Skip to content

Initialize data and bss sections in assmebly #101

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

Initialize data and bss sections in assmebly #101

wants to merge 3 commits into from

Conversation

Javier-varez
Copy link
Contributor

The embedonomicon currently suggests to initialize the bss and data sections in Rust code. However, since this was written, there has been extensive discussion about the soundness of the runtime initialization code.

In particular, the following questions have been raised:

  • Whether it is sound to write outside the bounds of the data pointed by pointers whose provenance come from a static variable.
  • Whether it is sound to mutably alias all static memory and write to it during initialization.
  • Whether it is unsound to enter the Rust abstract machine without the static variables being initialized.
  • Whether pointers obtained from different static allocations (such as _sbss and _ebss) can be compared. Note that the code in embedonomicon does not suffer from this issue, since pointers are converted to usize values such that provenance does no longer apply by the time they are subtracted to determine the region size. This was not the case in multiple runtime crates.

The general consensus in the ecosystem has been to move away from performing the initialization of the static memory regions in Rust. In order to avoid creating a false sense of security while reading the embedonomicon, these issues should be mentioned in the book, and the code written in assembly to reflect the current best-practice approach to platform initialization code.

References:

@Javier-varez
Initialize data and bss sections in assmebly
28ba46c 
The embedonomicon currently suggests to initialize the bss and data
sections in Rust code. However, since this was written, there has been
extensive discussion about the soundness of the runtime initialization
code.

In particular, the following questions have been raised:
- Whether it is sound to write outside the bounds of the data pointed
  by pointers whose provenance come from a static variable.
- Whether it is sound to mutably alias all static memory and write to it
  during initialization.
- Whether it is unsound to enter the Rust abstract machine without the
  static variables being initialized.
- Whether pointers obtained from different static allocations (such as
  `_sbss` and `_ebss`) can be compared. Note that the code in
  embedonomicon does not suffer from this issue, since pointers are
  converted to `usize` values such that provenance does no longer apply
  by the time they are subtracted to determine the region size. This was
  not the case in multiple runtime crates.

The general consensus in the ecosystem has been to move away from
performing the initialization of the static memory regions in Rust.
In order to avoid creating a false sense of security while reading the
embedonomicon, these issues should be mentioned in the book, and the
code written in assembly to reflect the current best-practice approach
to platform initialization code.

References:
- rust-embedded/cortex-m-rt#300
- rust-embedded#69
- https://rust-lang.zulipchat.com/#narrow/stream/136281-t-lang.2Fwg-unsafe-code-guidelines/topic/The.20least.20incorrect.20init.20code.20.3A)
- rust-lang/unsafe-code-guidelines#259
- rust-embedded/cortex-m-rt#301
@Javier-varez
Add rust section initialization example code
1eea2ed
@Javier-varez
Update book to discuss assembly globals init
1693511 
And why we do not do it in Rust
@Javier-varez Javier-varez requested a review from a team as a code owner October 11, 2025 20:20
@BartMassey
Copy link
Member

I've added this as an agenda item for the Embedded WG meeting this coming Tuesday rust-embedded/wg#875. I really appreciate the thought and effort you've put into this; please feel free to come help us figure out the right things at the meeting.

@Javier-varez
Copy link
Contributor Author

I've added this as an agenda item for the Embedded WG meeting this coming Tuesday rust-embedded/wg#875. I really appreciate the thought and effort you've put into this; please feel free to come help us figure out the right things at the meeting.

Thank you! I should have brought it up myself for discussion in the first place, but I thought I'd go ahead and show my proposal! I will be glad to attend the meeting on Tuesday and help if I can 👍🏻

jonathanpallant
jonathanpallant approved these changes Oct 13, 2025
View reviewed changes
Copy link

@jonathanpallant jonathanpallant left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me, but let's not merge until the discussion at the meeting.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@jonathanpallant jonathanpallant jonathanpallant approved these changes

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Javier-varez @BartMassey @jonathanpallant