147:" to these new systems. New device drivers, protocol stacks, file systems and other low-level systems were being developed all the time. This code was normally located in the monolithic kernel, and thus required considerable work and careful code management to work on. Microkernels were developed with the idea that all of these services would be implemented as user-space programs, like any other, allowing them to be worked on monolithically and started and stopped like any other program. This would not only allow these services to be more easily worked on, but also separated the kernel code to allow it to be finely tuned without worrying about unintended side effects. Moreover, it would allow entirely new operating systems to be "built up" on a common core, aiding OS research.
139:. Its nucleus provided inter-process communication based on message-passing for up to 23 unprivileged processes, out of which 8 at a time were protected from one another. It further implemented scheduling of time slices of programs executed in parallel, initiation and control of program execution at the request of other running programs, and initiation of data transfers to or from peripherals. Besides these elementary mechanisms, it had no built-in strategy for program execution and resource allocation. This strategy was to be implemented by a hierarchy of running programs in which parent processes had complete control over child processes and acted as their operating systems.
425:
lead and only provided a synchronous IPC primitive. Asynchronous IPC could be implemented on top by using helper threads. However, experience has shown that the utility of synchronous IPC is dubious: synchronous IPC forces a multi-threaded design onto otherwise simple systems, with the resulting synchronization complexities. Moreover, an RPC-like server invocation sequentializes client and server, which should be avoided if they are running on separate cores. Versions of L4 deployed in commercial products have therefore found it necessary to add an asynchronous notification mechanism to better support asynchronous communication. This
511:(MTS), in 1967, supported user space drivers (including its file system support), the first operating system to be designed with that capability. Historically, drivers were less of a problem, as the number of devices was small and trusted anyway, so having them in the kernel simplified the design and avoided potential performance problems. This led to the traditional driver-in-the-kernel style of Unix, Linux, and Windows NT. With the proliferation of various kinds of peripherals, the amount of driver code escalated and in modern operating systems dominates the kernel in code size.
351:) for the availability of the message, or is alerted to it via some notification mechanism. Asynchronous IPC requires that the kernel maintains buffers and queues for messages, and deals with buffer overflows; it also requires double copying of messages (sender to kernel and kernel to receiver). In synchronous IPC, the first party (sender or receiver) blocks until the other party is ready to perform the IPC. It does not require buffering or multiple copies, but the implicit rendezvous can make programming tricky. Most programmers prefer asynchronous send and synchronous receive.
441:
indicates that the IPC should fail immediately if the partner is not ready. This approach effectively provides a choice of the two timeout values of zero and infinity. Recent versions of L4 and MINIX have gone down this path (older versions of L4 used timeouts). QNX avoids the problem by requiring the client to specify the reply buffer as part of the message send call. When the server replies the kernel copies the data to the client's buffer, without having to wait for the client to receive the response explicitly.
685:. No comprehensive comparison of performance relative to monolithic systems has been published for those multiserver systems. Furthermore, performance does not seem to be the overriding concern for those commercial systems, which instead emphasize reliably quick interrupt handling response times (QNX) and simplicity for the sake of robustness. An attempt to build a high-performance multiserver operating system was the IBM Sawmill Linux project. However, this project was never completed.
3569:
3559:
33:
417:. Their results explained Mach's poorer performance by higher MCPI and demonstrated that IPC alone is not responsible for much of the system overhead, suggesting that optimizations focused exclusively on IPC will have a limited effect. Liedtke later refined Chen and Bershad's results by making an observation that the bulk of the difference between Ultrix and Mach MCPI was caused by capacity
724:(EAL) 7) has an explicit requirement that the target of evaluation be "simple", an acknowledgment of the practical impossibility of establishing true trustworthiness for a complex system. Again, the term "simple" is misleading and ill-defined. At least the Department of Defense Trusted Computer System Evaluation Criteria introduced somewhat more precise verbiage at the B3/A1 classes:
578:, it is what enables the construction of arbitrary systems on top of a minimal kernel. Any policy built into the kernel cannot be overwritten at user level and therefore limits the generality of the microkernel. Policy implemented in user-level servers can be changed by replacing the servers (or letting the application choose between competing servers offering similar services).
794:
degree of assurance which goes beyond even CC EAL7. It was followed by proofs of security-enforcement properties of the API, and a proof demonstrating that the executable binary code is a correct translation of the C implementation, taking the compiler out of the TCB. Taken together, these proofs establish an end-to-end proof of security properties of the kernel.
383:, avoids traversing scheduling queues during IPC by leaving threads that block during IPC in the ready queue. Once the scheduler is invoked, it moves such threads to the appropriate waiting queue. As in many cases a thread gets unblocked before the next scheduler invocation, this approach saves significant work. Similar approaches have since been adopted by
469:. The necessary servers are started at system startup and provide services, such as file, network, and device access, to ordinary application programs. With such servers running in the environment of a user application, server development is similar to ordinary application development, rather than the build-and-boot process needed for kernel development.
170:, proved to have disappointing performance, but the inherent advantages appeared so great that it was a major line of research into the late 1990s. However, during this time the speed of computers grew greatly in relation to networking systems, and the disadvantages in performance came to overwhelm the advantages in development terms.
496:(DMA), and therefore can write to arbitrary locations of physical memory, including various kernel data structures. Such drivers must therefore be trusted. It is a common misconception that this means that they must be part of the kernel. In fact, a driver is not inherently more or less trustworthy by being part of the kernel.
754:
More recent work on microkernels has been focusing on formal specifications of the kernel API, and formal proofs of the API's security properties and implementation correctness. The first example of this is a mathematical proof of the confinement mechanisms in EROS, based on a simplified model of the
480:
connections: If this server is restarted, applications will experience a "lost" connection, a normal occurrence in a networked system. For other services, failure is less expected and may require changes to application code. For QNX, restart capability is offered as the QNX High
Availability Toolkit.
339:
is, strictly defined, also an inter-process communication mechanism, but the abbreviation IPC usually refers to message passing only, and it is the latter that is particularly relevant to microkernels. IPC allows the operating system to be built from a number of smaller programs called servers, which
670:
While these results demonstrate that the poor performance of systems based on first-generation microkernels is not representative for second-generation kernels such as L4, this constitutes no proof that microkernel-based systems can be built with good performance. It has been shown that a monolithic
499:
While running a device driver in user space does not necessarily reduce the damage a misbehaving driver can cause, in practice it is beneficial for system stability in the presence of buggy (rather than malicious) drivers: memory-access violations by the driver code itself (as opposed to the device)
374:
is performed from the sender directly to the receiver. If, as in L4, part or all of the message is passed in registers, this transfers the in-register part of the message without any copying at all. Furthermore, the overhead of invoking the scheduler is avoided; this is especially beneficial in the
134:
fertilizer plant in Poland. The computer used a small real-time operating system tailored for the needs of the plant. Brinch Hansen and his team became concerned with the lack of generality and reusability of the RC 4000 system. They feared that each installation would require a different operating
793:
In the case of seL4, complete formal verification of the implementation has been achieved, i.e. a mathematical proof that the kernel's implementation is consistent with its formal specification. This provides a guarantee that the properties proved about the API actually hold for the real kernel, a
616:
system and virtual-memory-manager design that allows implementing page-fault handling and swapping in usermode servers in a safe way. Since all services are performed by usermode programs, efficient means of communication between programs are essential, far more so than in monolithic kernels. The
424:
In a client-server system, most communication is essentially synchronous, even if using asynchronous primitives, as the typical operation is a client invoking a server and then waiting for a reply. As it also lends itself to more efficient implementation, most microkernels generally followed L4's
241:
Although major work on microkernels had largely ended, experimenters continued development. It has since been shown that many of the performance problems of earlier designs were not a fundamental limitation of the concept, but instead due to the designer's desire to use single-purpose systems to
158:
kernel was an early example, introduced in 1986 and used in a PC with relative commercial success. The lack of memory protection, considered in other respects a flaw, allowed this kernel to have very high message-passing performance because it did not need to copy data while exchanging messages
440:
on IPC calls, which limit the blocking time. In practice, choosing sensible timeout values is difficult, and systems almost inevitably use infinite timeouts for clients and zero timeouts for servers. As a consequence, the trend is towards not providing arbitrary timeouts, but only a flag which
705:(TCB) should be kept minimal. As the kernel (the code that executes in the privileged mode of the hardware) has unvetted access to any data and can thus violate its integrity or confidentiality, the kernel is always part of the TCB. Minimizing it is natural in a security-driven design.
642:
if the drivers are implemented as processes, or a function call if they are implemented as procedures. In addition, passing actual data to the server and back may incur extra copying overhead, while in a monolithic system the kernel can directly access the data in the client's buffers.
914:, which claimed to be a microkernel while Shapiro considered it monolithic, essentially unstructured, and slower than the systems it sought to replace. Subsequent reuse of and response to the term, including the picokernel coinage, suggest that the point was largely missed. Both
2276:
728:"The TCB shall complete, conceptually simple protection mechanisms with precisely defined semantics. Significant system engineering shall be directed toward minimizing the complexity of the TCB, as well as excluding from the TCB those modules that are not protection-critical."
688:
It has been shown in the meantime that user-level device drivers can come close to the performance of in-kernel drivers even for such high-throughput, high-interrupt devices as
Gigabit Ethernet. This seems to imply that high-performance multi-server systems are possible.
