Hacker News new | past | comments | ask | show | jobs | submit login

Architecturally, microkernels and unikernels are direct opposites.

Unikernels strive to minimize communication complexity (and size and footprint but that is not relevant to this discussion) by putting everything in the same address space. This gives them many advantages among which performance is often mentioned but ease of development is IMHO equally important.

However, the two are not mutually exclusive. Unikernels often run on top of microkernels or hypervisors.

Right answer.

While a unikernel might be structured to some extent internally into modules, it's basically all linked into a single blob and running in a single address space. Some programming languages may support some kind of PL-level separation, but there is no hardware enforcement. In the case of what Ali is doing because all the code is written in C (it's all Linux, glibc and memcached) there is neither software nor hardware separation internally.

To give a list of these PL-level separation mechanisms, and their languages, these are the kernels I know of that work in this fashion.

Spin OS (Modula-3), Singularity (Sing#), Midori (M#), TockOS (safe rust).

As far as I know TockOS is the only one I know of which has some form of both PL-level and hardware enforcement of separation, albeit on an MPU rather than a full MMU, PL-level for kernel modules, and an MPU protected userspace.

I at least think it is worth addressing that none of these separation mechanisms are actually mutually exclusive.

Could you make a unikernel out of Genode Operating System Framework?

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact