Trustworthy Systems

From L3 to seL4 – what have we learnt in 20 years of L4 microkernels?

Authors

Kevin Elphinstone and Gernot Heiser

NICTA

UNSW

Abstract

The L4 microkernel has undergone 20 years of use and evolution. It has an active user and developer community, and there are commercial versions which are deployed on a large scale and in safety-critical systems. In this paper we examine the lessons learnt in those 20 years about microkernel design and implementation. We revisit the L4 design papers, and examine the evolution of design and implementation from the original L4 to the latest generation of L4 kernels, especially seL4, which has pushed the L4 model furthest and was the first OS kernel to undergo a complete formal verification of its implementation as well as a sound analysis of worst-case execution times. We demonstrate that while much has changed, the fundamental principles of minimality and high IPC performance remain the main drivers of design and implementation decisions.

BibTeX Entry

  @inproceedings{Elphinstone_Heiser_13,
    address          = {Farmington, PA, USA},
    author           = {Elphinstone, Kevin and Heiser, Gernot},
    booktitle        = {ACM Symposium on Operating Systems Principles},
    month            = nov,
    pages            = {133--150},
    paperurl         = {https://trustworthy.systems/publications/nicta_full_text/6930.pdf},
    slides           = {https://trustworthy.systems/publications/nicta_slides/6930.pdf},
    title            = {From {L3} to {seL4} -- What Have We Learnt in 20 Years of {L4} Microkernels?},
    video            = {http://dl.acm.org/ft_gateway.cfm?id=2522720&ftid=1418245&dwn=1&CFID=281995453&CFTOKEN=10261052},
    year             = {2013}
  }

Download