671:
Linux server ported to L4 exhibits only a few percent overhead over native Linux. However, such a single-server system exhibits few, if any, of the advantages microkernels are supposed to provide by structuring operating system functionality into separate servers.
592:, which are not part of the kernel. Typically, this means that they are packaged with the kernel in the boot image, and the kernel supports a bootstrap protocol that defines how the drivers are located and started; this is the traditional bootstrap procedure of
453:
programs like any others, except that the kernel grants some of them privileges to interact with parts of physical memory that are otherwise off limits to most programs. This allows some servers, particularly device drivers, to interact directly with hardware.
142:
Following Brinch Hansen's work, microkernels have been developed since the 1970s. The term microkernel itself first appeared no later than 1981. Microkernels were meant as a response to changes in the computer world, and to several challenges adapting existing
666:
that through careful design and implementation, and especially by following the minimality principle, IPC costs could be reduced by more than an order of magnitude compared to Mach. L4's IPC performance is still unbeaten across a range of architectures.
429:-like mechanism does not carry data and therefore does not require buffering by the kernel. By having two forms of IPC, they have nonetheless violated the principle of minimality. Other versions of L4 have switched to asynchronous IPC completely.
173:
Many attempts were made to adapt the existing systems to have better performance, but the overhead was always considerable and most of these efforts required the user-space programs to be moved back into the kernel. By 2000, most large-scale
608:
in the kernel to simplify booting. A microkernel-based system may boot via multiboot compatible boot loader. Such systems usually load statically-linked servers to make an initial bootstrap or mount an OS image to continue bootstrapping.
2304:
2026:
Klein, Gerwin; Elphinstone, Kevin; Heiser, Gernot; Andronick, June; Cock, David; Derrin, Philip; Elkaduwe, Dhammika; Engelhardt, Kai; Kolanski, Rafal; Norrish, Michael; Sewell, Thomas; Tuch, Harvey; Winwood, Simon (October 2009).
625:
On most mainstream processors, obtaining a service is inherently more expensive in a microkernel-based system than a monolithic system. In the monolithic system, the service is obtained by a single system call, which requires two
273:
Early operating system kernels were rather small, partly because computer memory was limited. As the capability of computers grew, the number of devices the kernel had to control also grew. Throughout the early history of
500:
may still be caught by the memory-management hardware. Furthermore, many devices are not DMA-capable, their drivers can be made untrusted by running them in user space. Recently, an increasing number of computers feature
366:. These include an IPC system call that supports a send as well as a receive operation, making all IPC synchronous, and passing as much data as possible in registers. Furthermore, Liedtke introduced the concept of the
2335:
Black, D.L., Golub, D.B., Julin, D.P., Rashid, R.F., Draves, R.P., Dean, R.W., Forin, A., Barrera, J., Tokuda, H., Malan, G., and Bohman, D. (March 1992). "Microkernel
Operating System Architecture and Mach".
746:
kernel at the time. The study concluded that 40% of the issues could not occur at all in a formally verified microkernel, and only 4% of the issues would remain entirely unmitigated in such a system.
567:
A concept is tolerated inside the microkernel only if moving it outside the kernel, i.e., permitting competing implementations, would prevent the implementation of the system's required functionality.
308:
The microkernel was intended to address this growth of kernels and the difficulties that resulted. In theory, the microkernel design allows for easier management of code due to its division into
301:
and a number of "virtual" devices that allowed the existing programs to work 'invisibly' over the network. This growth continued for many years, resulting in kernels with millions of lines of
571:
Everything else can be done in a usermode program, although device drivers implemented as user programs may on some processor architectures require special privileges to access I/O hardware.
2171:
Klein, Gerwin; Andronick, June; Elphinstone, Kevin; Murray, Toby; Sewell, Thomas; Kolanski, Rafal; Heiser, Gernot (February 2014). "Comprehensive Formal
Verification of an OS Microkernel".
436:
attack on a server by sending a request and never attempting to receive the reply. Therefore, synchronous IPC must provide a means to prevent indefinite blocking. Many microkernels provide
697:
The security benefits of microkernels have been frequently discussed. In the context of security the minimality principle of microkernels is, some have argued, a direct consequence of the
1345:
738:
In 2018, a paper presented at the Asia-Pacific
Systems Conference claimed that microkernels were demonstrably safer than monolithic kernels by investigating all published critical
638:). In the microkernel-based system, the service is obtained by sending an IPC message to a server, and obtaining the result in another IPC message from the server. This requires a
476:. However, part of the system state is lost with the failing server, hence this approach requires applications to cope with failure. A good example is a server responsible for
347:
IPC can be synchronous or asynchronous. Asynchronous IPC is analogous to network communication: the sender dispatches a message and continues executing. The receiver checks (
162:
The same mechanisms that allowed the kernel to be distributed into user space also allowed the system to be distributed across network links. The first microkernels, notably
2334:
286:
implementations. When address spaces increased from 16 to 32 bits, kernel design was no longer constrained by the hardware architecture, and kernels began to grow larger.
1693:
617:
design of the IPC system makes or breaks a microkernel. To be effective, the IPC system must not only have low overhead, but also interact well with CPU scheduling.
340:
are used by other programs on the system, invoked via IPC. Most or all support for peripheral hardware is handled in this fashion, with servers for device drivers,
581:
For efficiency, most microkernels contain schedulers and manage timers, in violation of the minimality principle and the principle of policy-mechanism separation.
432:
As synchronous IPC blocks the first party until the other is ready, unrestricted use could easily lead to deadlocks. Furthermore, a client could easily mount a
135:
system so they started to investigate novel and more general ways of creating software for the RC 4000. In 1969, their effort resulted in the completion of the
246:
and relying on the processor to enforce concepts normally supported in software led to a new series of microkernels with dramatically improved performance.
1607:
2048:
519:
As a microkernel must allow building arbitrary operating system services on top, it must provide some core functionality. At a minimum, this includes:
2630:
941:
1881:
Leslie, Ben; Chubb, Peter; FitzRoy-Dale, Nicholas; Götz, Stefan; Gray, Charles; Macpherson, Luke; Potts, Daniel; Shen, Yueting; Elphinstone, Kevin;
3660:
2355:
2326:
1284:
2420:
701:, according to which all code should have only the privileges needed to provide required functionality. Minimality requires that a system's
3563:
755:
EROS API. More recently (in 2007) a comprehensive set of machine-checked proofs was performed of the properties of the protection model of
1995:
1808:
3607:
1586:
905:
297:
began the era of larger kernels. In addition to operating a basic system consisting of the CPU, disks and printers, BSD added a complete
504:, many of which can be used to restrict a device's access to physical memory. This also allows user-mode drivers to become untrusted.
130:
where he led software development efforts for the RC 4000 computer. In 1967, Regnecentralen was installing a RC 4000 prototype in the
779:
896:
A kernel where the total amount of kernel code, i.e. code executing in the privileged mode of the hardware, is very small. The term
354:
First-generation microkernels typically supported synchronous as well as asynchronous IPC, and suffered from poor IPC performance.
2426:
457:
A basic set of servers for a general-purpose microkernel includes file system servers, device driver servers, networking servers,
2087:
3222:
3936:
3907:
2463:
1703:
1561:
Elphinstone, Kevin; Heiser, Gernot (November 2013). "From L3 to seL4: What Have We Learnt in 20 Years of L4 Microkernels?".
837:
596:. Some microkernels simplify this by placing some key drivers inside the kernel (in violation of the minimality principle),
1780:. 1st International Workshop on Microkernels for Embedded Systems. Sydney, Australia: NICTA. pp. 11–21. Archived from
739:
646:
Performance is therefore a potential issue in microkernel systems. The experience of first-generation microkernels such as
1974:
948:
There is also at least one case where the term nanokernel is used to refer not to a small kernel, but one that supports a
358:
assumed the design and implementation of the IPC mechanisms to be the underlying reason for this poor performance. In his
1775:
1754:
713:
658:
showed that Mach's performance problems were the result of poor design and implementation, specifically Mach's excessive
3216:
3210:
2368:
1246:
Rashid, Richard; Robertson, George (December 1981). "Accent: A communication oriented network operating system kernel".
3339:
2679:
575:
2264:
1828:
312:
services. This also allows for increased security and stability resulting from the reduced amount of code running in
83:, the microkernel may be the only software executing at the most privileged level, which is generally referred to as
3711:
3655:
2972:
783:
756:
3630:
3600:
3364:
2686:
552:
136:
1205:
Wulf, William; Cohen, Ellis; Corwin, William; Jones, Anita; Levin, Roy; Pierson, C.; Pollack, Fred (June 1974).
708:
Consequently, microkernel designs have been used for systems designed for high-security applications, including
3823:
3721:
3248:
3204:
1417:
774:
as a first-class concern, novel approaches to kernel resource management, and a design goal of suitability for
290:
2703:
1614:
868:
4101:
3650:
3635:
3403:
2402:
993:
320:, only the networking service's memory would be corrupted, leaving the rest of the system still functional.
