This is not the discussion of reimplementing Linux kernel in a traditional microkernel architecture. The discussion is about eBPF which is already in Linux kernel that is giving microkernel capabilities. Read below

Neither was my comment. I think the scheduler and eBPF stuff is very interesting. As far as redundancy goes, that seems to be Ubuntu's entire shtick about why this is such a good idea. If userspace blah crashes, we have redundancy by using the kernel's blah long enough to get the userspace blah back up.

That redundancy by using the kernel's blah is how they plan on getting certification and it basically operates on the assumption that the Linux kernel will never crash.

Redundancy, backups, however you want to phrase it, is what is required for safety certification for vehicles, flight control systems, medical equipment, etc. The software has to be able to recover itself from a software crash. You can't yank out a pacemaker to do a factory reset. If the kernel crashes, it has to be able to recover itself so your plane doesn't crash, too.

I bet you don't know how both ( C++ and Rust ) memory models are designed! Yet you write a trollish, useless and uninformative post.

I wonder what data are you basing these hyperbolic conclusions on. One of the latest papers comparing Linux and Linux over L4 ( virtualized ) is this https://www.ingentaconnect.com/conte...pplication/pdf

It can clearly be seen that the two compare in terms of latencies and throughput. Heck the Linux Foundation is pushing seL4 as the OS for embedded real-time systems!!!

I don't know if your conclusions are based on past tries running on CPUs like Pentium I or if they are just made up.

There are millions of smartphones out there running their RTOS systems on top of which they run a virtualized Android. Are the companies making and selling them stupid?

For what it is (i.e. not a technical paper), it is actually very well written and both the conclusions and future ideas are super inspiring. Tons of nihilism in this thread for absolutely no reason at all. I hope their idea of certification in the Linux space comes to fruition and wish them great success in all applicable embedded spaces.

Another user who thinks that you can use every std feature in kernel. (no you cannot). Everything with exceptions under the hood is not usable for example. Kernel memory management is a bit different as well. When C++ improves memory safety, there is also runtime cost to a lot of C++ memory safety features. Meanwhile Rust memory safety except array going out of bounds is entirely compiler based.

Chrome or Firefox code base in C++ etc. are all the time updated codebases with fuzzers around and so on, and google technically by their hiring criteria takes very good engineers (or at least used to). Yet a ton of CVEs are allocated to those memory safety issues.

I mean, when you say C++ has memory safety by only reference counting (and since you claim ref. counting requires garbage collection, lol, you are also saying C++ has a garbage collector), it must be obvious your knowledge about this is 15 years behind. I only pointed out your claims are wrong. Is this uninformative to you? I didn't want to, but since you're crying for it, I can be more specific:

1. C++ never had garbage collection. In C++11, interfaces for them were introduced for them in case if somebody wishes to implement one outside of the standard, but garbage collection was never part of the language or the standard library. Not to mention even these interface got removed in a later version of the standard, so today not even those exist.
2. You also mentioned reference counting, and the only memory-management class that does that is shared_ptr. However, shared_ptr is not just not the only smart pointer in C++, but it is also not the preferred one. You should try to avoid using shared_ptr if you can.
3. Smart pointers in general are not the only way to achieve memory safety. This is too broad a topic to explain in a one-liner, but I'll say, C++ in the past years is very heavily pushing all developers to enable safe and thin abstractions for pointers and then encouraging everybody to simply use value-semantics everywhere. They have introduced lots of language- and also library-features to let you do this. Smart-pointers are just a small part in this strategy.

So, I said, your knowledge is outdated, and even wrong at some places, as I have demonstrated.

And make no mistake. I am not saying and never said that Rust isn't safer than C++. I just pointed out how ridiculous the information is you are spreading about C++.

. . . The scheduler shouldn't be crashing in the first place. Fix your broken scheduler before concocting some ad-hoc redundancy system.

It sounds like an extra layer of complexity where things can go wrong. We're still running on Linux, a massive monolithic kernel. Any bugs there can still rear their ugly heads, no matter how many parts you reimplement in user space. A user space implementation is extra code that can be buggy itself. If it fails, the handover to the kernel needs to be seamless and clean. Does it? Then we haven't even pondered unforeseen interactions between the bolted on user space parts and Linux itself.

If it is about bringing in more flexibility as to what the kernel can offer in terms of capabilities, I can see that as an advantage. Linux itself is mostly one kernel fits all. For that it might be very interesting.

Selling it as something more resilient than plain Linux? Maybe. The "bedrock" is still Linux and if it goes down, your user space implementations are toast. At best you can say that running on user space reimplementations puts floaties on Linux, so the chances of a full crash are diminished, at worst you are saying that you don't trust the code from kernel.org. (Which is ironic, as that is the foundation you use to say your thing is more resilient.)​

Swift uses reference counting and isn't garbage collected.