Vesper is a capability-based single-address-space nanokernel, it tries to remain small and secure. To achieve this, kernel functionality is extremely limited - it provides only address space isolation and IPC, after bootup kernel does not allocate any memory itself.

Exokernel's distinctive trait is that it provides mechanisms but not policies. Vesper tries to move as many policy decisions as possible to the library OS.

• Single-address-space is a mechanism for providing pointer transparency between processes. Sharing a buffer is nearly as simple as passing out its address. Even though single-address-space is not a basic requirement and may be seen as an imposed policy decision, it does provide mechanism for efficient data passing between protection domains. This is important for modern media-rich communications.

• IPC is a mechanism providing secure interaction between processes.

• Capabilities are a mechanism providing access rights control and universal authority delegation for OS objects.

• Interrupts come from hardware, usually in privileged mode and kernel is responsible for translating them into invocations of the device drivers' handlers.

Scheduling can be viewed as the process of multiplexing the CPU resource between computational tasks. The schedulable entity of an operating system often places constraints both on the scheduling algorithms which may be employed and the functionality provided to the application. The recent gain in popularity of multi-threaded programming due to languages such as Modula-3 [Nelson 91] has led many operating system designers to provide kernel-level thread support mechanisms [Accetta 86, Rozier 90]. The kernel therefore schedules threads rather than processes. Whilst this reduces the functionality required in applications and usually results in more efficient processor context-switches, the necessary thread scheduling policy decisions must also be migrated into the kernel. As pointed out in [Barham 96], this is highly undesirable.

The desire to move such decisions out of the kernel make interesting variants where actual scheduling is performed by the user-level domain scheduler upon an upcall from the kernel. TBD

At the moment this is not a real-time kernel. It has a small number of potentially long-running kernel operations that are not preemptable (e.g., endpoint deletion and recycling, scheduling, frame and CNode initialisation). This may change in future versions.

Vesper has been influenced by the kernels in L4 family, notably seL4. Fawn and Nemesis provided inspiration for single-address-space and vertical integration of the applications.

MSRV: 1.61.0

We require cargo build --build-std feature (since 2020-07-15), compiler_builtins memory operations (since 2020-09-30) and const_fn_fn_ptr_basics feature (stable since Rust 1.61.0).

• Install tools: cargo install just cargo-make.
• Install qemu (at least version 4.1.1): brew install qemu.
• Optionally install OpenOCD with RTT patches.
• Install aarch64 gdb.

You can override invoked qemu, openocd and gdb by specifying full paths to them as env variables QEMU, OPENOCD and GDB, respectively.

You can override the name of mounted sdcard volume by specifying env variable VOLUME (it defaults to /Volumes/BOOT).

just qemu

just device

On the device boot SD card you'll need a configuration file instructing RasPi to launch in 64-bit mode.

# config.txt on RPi3
arm_64bit=1

just test

just ocd

just gdb

If you launch OpenOCD or QEMU before (for example, via just qemu-gdb), then gdb shall connect to it and allow you to load the kernel binary directly into memory. Type load in gdb to do that.

just nm

You need to have Hopper and hopperv4 cli helper installed.

just disasm

just

It will list all just commands with their short descriptions.

mainline, develop and released branches:

• feature branches are fluid development lines which may be discarded or merged into develop. Feature branches must be either merged or fast-forward merged ("landed") into develop. Squashing history during merge is not permitted - commits must be sorted and squashed as necessary before merge.
• develop is currenly developed changes. History is recommended to be immutable, however mutations are possible in some cases. Feature branches are merged into develop for stabilisation, then develop is merged into the mainline. Develop must be either merged or fast-forward merged ("landed") into mainline. Squashing history during merge is not permitted - commits must be sorted as necessary before merge. Avoid direct commits to develop. It is recommended to perform stabilisation fixes in a separate branch and then landing it into develop.
• mainline is for generally accepted changes. History is immutable, to record reversals make a revert commit with explanations why. Changes from develop are merged or landed into the mainline after stabilisation.
• released branch records points from mainline which were officially released. Mutations are not possible. Only non-fast-forward merges from mainline are acceptable. Releases are marked as annotated tags on this branch.

Based on Raspi3 tutorials by Andre Richter, which are in turn based on Raspi3 tutorials by bzt. Various references from OSDev Wiki and RaspberryPi.org manuals.

Debug with JTAG.

Individual files contain the following tag instead of the full license text.

SPDX-License-Identifier: BlueOak-1.0.0

This enables machine processing of license information based on the SPDX License Identifiers that are here available: http://spdx.org/licenses/

For more information please re-read.