3696:
3681:
3640:
2895:
1637:
771:
698:
682:
242:
implement as many of these services as possible. Using a more pragmatic approach to the problem, including
17:
331:(IPC) is any mechanism which allows separate processes to communicate with each other, usually by sending
3862:
3809:
2817:
2396:
1008:
613:
540:
437:
328:
131:
69:
2062:
1632:
421:
and concluding that drastically reducing the cache working set of a microkernel will solve the problem.
305:. As a result of this growth, kernels were prone to bugs and became increasingly difficult to maintain.
3877:
3716:
3593:
3544:
3391:
3141:
1499:
933:
721:
675:
450:
348:
3912:
3731:
3691:
3686:
3645:
3431:
3409:
3306:
3048:
2979:
2934:
2913:
2852:
2484:
2456:
961:
858:
806:
767:
2255:
2156:
1173:
3955:
3842:
3706:
3424:
3385:
3260:
2966:
2845:
1866:
1480:
863:
787:
631:
508:
2207:
1856:; Elphinstone, Kevin J.; Uhlig, Volkmar; Tidswell, Jonathon E.; Deller, Luke; et al. (2000).
1298:
3701:
3377:
3172:
2919:
1331:
1057:
477:
925:
A virtualization layer underneath an operating system, which is more correctly referred to as a
4089:
4028:
3917:
3897:
3846:
3804:
2762:
2722:
2250:
2151:
2001:
1861:
1475:
1168:
998:
976:
702:
395:
341:
2413:
4122:
3872:
3838:
3740:
3676:
3573:
3088:
3019:
2514:
2493:
2349:
2320:
843:
593:
556:
535:
376:
359:
2407:
2028:
1948:"The Jury Is In: Monolithic OS Design Is Flawed: Microkernel-based Designs Improve Security"
1730:. 6th Workshop on Hot Topics in Operating Systems. Cape Cod, MA, USA: IEEE. pp. 28–31.
4069:
4043:
3552:
3397:
3059:
2449:
2141:
1659:
Alexander, Michael T. (1971). "Organization and
Features of the Michigan Terminal System".
1029:
493:
2782:
2389:
An assessment of the present and future state of microkernel based OSes as of
January 1994
1474:. 14th ACM Symposium on Operating System Principles. Asheville, NC, USA. pp. 175–88.
574:
Related to the minimality principle, and equally important for microkernel design, is the
8:
4038:
3990:
3867:
3511:
1920:
937:
473:
3975:
3882:
3420:
2955:
2638:
2296:
2188:
1902:
1834:
1674:
1563:
SOSP '13 Proceedings of the Twenty-Fourth ACM Symposium on
Operating Systems Principles
1437:
1395:
1278:
1228:
1186:
531:
426:
363:
151:
65:
2715:
2095:
4084:
4033:
3965:
3922:
3763:
3496:
3481:
3461:
2541:
2260:
1954:. Jeju Island, Republic of Korea: Association for Computing Machinery. pp. 1–7.
1947:
1824:
1813:
Proceedings of the sixteenth ACM symposium on
Operating systems principles - SOSP '97
1748:
1699:
981:
466:
433:
123:
107:
2234:
1678:
1507:
SOSP '93 Proceedings of the fourteenth ACM symposium on
Operating systems principles
4064:
3616:
2733:
2520:
2288:
2192:
2180:
2122:
2054:
1955:
1906:
1894:
1838:
1816:
1777:
High-performance microkernels and virtualisation on ARM and segmented architectures
1731:
1664:
1566:
1541:
1538:
SOSP '95 Proceedings of the fifteenth ACM symposium on Operating systems principles
1510:
1441:
1429:
1399:
1385:
1251:
1232:
1218:
1190:
1178:
57:
41:
3001:
2602:
922:
have subsequently come to have the same meaning expressed by the term microkernel.
4008:
3970:
3941:
3466:
3164:
2559:
2300:
1101:
717:
332:
317:
258:
76:
2376:
1248:
SOSP '81 Proceedings of the eighth ACM symposium on Operating systems principles
1153:
418:
4094:
4018:
3980:
3852:
3506:
3491:
3471:
2993:
2696:
2609:
2509:
1980:
1853:
1804:
1719:
1533:
1467:
1078:
826:
775:
663:
655:
639:
458:
379:(RPC) type fashion by a client invoking a server. Another optimization, called
371:
355:
298:
262:
257:, but the latter make no claim to minimality and are specialized to supporting
219:
167:
127:
92:
3148:
2053:. 1st Workshop on Isolation and Integration in Embedded Systems. Glasgow, UK.
1898:
1735:
1325:
766:, characterised by a security-oriented API with resource access controlled by
4116:
4003:
3960:
3799:
3753:
3516:
3486:
2657:
2146:. IIES'09: Second Workshop on Isolation and Integration in Embedded Systems.
1882:
1771:
1750:
1723:
1413:
988:
971:
911:
848:
647:
589:
548:
524:
489:
403:
336:
279:
243:
183:
175:
163:
88:
61:
36:
Structure of monolithic and microkernel-based operating systems, respectively
2126:
1959:
1669:
1571:
1433:
1125:
3887:
3521:
3291:
3271:
3074:
2901:
2596:
2441:
2247:
Proceedings of the Workshop on Micro-kernels and Other Kernel Architectures
2143:
Taming Subsystems – Capabilities as Universal Resource Access Control in L4
155:
99:, are typically removed from the microkernel itself and are instead run in
1820:
1759:. USENIX Annual Technical Conference. Annaheim, CA, USA. pp. 264–278.
1546:
1514:
1390:
1373:
1255:
1223:
1206:
1182:
4013:
3995:
3778:
3768:
3351:
2997:
1781:
605:
313:
302:
283:
195:
144:
96:
84:
2433:
2292:
1923:
1860:. 9th ACM SIGOPS European Workshop. Kolding, Denmark. pp. 109–114.
936:
that forms the lowest-level part of a kernel, sometimes used to provide
3453:
3357:
3321:
2673:
1661:
Proceedings of the November 16–18, 1971, Fall Joint Computer Conference
1500:"The Impact of Operating System Structure on Memory System Performance"
949:
926:
873:
414:
309:
254:
231:
223:
215:
114:
microkernel, for example, has only approximately 12,000 lines of code.
100:
2036:. 22nd ACM Symposium on Operating System Principles. Big Sky, MT, USA.
1749:
Gray, Charles; Chapman, Matthew; Chubb, Peter; Mosberger-Tang, David;
150:
Microkernels were a very hot topic in the 1980s when the first usable
106:
In terms of the source code size, microkernels are often smaller than
3950:
3857:
3783:
3748:
3501:
3476:
3240:
3110:
3100:
3008:
2794:
2754:
2531:
2392:
2274:
2238:
2147:
2088:"TUD Home: Operating Systems: Research: Microkernel & Hypervisor"
2047:
Elkaduwe, Dhammika; Derrin, Philip; Elphinstone, Kevin (April 2008).
1885:(September 2005). "User-level device drivers: achieved performance".
1003:
966:
822:
674:
A number of commercial multi-server systems exist, in particular the
659:
635:
461:, and user interface device servers. This set of servers (drawn from
250:
202:
7.3 kernel) with code from BSD UNIX, and this kernel is also used in
80:
3585:
2205:
2184:
2058:
1445:
4079:
3327:
3284:
3080:
2888:
2768:
2664:
2548:
651:
278:, kernels were generally small, even though they contained various
227:
53:
654:
showed that systems based on them performed very poorly. However,
4074:
3773:
3443:
3370:
3333:
3253:
3230:
3199:
3178:
3153:
3126:
3119:
3028:
2809:
2800:
2709:
1728:
Achieved IPC performance (still the foundation for extensibility)
1718:
832:
733:
Department of Defense Trusted Computer System Evaluation Criteria
585:
388:
211:
111:
2119:
NOVA: A Microhypervisor-Based Secure Virtualization Architecture
2094:. Technische Universität Dresden. 12 August 2010. Archived from
543:, required to invoke servers running in their own address spaces
3437:
3314:
3068:
3041:
3034:
2960:
2949:
2943:
2864:
2833:
2615:
2170:
2025:
817:
709:
597:
530:
Some execution abstraction to manage CPU allocation, typically
407:
399:
235:
122:
Microkernels trace their roots back to Danish computer pioneer
32:
1994:
Elkaduwe, Dhammika; Klein, Gerwin; Elphinstone, Kevin (2007).
4023:
3190:
2986:
2907:
2858:
2788:
2775:
2744:
2586:
2503:
1802:
1722:; Elphinstone, Kevin; Schönberg, Sebastian; Härtig, Hermann;
900:
was sometimes used to further emphasize small size. The term
853:
743:
601:
501:
394:
In a series of experiments, Chen and Bershad compared memory
199:
191:
179:
27:
Kernel that provides fewer services than a traditional kernel
2110:
2050:
Kernel design for isolation and assurance of physical memory
2871:
2574:
2568:
2245:
Dan Hildebrand (1992). "An Architectural Overview of QNX".
1880:
778:, besides the usual goal of high performance. Examples are
410:
294:
275:
207:
226:, uses a hybrid kernel design. As of 2012, the Mach-based
4059:
3345:
2839:
2646:
2206:
David L. Mills and Poul-Henning Kamp (28 November 2000).
