
Microkernels in a Bit More Depth (2007) [pdf] - vezzy-fnord
https://www.cse.unsw.edu.au/~cs9242/07/lectures/04-uk.pdf
======
kabdib
My experience with a microkernel (the Apple Newton, which took a lot of
inspiration from Mach) was that

\- IPC was pretty slow. We could have improved it, but probably not halved the
cycle count. Even with a custom MMU that reduced the amount of MMU frobbing we
had to do on a task switch, things weren't totally wonderful.

\- Some devices just couldn't go to a process. Well, most of them, really:
Inking, modem character traffic and storage needed optimizations to avoid
process switches. (The "device driver is just a user process that interrupts
defer to" model was used in Windows CE, and the resulting performance was
_horrible_ , by the way).

I'm sure that better people have designed better microkernel-based systems
(Microsoft has done some interesting stuff here in the last 10 years or so),
but it's still kind of crazy to do several context switches just to handle a
device interrupt.

~~~
hga
As far as I know, the state of the art in efficient microkernels is the L4
family:
[https://en.wikipedia.org/wiki/L4_microkernel_family](https://en.wikipedia.org/wiki/L4_microkernel_family)
and you can find some real meat about how they've been so successful in this
paper: [http://www.nicta.com.au/publications/research-
publications/?...](http://www.nicta.com.au/publications/research-
publications/?term=l4&term_field=title&pageno=3&pid=6930)

One big thing: seL4 has been formally proven, down to the binary gcc emits for
it.

Ah, I see these slides, as I'd expect from an Australian source, start taking
about L4 on slide #44.

------
nickpsecurity
The line of research that led to L4-based security like this:

[http://genode-labs.com/publications/mikro-sina-2005.pdf](http://genode-
labs.com/publications/mikro-sina-2005.pdf)

And capability-based security w/ persistence like this:

[http://www.eros-os.org/papers/IEEE-Software-Jan-2002.pdf](http://www.eros-
os.org/papers/IEEE-Software-Jan-2002.pdf)

State-of-the-art are projects such as CHERI and SAFE processors that use tags
to enforce fine-grained, efficient protection at hardware level. CHERI's path
included legacy compatibility with FreeBSD software (CheriBSD) building on
capability model like EROS did. SAFE essentially types memory with functional
programming and verification. Personally, I thought they should've just ported
Oberon to it for something immediately usable. One thing about SAFE, along
with predecessor TIARA, is they go for "zero-kernel" OS where everything is
deprivileged where possible with hardware enforcement and elimination of
context switches.

However, I think their program transformation or microkernels with
capabilities are best we can do for traditional architectures (esp x86) with
kernel/user mode protections. Hypervisor layer adds additional possibilities
but it's still simple, powerful things looking after complicated, weak things.
Same stuff with new abstraction and efficiency opportunities. Clean-slate is
best investment, though, so we should keep putting money into and building on
architectures such as CHERI and SAFE.

