremely important. In a world in which life is more digitally integrated than ever before through the IOWN and ICT becomes indispensable, frustration of users will grow more than ever if a “service has been suspended” situation occurs. Aiming to avoid such situations and create a safe and comfortable society, we will continue to create an ecosystem involving various people besides NTT by utilizing open-development methods such as OSS to create new value on a global scale (Fig. 2).

Fig. 2. Vision of value creation through open-type development.

―Finally, please give a message to researchers, students, and business partners.

My research motto is “create technology that can be used by many people to further improve people’s lives.” I still remember that shortly after I joined NTT, my boss talked to me about my research topic, and he asked me, “How many people could live off the profits if the research results were to be commercialized.” I believe that his advice was not to aim for a technology that could only support the lives of a few-dozen people and be used only within the group; instead, it was to think of a theme that would make a bigger difference in the world and affect tens of thousands of people. To this day, I still hold that advice in high regard. And technology itself only grows when someone uses it. I believe that having many people use a technology will create a new market, and many people will be able to make money from that technology; conversely, a technology that does not generate money will not spread.

My goal is to create technologies that will create new markets for future research as well. My group is conducting research not to keep such technologies only at NTT but to spread them globally by using open-development methods such as OSS in cooperation with other companies and to expand NTT’s efforts by developing them into technologies with greater impact. Although NTT takes a leading position when NTT and other companies collaborate in Japan, it is not a major player in major global OSS projects. And since our interests are almost never completely aligned with those of other companies, we must adjust our interests and steer the project in the direction we want it to go. Therefore, each time we join a new community, we take the opportunity to meet and talk with community members in person. Although this activity seems simple enough, even information that cannot be conveyed to other parties through e-mail or online chat alone can be conveyed through real face-to-face conversations with them. In that way, we can increase the power and influence of our voice within the community while deepening understanding of other parties.

The Internet was originally created by many people, and to have an impact on the world, I myself will not think alone in a laboratory; instead, I want to create new value by getting involved with many people and collaborating with them. I hope that you will join me in activities that will have an impact on society.