2046:
1979:. IEEE Conference on Security and Privacy. Archived from
1851:
812:
678:
465:) provides roughly the set of services offered by a Unix
462:
384:
203:
187:
2021:
2019:
1993:
1207:"HYDRA: The Kernel of a Multiprocessor Operating System"
472:
Additionally, many "crashes" can be corrected by simply
2421:
Linus Torvalds about the microkernels again, 2006.05.09
1952:
Proceedings of the 9th Asia-Pacific Workshop on Systems
1695:
Lions' Commentary on UNIX 6th Edition, with Source Code
1418:"Are Virtual-Machine Monitors Microkernels Done Right?"
230:
is also functional and included in testing versions of
56:
that can provide the mechanisms needed to implement an
514:
316:. For example, if a networking service crashed due to
2016:
1540:. Copper Mountain Resort, CO, USA. pp. 237–250.
1498:
Chen, J. Bradley; Bershad, Brian N. (December 1993).
507:
User-mode drivers actually predate microkernels. The
2277:"Can We Make Operating Systems Reliable and Secure?"
1845:
1416:; Uhlig, Volkmar; LeVasseur, Joshua (January 2006).
1412:
1204:
1154:"The Nucleus of a Multiprogramming Operating System"
1103:
A Programmer's Story: The Life of a Computer Pioneer
2133:
1874:
1763:
2414:Can We Make Operating Systems Reliable and Secure?
2275:Tanenbaum, A., Herder, J. and Bos, H. (May 2006).
2140:Lackorzynski, Adam; Warg, Alexander (March 2009).
1493:
1491:
1262:
1250:. Pacific Grove, California, USA. pp. 64–75.
1151:
362:he pioneered methods that lowered IPC costs by an
87:. Traditional operating system functions, such as
2121:. Eurosys 2010. Paris, France. pp. 209–222.
1997:Verified Protection Model of the seL4 Microkernel
1946:Biggs, Simon; Lee, Damon; Heiser, Gernot (2018).
1936:Tanenbaum, A., Herder, J. and Bos, H. (May 2006).
1712:
1560:
4114:
2139:
1769:
1554:
940:functionality to normal operating systems, like
370:, where during an IPC execution an (incomplete)
2164:
1488:
1245:
904:was coined by Jonathan S. Shapiro in the paper
265:frequently finds use in a hypervisor capacity.
2244:
2117:Steinberg, Udo; Kauer, Bernhard (April 2010).
2116:
2040:
1945:
1852:Gefflaut, Alain; Jaeger, Trent; Park, Yoonho;
323:
3601:
3564:Category: Microkernel-based operating systems
2457:
1536:(December 1995). "On µ-Kernel Construction".
1528:
1526:
1524:
1367:
1365:
1363:
1346:"Porting UNIX/Linux Applications to Mac OS X"
1123:
1099:
662:footprint. Liedtke demonstrated with his own
190:, which combines a heavily modified (hybrid)
2471:
2354:: CS1 maint: multiple names: authors list (
2325:: CS1 maint: multiple names: authors list (
1742:
1406:
1030:"Toward a True Microkernel Operating System"
559:. It has since been formalised in Liedtke's
2000:. submitted for publication. Archived from
1809:"The performance of μ-kernel-based systems"
1726:; Islam, Nayeem; Jaeger, Trent (May 1997).
1497:
612:A key component of a microkernel is a good
178:kernel efforts had ended, although Apple's
3608:
3594:
2464:
2450:
1887:Journal of Computer Science and Technology
1685:
1633:"I/O, I/O, It's Off to Virtual Work We Go"
1521:
1460:
1360:
1283:: CS1 maint: location missing publisher (
1268:
1117:
1093:
126:and his tenure in Danish computer company
2408:The Tanenbaum-Torvalds Debate, 1992.01.29
2254:
2155:
2030:seL4: Formal verification of an OS kernel
1865:
1796:
1668:
1658:
1570:
1565:. Farmington, PA, USA. pp. 133–150.
1545:
1479:
1389:
1222:
1172:
1127:RC 4000 Software: Multiprogramming System
588:) of a microkernel-based system requires
527:, required for managing memory protection
60:(OS). These mechanisms include low-level
3109:
1976:Verifying the EROS Confinement Mechanism
1972:
1509:. Asheville, NC, USA. pp. 120–133.
1327:WWDC 2000 Session 106 - Mac OS X: Kernel
1239:
1071:
31:
1807:; Schönberg, Sebastian (October 1997).
1624:
1532:
1466:
1371:
762:This has led to what is referred to as
14:
4115:
2366:
2235:Scientific articles about microkernels
2082:
2080:
1334:from the original on 11 December 2021.
1197:
1028:Herder, Jorrit N. (23 February 2005).
1027:
3615:
3589:
2445:
1973:Shapiro, Jonathan S.; Weber, Samuel.
1919:
1691:
1323:
720:(CC) at the highest assurance level (
547:This minimal design was pioneered by
253:. They also have much in common with
2199:
2173:ACM Transactions on Computer Systems
1924:"Tanenbaum-Torvalds debate, part II"
1630:
449:Microkernel servers are essentially
249:Microkernels are closely related to
154:were being introduced.. The AmigaOS
2077:
1803:Härtig, Hermann; Hohmuth, Michael;
1756:Itanium—a system implementor's tale
1608:"The QNX High Availability Toolkit"
1422:ACM SIGOPS Operating Systems Review
802:Some examples of microkernels are:
749:
515:Essential components and minimality
375:common case where IPC is used in a
24:
2434:Tanenbaum-Torvalds Debate: Part II
2228:
1663:. Vol. 40. pp. 589–591.
1372:Liedtke, Jochen (September 1996).
1133:(Technical report). Regnecentralen
907:The KeyKOS NanoKernel Architecture
604:are examples. Some even include a
576:separation of mechanism and policy
474:stopping and restarting the server
75:If the hardware provides multiple
25:
4134:
2367:Varhol, Peter D. (January 1994).
2338:Journal of Information Processing
1271:Amiga ROM Kernel Reference Manual
1124:Brinch Hansen, Per (April 1969).
523:Some mechanisms for dealing with
484:
182:, released in 2001, still uses a
3712:Object-oriented operating system
3568:
3567:
3558:
3557:
1858:The Sawmill multiserver approach
1815:. Vol. 31. pp. 66–77.
910:. It was a sardonic response to
52:) is the near-minimum amount of
2476:
1987:
1966:
1939:
1930:
1913:
1698:. Peer-To-Peer Communications.
1652:
1631:Wong, William (27 April 2007).
1600:
1579:
1338:
1317:
1299:"CMU CS Project Mach Home Page"
1291:
344:, file systems, graphics, etc.
268:
137:RC 4000 Multiprogramming System
3722:Supercomputer operating system
2331:-the basic reliable reference.
1472:Improving IPC by kernel design
1145:
1050:
1021:
716:and military systems. In fact
620:
291:Berkeley Software Distribution
13:
1:
1692:Lions, John (1 August 1977).
1587:"Synchronous Message Passing"
1014:
879:
764:third-generation microkernels
159:between user-space programs.
3697:Just enough operating system
3682:Distributed operating system
1585:
1305:. Carnegie Mellon University
699:principle of least privilege
630:(changes of the processor's
555:and the hypervisor of IBM's
7:
3810:User space and kernel space
2818:Multi-Environment Real-Time
2397:Portland Pattern Repository
2360:– the basic Mach reference.
2092:Faculty of Computer Science
1374:"Towards Real Microkernels"
1152:Brinch Hansen, Per (1970).
1100:Brinch Hansen, Per (2004).
1009:Multi-Environment Real-Time
955:
797:
692:
541:Inter-process communication
329:Inter-process communication
324:Inter-process communication
70:inter-process communication
10:
4139:
3717:Real-time operating system
2369:"Small Kernels Hit It Big"
2271:– the basic QNX reference.
934:hardware abstraction layer
892:historically referred to:
722:Evaluation Assurance Level
444:
402:with those of microkernel
117:
4052:
3989:
3935:
3913:Multilevel feedback queue
3908:Fixed-priority preemptive
3896:
3831:
3822:
3792:
3739:
3730:
3692:Hobbyist operating system
3687:Embedded operating system
3669:
3623:
3530:
3452:
3419:
3270:
3239:
3189:
3163:
3099:
3058:
3018:
2933:
2880:
2753:
2743:
2732:
2585:
2558:
2530:
2492:
2483:
2403:Tanenbaum–Torvalds debate
1899:10.1007/s11390-005-0654-4
1736:10.1109/HOTOS.1997.595177
1378:Communications of the ACM
1269:Sassenrath, Carl (1986).
1211:Communications of the ACM
1161:Communications of the ACM
994:Tanenbaum–Torvalds debate
962:Kernel (operating system)
85:supervisor or kernel mode
3956:General protection fault
3707:Network operating system
3661:User features comparison
2427:Debunking Linus's Latest
509:Michigan Terminal System
299:TCP/IP networking system
3702:Mobile operating system
2127:10.1145/1755913.1755935
1960:10.1145/3265723.3265733
1670:10.1145/1478873.1478951
1572:10.1145/2517349.2522720
1434:10.1145/1113361.1113363
1081:. IEEE Computer Society
342:network protocol stacks
3805:Loadable kernel module
3574:Category: Microkernels
999:Trusted computing base
977:Loadable kernel module
736:
703:trusted computing base
569:
396:cycles per instruction
132:Zakłady Azotowe Puławy
48:(often abbreviated as
37:
3873:Process control block
3839:Computer multitasking
3677:Disk operating system
1821:10.1145/268998.266660
1547:10.1145/224056.224075
1515:10.1145/168619.168629
1391:10.1145/234215.234473
1256:10.1145/800216.806593
1224:10.1145/355616.364017
1183:10.1145/362258.362278
844:L4 microkernel family
726:
565:
536:scheduler activations
398:(MCPI) of monolithic
377:remote procedure call
368:direct process switch
35:
4044:Virtual tape library
3636:Forensic engineering
3553:Open-source software
3060:Java virtual machine
2249:. pp. 113–126.
