An Architecture-Agnostic Memory Protection Interface for the Tock Operating System

Master thesis (2018)

Authors

D.S.M. Verhaert Electrical Engineering, Mathematics and Computer Science

Contributors

Philip Levis (supervisor 1)
K.G. Langendoen (supervisor 1)
Mitra Nasri (coach)
Faculty
Electrical Engineering, Mathematics and Computer Science
Copyright: © 2018 Danilo Verhaert
More Info
expand_more

Published Date

19-10-2018

Language

English

Reuse Rights

Other than for strictly personal use, it is not permitted to download, forward or distribute the text or part of it, without the consent of the author(s) and/or copyright holder(s), unless the work is under an open content license such as Creative Commons.

Faculty

Electrical Engineering, Mathematics and Computer Science

Abstract

Tock is an embedded operating system that can run multiple concurrent, mutually distrustful processes, concurrently. Tock is written in Rust, a novel system programming language enforcing type safety at compile-time, and takes advantage of Rust's strong safety features. However, since Tock allows user-level applications to be written in any language, Rust is not sufficient in guaranteeing memory safety for user-level Tock. To obtain memory isolation, Tock takes advantage of MPUs provided by recent microcontrollers. Although Tock is supposed to be fully architecture agnostic, it is at present only able to support the MPU of the Cortex-M architecture. The lack of an architecture-agnostic MPU interface, process manager and the corresponding MPU implementations is the biggest remaining hurdle in making Tock architecture independent. In order to create such an interface, this work performs an analysis of state-of-the-art MPUs, comparing their key features and constraints. A feasibility study for the design of an MPU interface in Tock is carried out, resulting in a number of general changes to the current implementation of Tock, and leading up to the design, implementation and evaluation of two MPU interfaces. The first is a region-based interface, aiming to have an abstraction that is straightforward and completely agnostic of what the MPU is used for. The second interface is a process-based interface, that utilizes knowledge of what it is applied for in order to provide a solution that is more efficient given the constraints and optimizations of an arbitrary MPU. Implementations for the Cortex-M, Kinetis K and nRF51 MPUs are created that match these interfaces, and in addition fundamental adaptations to process management in the Tock kernel are made. On the Hail development board, these changes reduce context switching time by 25.34%, but lead to a cost of 848 bytes or 1.0% in flash memory overhead. Most importantly, with the introduction of these interfaces, the biggest hurdle for Tock in becoming a multi-architecture operating system is overwon.