• aubeynarf@lemmynsfw.com
    link
    fedilink
    arrow-up
    15
    ·
    edit-2
    4 months ago

    Performance is the major flaw with microkernels that have prevented the half-dozen or more serious attempts at this to succeed.

    Incurring context switching for low-level operations is just too slow.

    An alternative might be a safe/provable language for kernel and drivers where the compiler can guarantee properties of kernel modules instead of requiring hardware guarantees, and it ends up in one address space/protection boundary. But then the compiler (and its output) becomes a trusted component.

      • uis@lemm.ee
        link
        fedilink
        arrow-up
        1
        ·
        4 months ago

        Quite opposite. Most firmware microcontrollers run is giant kernel. Some microcontrollers don’t even have context switching at all. And I’m not even starting to talk about MMU.

        • nickwitha_k (he/him)@lemmy.sdf.org
          link
          fedilink
          arrow-up
          4
          ·
          4 months ago

          I was not meaning to say that all microcontrollers (or microcontroller firmwares) run a microkernel but, rather, that microcontrollers are an environment where they can work well because the limited scope of what the device is expected to do and its necessarily supported peripherals can be much smaller, making the potential impact of context changes smaller.

          For some good examples of microkernels for such purposes, take a look at FreeRTOS, ChibiOS, or Zephyr pre-1.6 (at which point architecture changed to a monolith because it is creeping towards general computing functionality).

          Some microcontrollers don’t even have context switching at all.

          As long as there’s some processing RAM and sufficient ROM, I’m sure that it can be crammed in there via firmware (in a sub-optimal way that makes people who have to maintain the code, including your future self, hate you and wish a more appropriate part were used).

          And I’m not even starting to talk about MMU.

          Some madlads forked Linux to get it to work without an MMU, even getting it merged into the mainline kernel: https://en.m.wikipedia.org/wiki/ΜClinux

          So, doable. Adviseable? Probably not in most cases but that’s subjective.

          • uis@lemm.ee
            link
            fedilink
            arrow-up
            2
            ·
            4 months ago

            take a look at FreeRTOS

            AFAIK FreeRTOS always ran drivers in kernel.

            As long as there’s some processing RAM and sufficient ROM, I’m sure that it can be crammed in there via firmware

            You can’t even emulate MPU without MPU. The only way is running bytecode, which is still not context switching.

            Some madlads forked Linux to get it to work without an MMU, even getting it merged into the mainline kernel: https://en.m.wikipedia.org/wiki/ΜClinux

            You are correct here. Should have said MPU instead.

            • nickwitha_k (he/him)@lemmy.sdf.org
              link
              fedilink
              arrow-up
              2
              ·
              4 months ago

              AFAIK FreeRTOS always ran drivers in kernel.

              At least in the docs, I see it described as a microkernel but, with a kernel that small, the differences are probably academic (and I’ll leave that to people with more formal background in CS than myself).

              You can’t even emulate MPU without MPU. The only way is running bytecode, which is still not context switching.

              You are correct here. Should have said MPU instead.

              Oh yes! That makes a lot more sense. I’ve been on-and-off looking at implementing multithreading and multiprocessing in CircuitPython. Memory protection is a big problem with making it work reliably.

    • uis@lemm.ee
      link
      fedilink
      arrow-up
      2
      ·
      4 months ago

      where the compiler can guarantee properties of kernel modules instead of requiring hardware guarantees

      Then you would need to move compiler to kernel. Well, there is one: BPF(and derivatives). It’s turing-incomplete by design.