1921:Tanenbaum, Andrew S.
561:minimality principle
494:direct memory access
222:and continuing with
4053:Supporting concepts
4039:Virtual file system
3512:Andrew S. Tanenbaum
2293:10.1109/MC.2006.156
2004:on 29 November 2011
1079:"Per Brinch Hansen"
759:, a version of L4.
492:frequently perform
152:local area networks
3976:Segmentation fault
3824:Process management
2432:Tanenbaum, A. S. "
2412:Tanenbaum, A. S. "
1770:van Schaik, Carl;
1620:on 24 August 2005.
1448:on 13 January 2014
1330:. 14 minutes in.
952:clock resolution.
413:server running in
364:order of magnitude
108:monolithic kernels
38:
4110:
4109:
3966:Memory protection
3937:Memory management
3931:
3930:
3923:Shortest job next
3818:
3817:
3617:Operating systems
3583:
3582:
3497:James G. Mitchell
3482:Per Brinch Hansen
3301:
3300:
3136:
3135:
2929:
2928:
2625:
2624:
2542:Mac OS nanokernel
1705:978-1-57398-013-5
1638:Electronic Design
1470:(December 1993).
1428:(1). ACM: 95–99.
982:Monolithic kernel
676:real-time systems
600:and the original
467:monolithic kernel
434:denial-of-service
124:Per Brinch Hansen
16:(Redirected from
4130:
4065:Computer network
3829:
3828:
3737:
3736:
3610:
3603:
3596:
3587:
3586:
3571:
3570:
3561:
3560:
3107:
3106:
2935:Capability-based
2751:
2750:
2741:
2740:
2490:
2489:
2466:
2459:
2452:
2443:
2442:
2393:MicroKernel page
2388:
2386:
2384:
2375:. Archived from
2359:
2353:
2345:
2330:
2324:
2316:
2314:
2312:
2303:. Archived from
2270:
2258:
2222:
2221:
2219:
2217:
2212:
2208:"The Nanokernel"
2203:
2197:
2196:
2168:
2162:
2161:
2159:
2137:
2131:
2130:
2114:
2108:
2107:
2105:
2103:
2084:
2075:
2074:
2072:
2070:
2065:on 24 April 2010
2061:. Archived from
2044:
2038:
2037:
2035:
2023:
2014:
2013:
2011:
2009:
1991:
1985:
1984:
1983:on 3 March 2016.
1970:
1964:
1963:
1943:
1937:
1934:
1928:
1927:
1917:
1911:
1910:
1878:
1872:
1871:
1869:
1849:
1843:
1842:
1800:
1794:
1793:
1791:
1789:
1784:on 26 April 2007
1774:(January 2007).
1767:
1761:
1760:
1746:
1740:
1739:
1716:
1710:
1709:
1689:
1683:
1682:
1672:
1656:
1650:
1649:
1647:
1645:
1628:
1622:
1621:
1619:
1613:. Archived from
1612:
1604:
1598:
1597:
1595:
1593:
1583:
1577:
1576:
1574:
1558:
1552:
1551:
1549:
1530:
1519:
1518:
1504:
1495:
1486:
1485:
1483:
1464:
1458:
1457:
1455:
1453:
1444:. Archived from
1410:
1404:
1403:
1393:
1369:
1358:
1357:
1355:
1353:
1342:
1336:
1335:
1321:
1315:
1314:
1312:
1310:
1295:
1289:
1288:
1282:
1274:
1266:
1260:
1259:
1243:
1237:
1236:
1226:
1201:
1195:
1194:
1176:
1158:
1149:
1143:
1142:
1140:
1138:
1132:
1121:
1115:
1114:
1112:
1110:
1097:
1091:
1090:
1088:
1086:
1075:
1069:
1068:
1066:
1064:
1054:
1048:
1047:
1045:
1043:
1034:
1025:
750:Third generation
734:
406:combined with a
259:virtual machines
218:, starting with
68:management, and
58:operating system
42:computer science
21:
4138:
4137:
4133:
4132:
4131:
4129:
4128:
4127:
4113:
4112:
4111:
4106:
4048:
4009:Defragmentation
3994:
3985:
3971:Protection ring
3940:
3927:
3899:
3892:
3814:
3788:
3726:
3665:
3619:
3614:
3584:
3579:
3556:
3526:
3467:Thomas Bushnell
3448:
3415:
3297:
3266:
3235:
3185:
3159:
3132:
3095:
3054:
3014:
2925:
2876:
2735:
2728:
2621:
2581:
2554:
2526:
2479:
2470:
2382:
2380:
2379:on 7 March 2006
2347:
2346:
2318:
2317:
2310:
2308:
2307:on 21 June 2017
2267:
2256:10.1.1.459.4481
2231:
2229:Further reading
2226:
2225:
2215:
2213:
2210:
2204:
2200:
2185:10.1145/2560537
2179:(1): 2:1–2:70.
2169:
2165:
2157:10.1.1.629.9845
2138:
2134:
2115:
2111:
2101:
2099:
2098:on 6 April 2012
2086:
2085:
2078:
2068:
2066:
2059:10.1145/1435458
2045:
2041:
2033:
2024:
2017:
2007:
2005:
1992:
1988:
1971:
1967:
1944:
1940:
1935:
1931:
1918:
1914:
1879:
1875:
1854:Liedtke, Jochen
1850:
1846:
1831:
1805:Liedtke, Jochen
1801:
1797:
1787:
1785:
1768:
1764:
1747:
1743:
1720:Liedtke, Jochen
1717:
1713:
1706:
1690:
1686:
1657:
1653:
1643:
1641:
1629:
1625:
1617:
1610:
1606:
1605:
1601:
1591:
1589:
1584:
1580:
1559:
1555:
1534:Liedtke, Jochen
1531:
1522:
1502:
1496:
1489:
1468:Liedtke, Jochen
1465:
1461:
1451:
1449:
1411:
1407:
1370:
1361:
1351:
1349:
1344:
1343:
1339:
1322:
1318:
1308:
1306:
1297:
1296:
1292:
1276:
1275:
1267:
1263:
1244:
1240:
1202:
1198:
1174:10.1.1.105.4204
1156:
1150:
1146:
1136:
1134:
1130:
1122:
1118:
1108:
1106:
1098:
1094:
1084:
1082:
1077:
1076:
1072:
1062:
1060:
1056:
1055:
1051:
1041:
1039:
1032:
1026:
1022:
1017:
958:
882:
800:
790:and Fiasco.OC.
