A key contribution of Tock is that it uses Rust's borrow checker as a language sandbox for isolation and a cooperative scheduling model for concurrency in the kernel. As a result, for the kernel isolation is (more or less) free in terms of resource consumption at the expense of preemptive scheduling (so a malicious component could block the system by, e.g., spinning in an infinite loop).
Tock includes three architectural components:
- A small trusted core kernel, written in Rust, that implements a hardware abstraction layer (HAL), scheduler, and platform-specific configuration.
- Capsules, which are compiled with the kernel and use Rust's type and module systems for safety.
- Processes, which use the memory protection unit (MPU) for protection at runtime.
Presentation slides are available here.
Read the Tock documentation for more details on its design.
-
What kinds of binaries exist on a Tock board? Hint: There are three, and only two can be programmed using
tockloader
. -
What are the differences between capsules and processes? What performance and memory overhead does each entail? Why would you choose to write something as a process instead of a capsule and vice versa?
-
What happens if the core kernel enters an infinite loop? What about a process? What about a capsules?