Skip to content

Latest commit

 

History

History
35 lines (25 loc) · 1.49 KB

overflow.md

File metadata and controls

35 lines (25 loc) · 1.49 KB

Tock's goals, architecture and components

A key contribution of Tock is that it uses Rust's borrow checker as a language sandbox for isolation and a cooperative scheduling model for concurrency in the kernel. As a result, for the kernel isolation is (more or less) free in terms of resource consumption at the expense of preemptive scheduling (so a malicious component could block the system by, e.g., spinning in an infinite loop).

Tock includes three architectural components:

  • A small trusted core kernel, written in Rust, that implements a hardware abstraction layer (HAL), scheduler, and platform-specific configuration.
  • Capsules, which are compiled with the kernel and use Rust's type and module systems for safety.
  • Processes, which use the memory protection unit (MPU) for protection at runtime.

Presentation slides are available here.

Read the Tock documentation for more details on its design.

Check your understanding

  1. What kinds of binaries exist on a Tock board? Hint: There are three, and only two can be programmed using tockloader.

  2. What are the differences between capsules and processes? What performance and memory overhead does each entail? Why would you choose to write something as a process instead of a capsule and vice versa?

  3. What happens if the core kernel enters an infinite loop? What about a process? What about a capsules?