776:formal analysis
752:
735:
732:
718:common criteria
695:
623:
594:L4 microkernels
517:
487:
459:display servers
447:
381:lazy scheduling
326:
318:buffer overflow
271:
120:
93:protocol stacks
28:
23:
22:
15:
12:
11:
5:
4136:
4126:
4125:
4108:
4107:
4105:
4104:
4099:
4098:
4097:
4095:User interface
4092:
4082:
4077:
4072:
4067:
4062:
4056:
4054:
4050:
4049:
4047:
4046:
4041:
4036:
4031:
4026:
4021:
4019:File attribute
4016:
4011:
4006:
4000:
3998:
3987:
3986:
3984:
3983:
3981:Virtual memory
3978:
3973:
3968:
3963:
3958:
3953:
3947:
3945:
3933:
3932:
3929:
3928:
3926:
3925:
3920:
3915:
3910:
3904:
3902:
3894:
3893:
3891:
3890:
3885:
3880:
3875:
3870:
3865:
3860:
3855:
3853:Context switch
3850:
3835:
3833:
3826:
3820:
3819:
3816:
3815:
3813:
3812:
3807:
3802:
3796:
3794:
3790:
3789:
3787:
3786:
3781:
3776:
3771:
3766:
3761:
3756:
3751:
3745:
3743:
3734:
3728:
3727:
3725:
3724:
3719:
3714:
3709:
3704:
3699:
3694:
3689:
3684:
3679:
3673:
3671:
3667:
3666:
3664:
3663:
3658:
3653:
3648:
3643:
3638:
3633:
3627:
3625:
3621:
3620:
3613:
3612:
3605:
3598:
3590:
3581:
3580:
3578:
3577:
3548:
3540:
3538:= discontinued
3531:
3528:
3527:
3525:
3524:
3519:
3514:
3509:
3507:Richard Rashid
3504:
3499:
3494:
3492:Jochen Liedtke
3489:
3484:
3479:
3474:
3472:David Cheriton
3469:
3464:
3458:
3456:
3450:
3449:
3447:
3441:
3435:
3429:
3427:
3417:
3416:
3414:
3413:
3407:
3401:
3382:
3374:
3368:
3361:
3355:
3349:
3343:
3337:
3331:
3325:
3319:
3311:
3302:
3299:
3298:
3296:
3295:
3276:
3274:
3268:
3267:
3265:
3264:
3257:
3251:
3245:
3243:
3237:
3236:
3234:
3233:
3228:
3227:
3226:
3223:Icaros Desktop
3220:
3214:
3202:
3196:
3194:
3187:
3186:
3184:
3169:
3167:
3161:
3160:
3158:
3157:
3149:Classic Mac OS
3145:
3137:
3134:
3133:
3131:
3130:
3123:
3115:
3113:
3104:
3097:
3096:
3094:
3093:
3085:
3064:
3062:
3056:
3055:
3053:
3052:
3046:
3038:
3032:
3025:
3023:
3016:
3015:
3013:
3012:
2994:HarmonyOS NEXT
2990:
2983:
2976:
2970:
2963:
2939:
2937:
2931:
2930:
2927:
2926:
2924:
2923:
2917:
2911:
2905:
2899:
2893:
2884:
2882:
2878:
2877:
2875:
2868:
2861:
2856:
2849:
2843:
2837:
2830:
2814:
2806:
2805:
2804:
2798:
2786:
2779:
2772:
2766:
2759:
2757:
2748:
2738:
2730:
2729:
2727:
2726:
2719:
2716:TI-RTOS kernel
2713:
2707:
2700:
2693:
2692:Off++ → Plan B
2690:
2683:
2677:
2670:
2669:
2668:
2654:
2651:
2643:
2635:
2626:
2623:
2622:
2620:
2619:
2612:
2607:
2606:
2605:
2592:
2590:
2583:
2582:
2580:
2579:
2564:
2562:
2556:
2555:
2553:
2552:
2545:
2537:
2535:
2528:
2527:
2525:
2524:
2518:
2499:
2497:
2487:
2481:
2480:
2469:
2468:
2461:
2454:
2446:
2440:
2439:
2438:
2437:
2430:
2423:
2417:
2410:
2399:
2390:
2363:
2362:
2361:
2332:
2272:
2265:
2241:), including:
2230:
2227:
2224:
2223:
2198:
2163:
2132:
2109:
2076:
2039:
2015:
1986:
1965:
1938:
1929:
1912:
1893:(5): 654–664.
1883:Heiser, Gernot
1873:
1867:10.1.1.25.8376
1844:
1829:
1795:
1772:Heiser, Gernot
1762:
1753:(April 2005).
1751:Heiser, Gernot
1741:
1724:Heiser, Gernot
1711:
1704:
1684:
1651:
1623:
1599:
1578:
1553:
1520:
1487:
1481:10.1.1.40.1293
1459:
1414:Heiser, Gernot
1405:
1359:
1337:
1316:
1303:www.cs.cmu.edu
1290:
1261:
1238:
1217:(6): 337–345.
1196:
1167:(4): 238–250.
1144:
1116:
1092:
1070:
1049:
1019:
1018:
1016:
1013:
1012:
1011:
1006:
1001:
996:
991:
986:
985:
984:
979:
974:
969:
957:
954:
946:
945:
930:
923:
881:
878:
877:
876:
871:
866:
861:
856:
851:
846:
840:
835:
830:
827:HarmonyOS NEXT
820:
815:
809:
799:
796:
772:virtualization
751:
748:
730:
694:
691:
664:L4 microkernel
656:Jochen Liedtke
640:context switch
622:
619:
590:device drivers
545:
544:
538:
528:
525:address spaces
516:
513:
490:Device drivers
486:
485:Device drivers
483:
446:
443:
372:context switch
360:L4 microkernel
356:Jochen Liedtke
325:
322:
280:device drivers
270:
267:
263:L4 microkernel
168:Richard Rashid
128:Regnecentralen
119:
116:
89:device drivers
26:
9:
6:
4:
3:
2:
4135:
4124:
4121:
4120:
4118:
4103:
4100:
4096:
4093:
4091:
4088:
4087:
4086:
4083:
4081:
4078:
4076:
4073:
4071:
4068:
4066:
4063:
4061:
4058:
4057:
4055:
4051:
4045:
4042:
4040:
4037:
4035:
4032:
4030:
4027:
4025:
4022:
4020:
4017:
4015:
4012:
4010:
4007:
4005:
4002:
4001:
3999:
3997:
3992:
3988:
3982:
3979:
3977:
3974:
3972:
3969:
3967:
3964:
3962:
3961:Memory paging
3959:
3957:
3954:
3952:
3949:
3948:
3946:
3943:
3938:
3934:
3924:
3921:
3919:
3916:
3914:
3911:
3909:
3906:
3905:
3903:
3901:
3895:
3889:
3886:
3884:
3881:
3879:
3876:
3874:
3871:
3869:
3866:
3864:
3861:
3859:
3856:
3854:
3851:
3848:
3844:
3840:
3837:
3836:
3834:
3830:
3827:
3825:
3821:
3811:
3808:
3806:
3803:
3801:
3800:Device driver
3798:
3797:
3795:
3791:
3785:
3782:
3780:
3777:
3775:
3772:
3770:
3767:
3765:
3762:
3760:
3757:
3755:
3752:
3750:
3747:
3746:
3744:
3742:
3741:Architectures
3738:
3735:
3733:
3729:
3723:
3720:
3718:
3715:
3713:
3710:
3708:
3705:
3703:
3700:
3698:
3695:
3693:
3690:
3688:
3685:
3683:
3680:
3678:
3675:
3674:
3672:
3668:
3662:
3659:
3657:
3654:
3652:
3649:
3647:
3644:
3642:
3639:
3637:
3634:
3632:
3629:
3628:
3626:
3622:
3618:
3611:
3606:
3604:
3599:
3597:
3592:
3591:
3588:
3576:
3575:
3566:
3565:
3555:
3554:
3549:
3547:
3546:
3541:
3539:
3536:
3533:
3532:
3529:
3523:
3520:
3518:
3517:Avie Tevanian
3515:
3513:
3510:
3508:
3505:
3503:
3500:
3498:
3495:
3493:
3490:
3488:
3487:Gernot Heiser
3485:
3483:
3480:
3478:
3475:
3473:
3470:
3468:
3465:
3463:
3460:
3459:
3457:
3455:
3451:
3445:
3442:
3439:
3436:
3433:
3430:
3428:
3426:
3422:
3418:
3411:
3408:
3405:
3402:
3400:
3399:
3394:
3393:
3388:
3387:
3383:
3380:
3379:
3375:
3372:
3369:
3367:
3366:
3362:
3359:
3356:
3353:
3350:
3347:
3344:
3341:
3338:
3335:
3332:
3329:
3326:
3323:
3320:
3317:
3316:
3312:
3309:
3308:
3304:
3303:
3294:
3293:
3288:
3286:
3281:
3278:
3277:
3275:
3273:
3269:
3263:
3262:
3258:
3255:
3252:
3250:
3247:
3246:
3244:
3242:
3238:
3232:
3229:
3224:
3221:
3218:
3215:
3212:
3209:
3208:
3206:
3203:
3201:
3198:
3197:
3195:
3192:
3188:
3182:
3180:
3175:
3174:
3170:
3168:
3166:
3162:
3155:
3151:
3150:
3146:
3144:
3143:
3139:
3138:
3129:
3128:
3124:
3122:
3121:
3117:
3116:
3114:
3112:
3108:
3105:
3102:
3098:
3091:
3090:
3086:
3083:
3082:
3078:^ integrates
3077:
3076:
3071:
3070:
3066:
3065:
3063:
3061:
3057:
3050:
3047:
3044:
3043:
3039:
3036:
3033:
3030:
3027:
3026:
3024:
3021:
3017:
3011:
3010:
3005:
3003:
2999:
2995:
2991:
2989:
2988:
2984:
2982:
2981:
2977:
2974:
2971:
2969:
2968:
2964:
2962:
2958:
2957:
2952:
2951:
2946:
2945:
2941:
2940:
2938:
2936:
2932:
2921:
2918:
2915:
2912:
2909:
2906:
2903:
2900:
2897:
2894:
2892:
2890:
2886:
2885:
2883:
2879:
2874:
2873:
2869:
2867:
2866:
2862:
2860:
2857:
2855:
2854:
2850:
2847:
2844:
2841:
2838:
2836:
2835:
2831:
2828:
2824:
2820:
2819:
2815:
2812:
2811:
2807:
2802:
2799:
2796:
2793:
2792:
2790:
2787:
2785:
2784:
2780:
2778:
2777:
2773:
2770:
2767:
2765:
2764:
2760:
2758:
2756:
2752:
2749:
2746:
2742:
2739:
2737:
2731:
2725:
2724:
2720:
2717:
2714:
2711:
2708:
2706:
2705:
2701:
2699:
2698:
2694:
2691:
2689:
2688:
2684:
2681:
2678:
2676:
2675:
2671:
2666:
2663:
2662:
2660:
2659:
2655:
2653:Little Kernel
2652:
2649:
2648:
2644:
2641:
2640:
2636:
2633:
2632:
2628:
2627:
2618:
2617:
2613:
2611:
2608:
2604:
2601:
2600:
2599:
2598:
2594:
2593:
2591:
2588:
2584:
2577:
2576:
2571:
2570:
2566:
2565:
2563:
2561:
2557:
2551:
2550:
2546:
2544:
2543:
2539:
2538:
2536:
2533:
2529:
2522:
2519:
2516:
2512:
2511:
2506:
2505:
2501:
2500:
2498:
2495:
2491:
2488:
2486:
2482:
2478:
2474:
2467:
2462:
2460:
2455:
2453:
2448:
2447:
2444:
2435:
2431:
2428:
2425:Shapiro, J. "
2424:
2422:
2419:Torvalds, L.
