Section 2: Microkernels

In this section, we’ll discuss kernel architecture: the question of how operating systems kernels should be designed. This has been a contentious topic for decades, often focused on the merits of the microkernel design.

The microkernel design minimizes OS code that runs with full machine privilege. As much functionality as possible is removed from the kernel and delegated to system servers that communicate by kernel-mediated message passing. Though the system servers are critical for system functionality—if your “file system server” breaks, you can’t access the file system!—they are still unprivileged in hardware terms, so system server bugs are not necessarily as foundationally dangerous as kernel bugs. (Wikipedia link)

The kernel is a mandatory part of a system’s trusted computing base (TCB)—the part of the system that can bypass security. … A microkernel, as opposed to the more traditional monolithic design of contemporary mainstream OS kernels, is reduced to just the bare minimum of code wrapping hardware mechanisms and needing to run in privileged mode. All OS services are then implemented as normal programs, running entirely in (unprivileged) user mode, and therefore can potentially be excluded from the TCB. Previous implementations of microkernels resulted in communication overheads that made them unattractive compared to monolithic kernels. Modern design and implementation techniques have managed to reduced this overhead to very competitive limits.
“seL4: Formal Verification of an Operating-System Kernel”

We’ve chosen some readings from this debate, including an early paper that introduced the microkernel idea (under the name “nucleus”) and a famous debate between the author of Linux and the academic who designed Minix, its predecessor.

Preparation

We are faced with two resolutions:

Resolved: Microkernel architecture is better than monolithic kernel architecture because it is safer and more reliable.

vs.

Resolved: Monolithic kernel architecture is better than microkernel architecture because it is has won and has software engineering benefits.

Read:

Expected reading time: two hours or less.

By one hour before section, post a followup to the Piazza announcement of section with the resolution you support more (of the two), and a brief description why.

Further reading

If you’d like to read further, here’s some pointers.