Linked by Thom Holwerda on Wed 22nd Jan 2014 13:47 UTC, submitted by fran
OSNews, Generic OSes

The Muen Separation Kernel is the world's first Open Source microkernel that has been formally proven to contain no runtime errors at the source code level. It is developed in Switzerland by the Institute for Internet Technologies and Applications (ITA) at the University of Applied Sciences Rapperswil (HSR). Muen was designed specifically to meet the challenging requirements of high-assurance systems on the Intel x86/64 platform. To ensure Muen is suitable for highly critical systems and advanced national security platforms, HSR closely cooperates with the high-security specialist secunet Security Networks AG in Germany.

The webpage contains instructions for building the kernel yourself, for installing it in a virtual machine, and for running it on real hardware.

Permalink for comment 581406
To read all comments associated with this story, please click here.
RE[6]: Comment by twitterfire
by ingraham on Thu 23rd Jan 2014 02:17 UTC in reply to "RE[5]: Comment by twitterfire"
ingraham
Member since:
2006-05-20

Because it is stupid?


I don't see how letting the user-space directly map L1 cache for IPC has anything to do with the rest of your diatribe.

...without anything going anywhere and no research to show for it.


As others have pointed out, there are numerous examples of successful microkernel OSes. Also, you've jumbled the "provably correct" issue and the micro- vs. monolithic- kernel debates.

You cannot define a system of logic that is not capable of self contradiction.


I'm reminded of that scene in Good Will Hunting:

Yeah, I read that too. Were you gonna plagiarize the whole thing for us? Do you have any thoughts of your own on this matter? Or do you, is that your thing, you come into a bar, read some obscure passage and then pretend - you pawn it off as your own, as your own idea just to impress some girls?


Side note: It's tsetse fly.

...you have two, and ONLY two camps to choose from...


Since we're bringing out our college class cheat sheets, I'll declare this to be an example of the Fallacy of the Excluded Middle. And, in fact, I can point out at least one other option. The NX bit / Data Execution Prevention is implemented both in hardware and software.



They all run one operating system, one MONOLITHIC OS KERNEL, and it is LINUX. (Those that do not, are quaint.)


That's a demonstrably false position. Consider page 42 of UBM's 2013 Embedded Market Study http://www.eetimes.com/document.asp?doc_id=1263083 (or http://e.ubmelectronics.com/2013EmbeddedStudy/index.html if you want the original, which is free but requires registration.) And that's not counting all the little embedded devices that have no actual OS.

You are right about supercomputers, of course. Still, the fact that Linux has a 95%+ share in that space doesn't mean it's completely perfect and there's no reason to every try anything else ever again. It's GOOD, yes. It's not the Answer to Life, the Universe, and Everything.

You will NEVER product a Micokernel that can straddle cost, performance and engineering as a result of #2.


Odd; I would think that a microkernel would be BETTER for point #2. Find a security flaw in a module? Fix it! On the fly without a reboot!

And no hardware manufacturer would dare risk their balance sheets betting against Goedel's theorem.


Except for Intel. And AMD. And ARM, DEC, Sun, IBM, Motorola...
http://en.wikipedia.org/wiki/NX_bit#Hardware_background

End of Discussion and stay away from MicroKernels on Von Neumann machines.


Even if I buy your premise (I don't) that Gödel's incompleteness theorem implies that there's no point to trying to formally prove correctness of software, I fail to see how that has anything to do with microkernel vs. monolithic. Your argument goes something like "Relativity proves we can't go faster than light, therefore steak is better than hamburger."

-James

Reply Parent Score: 3