2418:
2415:
2411:
2409:
2406:
2405:
2404:
2400:
2398:
2394:
2391:
2378:
2374:
2370:
2364:
2357:
2351:
2343:
2339:
2333:
2328:
2322:
2306:
2302:
2298:
2294:
2290:
2286:
2282:
2278:
2273:
2268:
2266:1-880446-42-1
2262:
2257:
2252:
2248:
2243:
2242:
2240:
2236:
2233:
2232:
2209:
2202:
2194:
2190:
2186:
2182:
2178:
2174:
2167:
2158:
2153:
2149:
2145:
2144:
2136:
2128:
2124:
2120:
2113:
2097:
2093:
2089:
2083:
2081:
2064:
2060:
2056:
2052:
2051:
2043:
2032:
2031:
2022:
2020:
2003:
1999:
1998:
1990:
1982:
1978:
1977:
1969:
1961:
1957:
1953:
1949:
1942:
1933:
1925:
1922:
1916:
1908:
1904:
1900:
1896:
1892:
1888:
1884:
1877:
1868:
1863:
1859:
1855:
1848:
1840:
1836:
1832:
1830:0-89791-916-5
1826:
1822:
1818:
1814:
1810:
1806:
1799:
1783:
1779:
1778:
1773:
1766:
1758:
1757:
1752:
1745:
1737:
1733:
1729:
1725:
1721:
1715:
1707:
1701:
1697:
1696:
1688:
1680:
1676:
1671:
1666:
1662:
1655:
1640:
1639:
1634:
1627:
1616:
1609:
1603:
1588:
1582:
1573:
1568:
1564:
1557:
1548:
1543:
1539:
1535:
1529:
1527:
1525:
1516:
1512:
1508:
1501:
1494:
1492:
1482:
1477:
1473:
1469:
1463:
1447:
1443:
1439:
1435:
1431:
1427:
1423:
1419:
1415:
1409:
1401:
1397:
1392:
1387:
1383:
1379:
1375:
1368:
1366:
1364:
1347:
1341:
1333:
1329:
1328:
1320:
1304:
1300:
1294:
1286:
1280:
1272:
1265:
1257:
1253:
1249:
1242:
1234:
1230:
1225:
1220:
1216:
1212:
1208:
1200:
1192:
1188:
1184:
1180:
1175:
1170:
1166:
1162:
1155:
1148:
1129:
1128:
1120:
1105:
1104:
1096:
1080:
1074:
1059:
1053:
1038:
1031:
1024:
1020:
1010:
1007:
1005:
1002:
1000:
997:
995:
992:
990:
989:Microservices
987:
983:
980:
978:
975:
973:
972:Hybrid kernel
970:
968:
965:
964:
963:
960:
959:
953:
951:
943:
939:
935:
931:
928:
924:
921:
917:
913:
909:
908:
903:
899:
895:
894:
893:
891:
887:
875:
872:
870:
867:
865:
862:
860:
857:
855:
852:
850:
847:
845:
841:
839:
836:
834:
831:
828:
824:
821:
819:
816:
814:
810:
808:
805:
804:
803:
795:
791:
789:
785:
781:
777:
773:
769:
765:
760:
758:
747:
745:
741:
729:
725:
723:
719:
715:
711:
706:
704:
700:
690:
686:
684:
680:
677:
672:
668:
665:
661:
657:
653:
649:
644:
641:
637:
633:
629:
628:mode switches
618:
615:
610:
607:
603:
599:
595:
591:
587:
582:
579:
577:
572:
568:
564:
562:
558:
554:
550:
549:Brinch Hansen
542:
539:
537:
533:
529:
526:
522:
521:
520:
512:
510:
505:
503:
497:
495:
491:
482:
479:
475:
470:
468:
464:
460:
455:
452:
442:
439:
435:
430:
428:
422:
420:
416:
412:
409:
405:
401:
397:
392:
390:
386:
382:
378:
373:
369:
365:
361:
357:
352:
350:
345:
343:
338:
337:Shared memory
334:
330:
321:
319:
315:
311:
306:
304:
300:
296:
292:
287:
285:
281:
277:
266:
264:
260:
256:
252:
247:
245:
244:assembly code
239:
237:
233:
229:
225:
221:
217:
213:
209:
205:
201:
197:
193:
189:
185:
184:hybrid kernel
181:
177:
171:
169:
165:
160:
157:
153:
148:
146:
140:
138:
133:
129:
125:
115:
113:
109:
104:
102:
98:
94:
90:
86:
82:
78:
73:
71:
67:
63:
62:address space
59:
55:
51:
47:
43:
34:
30:
19:
4123:Microkernels
3996:file systems
3888:Time-sharing
3758:
3572:
3562:
3550:
3542:
3537:
3534:
3522:William Wulf
3396:
3390:
3384:
3376:
3363:
3313:
3305:
3292:Workplace OS
3290:
3283:
3279:
3272:AIM alliance
3259:
3177:
3171:
3147:
3140:
3125:
3118:
3087:
3079:
3073:
3067:
3040:
3007:
2992:
2985:
2978:
2965:
2954:
2948:
2942:
2902:Nucleus RTOS
2887:
2870:
2863:
2851:
2832:
2826:
2822:
2816:
2808:
2781:
2774:
2761:
2721:
2702:
2695:
2685:
2672:
2656:
2645:
2637:
2629:
2614:
2595:
2573:
2567:
2547:
2540:
2508:
2502:
2473:Microkernels
2472:
2383:20 September
2381:. Retrieved
2377:the original
2372:
2350:cite journal
2341:
2337:
2321:cite journal
2309:. Retrieved
2305:the original
2287:(5): 44–51.
2284:
2280:
2246:
2214:. Retrieved
2201:
2176:
2172:
2166:
2142:
2135:
2118:
2112:
2100:. Retrieved
2096:the original
2091:
2067:. Retrieved
2063:the original
2049:
2042:
2029:
2006:. Retrieved
2002:the original
1996:
1989:
1981:the original
1975:
1968:
1951:
1941:
1932:
1915:
1890:
1886:
1876:
1857:
1847:
1812:
1798:
1786:. Retrieved
1782:the original
1776:
1765:
1755:
1744:
1727:
1714:
1694:
1687:
1660:
1654:
1642:. Retrieved
1636:
1626:
1615:the original
1602:
1590:. Retrieved
1581:
1562:
1556:
1537:
1506:
1471:
1462:
1450:. Retrieved
1446:the original
1425:
1421:
1408:
1384:(9): 70–77.
1381:
1377:
1350:. Retrieved
1340:
1326:
1319:
1307:. Retrieved
1302:
1293:
1270:
1264:
1247:
1241:
1214:
1210:
1199:
1164:
1160:
1147:
1137:13 September
1135:. Retrieved
1126:
1119:
1109:13 September
1107:. Retrieved
1102:
1095:
1085:13 September
1083:. Retrieved
1073:
1061:. Retrieved
1052:
1040:. Retrieved
1036:
1023:
947:
919:
915:
906:
901:
897:
889:
885:
883:
801:
792:
768:capabilities
763:
761:
753:
737:
727:
707:
696:
687:
673:
669:
645:
627:
624:
611:
583:
580:
573:
570:
566:
560:
546:
518:
506:
498:
488:
471:
456:
448:
431:
423:
419:cache-misses
393:
380:
367:
353:
346:
327:
307:
288:
272:
269:Introduction
248:
240:
172:
161:
149:
145:mono-kernels
141:
121:
112:MINIX 3
105:
97:file systems
74:
64:management,
49:
45:
39:
29:
18:Microkernels
4014:Device file
4004:Boot loader
3918:Round-robin
3843:Cooperative
3779:Rump kernel
3769:Multikernel
3759:Microkernel
3656:Usage share
3462:Gordon Bell
3352:OpenComRTOS
3249:Singularity
3075:Chorus/Jazz
2998:OpenHarmony
2477:nanokernels
2150:, Germany.
1592:3 September
1324:Jim Magee.
1063:20 December
1058:"read-more"
811:BlackBerry
621:Performance
606:file system
314:kernel mode
303:source code
284:file system
255:hypervisors
196:Mach kernel
166:created by
46:microkernel
3944:protection
3900:algorithms
3898:Scheduling
3847:Preemptive
3793:Components
3764:Monolithic
3631:Comparison
3454:Developers
3421:Frameworks
3358:Phantom OS
3322:ChibiOS/RT
2680:µ-velOSity
2674:MicroEmpix
2102:5 November
2008:10 October
1452:13 January
1037:minix3.org
1015:References
950:nanosecond
927:hypervisor
920:picokernel
916:nanokernel
902:nanokernel
898:picokernel
890:picokernel
886:nanokernel
880:Nanokernel
874:Phantom OS
584:Start up (
415:user space
310:user space
251:exokernels
232:Arch Linux
224:Windows 11
216:Windows NT
101:user space
4034:Partition
3951:Bus error
3878:Real-time
3858:Interrupt
3784:Unikernel
3749:Exokernel
3545:Real-time
3502:Ike Nassi
3477:Dan Dodge
3241:Microsoft
3111:Unix-like
3101:Macintosh
3009:HarmonyOS
2896:Integrity
2795:Minix-vmd
2755:Unix-like
2734:Operating
2532:Macintosh
2395:from the
2251:CiteSeerX
2239:CiteSeerX
2216:28 August
2152:CiteSeerX
2148:Nuremberg
2069:17 August
1862:CiteSeerX
1476:CiteSeerX
1279:cite book
1169:CiteSeerX
1004:Unikernel
967:Exokernel
938:real-time
884:The term
823:HarmonyOS
807:Amoeba OS
683:Integrity
293:(BSD) of
81:CPU modes
4117:Category
4080:Live USB
3942:resource
3832:Concepts
3670:Variants
3651:Timeline
3328:FreeRTOS
3285:Taligent
3217:Broadway
3211:AspireOS
3081:ChorusOS
3002:Oniro OS
2889:ChorusOS
2769:GNU Hurd
2723:Vanguard
2665:GNU Mach
2549:NuKernel
2281:Computer
1679:14614148
1352:26 April
1332:Archived
1309:8 August
956:See also
798:Examples
786:, Nova,
742:for the
731:—
693:Security
652:ChorusOS
636:CPU mode
438:timeouts
333:messages
228:GNU Hurd
54:software
50:μ-kernel
4075:Live CD
4029:Journal
3993:access,
3991:Storage
3868:Process
3774:vkernel
3641:History
3624:General
3535:Italics
3444:TI-RTOS
3392:Harmony
3371:SharpOS
3365:RC 4000
3334:HelenOS
3254:ThreadX
3231:MorphOS
3200:AmigaOS
3179:Symbian
3156:kernel)
3154:PowerPC
3142:Copland
3127:MacMach
3120:MachTen
2881:Partial
2827:Unix-RT
2810:MkLinux
2801:Minix 3
2747:support
2736:systems
2710:RTLinux
2704:PowerUP
2687:nucleus
2485:Kernels
2311:3 April
2193:4474342
1907:1121537
1839:1706253
1788:1 April
1442:7414062
1400:2867357
1348:. Apple
1273:. Exec.
1233:8011765
1191:9414037
1042:22 June
838:Horizon
833:HelenOS
780:Coyotos
586:booting
553:Nucleus
532:threads
445:Servers
389:MINIX 3
212:watchOS
186:called
118:History
72:(IPC).
3883:Thread
3754:Hybrid
3732:Kernel
3438:Genode
3432:Cosmos
3410:Zephyr
3315:BeRTOS
3307:Amoeba
3103:hosted
3069:JavaOS
3049:Wombat
3042:REX OS
3035:PikeOS
3029:LLinux
3022:kernel
2980:Midori
2961:CapROS
2950:KeyKOS
2944:GNOSIS
2865:UNICOS
2853:Spring
2834:OS2000
2783:MeikOS
2616:WarpOS
2603:ExecSG
2534:hosted
2496:family
2299:
2263:
2253:
2191:
2154:
1905:
1864:
1837:
1827:
1702:
1677:
1644:8 June
1478:
1440:
1398:
1231:
1189:
1171:
869:Zircon
859:Midori
818:Genode
710:KeyKOS
598:LynxOS
502:IOMMUs
478:TCP/IP
451:daemon
427:signal
408:4.3BSD
400:Ultrix
261:; the
236:Debian
220:NT 3.1
210:, and
110:. The
66:thread
4085:Shell
4024:Inode
3386:Thoth
3340:µC/OS
3261:Verve
3193:-type
3191:Amiga
3165:Psion
2987:NLTSS
2967:Hydra
2908:NuttX
2859:Tinix
2846:Redox
2789:Minix
2776:Lites
2745:POSIX
2631:ADEOS
2610:Quark
2589:-type
2587:Amiga
2560:Psion
2504:Eumel
2301:99779
2297:S2CID
2211:(PDF)
2189:S2CID
2034:(PDF)
1903:S2CID
1835:S2CID
1675:S2CID
1618:(PDF)
1611:(PDF)
1503:(PDF)
1438:S2CID
1396:S2CID
1229:S2CID
1187:S2CID
1157:(PDF)
1131:(PDF)
1033:(PDF)
942:Adeos
864:Redox
854:Minix
788:Redox
744:Linux
660:cache
602:Minix
349:polls
200:OSFMK
192:OSF/1
180:macOS
77:rings
3646:List
3551:° =
3543:^ =
3425:kits
3404:VRTX
3395:^ →
3389:^ →
3378:SPIN
3280:Pink
3205:AROS
3173:EPOC
2973:seL4
2956:EROS
2920:RIOT
2872:VSTa
2823:MERT
2697:Opus
2658:Mach
2639:EROS
2597:Exec
2575:EKA2
2569:EKA1
2521:OKL4
2401:The
2385:2017
2373:Byte
2356:link
2344:(4).
2327:link
2313:2020
2261:ISBN
2237:(on
2218:2017
2104:2011
2071:2009
2010:2007
1825:ISBN
1790:2007
1700:ISBN
1646:2009
1594:2024
1454:2014
1354:2011
1311:2024
1285:link
1139:2016
1111:2016
1087:2016
1065:2016
1044:2015
918:and
912:Mach
849:Mach
842:The
784:seL4
757:seL4
740:CVEs
714:EROS
681:and
650:and
648:Mach
632:ring
411:Unix
404:Mach
387:and
295:Unix
289:The
282:and
276:Unix
234:and
208:tvOS
176:Mach
164:Mach
156:Exec
95:and
44:, a
4102:PXE
4090:CLI
4070:HAL
4060:API
3863:IPC
3346:MQX
2914:OSE
2840:QNX
2821:^ (
2763:ARX
2647:K42
2289:doi
2181:doi
2123:doi
2055:doi
1956:doi
1895:doi
1817:doi
1732:doi
1665:doi
1567:doi
1542:doi
1511:doi
1430:doi
1386:doi
1252:doi
1219:doi
1179:doi
888:or
813:QNX
679:QNX
634:or
614:IPC
551:'s
534:or
463:QNX
385:QNX
204:iOS
194:'s
188:XNU
79:or
40:In
4119::
3845:,
3446:^°
3423:,
3412:^°
3360:^°
3342:^°
3330:^°
3324:^°
3318:^°
3289:→
3287:OS
3282:→
3207:°
3183:^°
3181:OS
3176:→
3089:JX
3084:^)
3051:^°
3031:^°
3020:L4
3006:→
3000:,
2975:^°
2959:→
2953:→
2947:→
2922:^°
2910:^°
2825:–
2791:°
2718:^°
2661:°
2642:^°
2578:^°
2572:→
2515:L4
2513:→
2510:L3
2507:→
2494:L4
2436:".
2429:".
2416:".
2371:.
2352:}}
2348:{{
2342:14
2340:.
2323:}}
2319:{{
2295:.
2285:39
2283:.
2279:.
2259:.
2187:.
2177:32
2175:.
2090:.
2079:^
2018:^
1950:.
1901:.
1891:20
1889:.
1833:.
1823:.
1811:.
1673:.
1635:.
1523:^
1505:.
1490:^
1436:.
1426:40
1424:.
1420:.
1394:.
1382:39
1380:.
1376:.
1362:^
1301:.
1281:}}
1277:{{
1227:.
1215:17
1213:.
1209:.
1185:.
1177:.
1165:13
1163:.
1159:.
1035:.
932:A
782:,
770:,
712:,
563::
557:VM
391:.
335:.
238:.
214:.
206:,
103:.
91:,
3939:,
3849:)
3841:(
3609:e
3602:t
3595:v
3440:°
3434:°
3406:^
3398:V
3381:°
3373:°
3354:^
3348:^
3336:°
3310:°
3256:^
3225:°
3219:°
3213:°
3152:(
3092:°
3072:(
3045:^
3037:^
3004:)
2996:(
2916:^
2904:^
2898:^
2891:^
2848:°
2842:^
2829:)
2813:°
2803:°
2797:°
2771:°
2712:°
2682:^
2667:°
2650:°
2634:°
2523:°
2517:°
2475:-
2465:e
2458:t
2451:v
2387:.
2365:*
2358:)
2329:)
2315:.
2291::
2269:.
2220:.
2195:.
2183::
2160:.
2129:.
2125::
2106:.
2073:.
2057::
2012:.
1962:.
1958::
1926:.
1909:.
1897::
1870:.
1841:.
1819::
1792:.
1738:.
1734::
1708:.
1681:.
1667::
1648:.
1596:.
1575:.
1569::
1550:.
1544::
1517:.
1513::
1484:.
1456:.
1432::
1402:.
1388::
1356:.
1313:.
1287:)
1258:.
1254::
1235:.
1221::
1203:.
1193:.
1181::
1141:.
1113:.
1089:.
1067:.
1046:.
944:.
929:.
829:)
825:(
198:(
143:"
20:)
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.
