Paper review: [Multiprogramming a 64 kB Computer Safely and Efficiently - SOSP’17](https://dl.acm.org/doi/10.1145/3132747.3132786)

# Paper review: [Multiprogramming a 64 kB Computer Safely and Efficiently - SOSP’17](https://dl.acm.org/doi/10.1145/3132747.3132786) ## [Link to their GitHub](https://github.com/tock/tock) ###### tags: `ECE697SD` `paper review` ## Abstract Low-power microcontrollers lack some of the hardware fea- tures and memory resources that enable multiprogrammable systems. > To be more specific, microcontroller-based operating systems have not provided important features like fault isolation, dynamic memory allocation, and flexible concurrency However, an emerging class of embedded applications are software platforms, rather than single purpose devices, and need these multiprogramming features. :::info Which might implies current low-power microcontrollers cannot provide such complex functions(safty features) to embedded applications. ::: **[Tock](https://www.google.com/search?q=Tock+rust&rlz=1C5CHFA_enTW927TW927&oq=Tock+rust&aqs=chrome..69i57j0i512j0i22i30l4j0i10i22i30l2j0i22i30l2.4011j0j7&sourceid=chrome&ie=UTF-8)** takes advantage of limited hardware protection mechanisms as well as the type-safety features of the Rust programming language to provide a multipro- gramming environment for microcontrollers. :::info Why do limited hardware protection mechanisms work for the industry? Is it because of acceptable safety features? ::: > [Tock](https://www.google.com/search?q=Tock+rust&rlz=1C5CHFA_enTW927TW927&oq=Tock+rust&aqs=chrome..69i57j0i512j0i22i30l4j0i10i22i30l2j0i22i30l2.4011j0j7&sourceid=chrome&ie=UTF-8) isolates software faults, provides memory protection, and efficiently manages memory ## Introduction Some recent microcontrollers include simple privilege levels and a memory protection unit (MPU) which programmers can use to configure access control for address regions, **but that lacks virtualized addressing**. :::info Generally, the low-power microcontrollers can only provide some level of hardware protections to the developer. ::: Due to restrictive power budgets for embedded applications, many system have only 64kB RAM or even less of expensive SRAM. :::info Again, some complex or powerful safty features, e.g., memory isolation and dynamic memory management, need a better hardware platform to perform those functions. Also, a small region of memory allows the user application and the kernal application to share the same pointer with each other. a no go to the complex software and limted hardware make the embedded operation system hard to provide security to user/programmers. ::: ## The use of embedded system Embedded devices require long-running and fault-free operation. To achieve this, software for these platforms usually allocate all memory statically. >This avoids hard-to-predict memory exhaustion due to dynamic application behavior. When memory is statically allocated, system software for managing a shared abstraction like a radio interface must ... ... forces developers to guess how to balance resources for optimal performance whenever a system’s func- tional applications are reconfigured. :::danger *must pre-allocate memory that may be unused for much of the device’s lifetime. This trade-off between concurrency and memory footprint forces developers to guess how to balance resources for optimal performance* ::: # Their Contributions ### 1. Tock, a new operating system for low-power embedded system. Written in Rust They claim this new system can solve the existing problems. > To provide a rich multiprogramming environment > (1) provides fault isolation and (2) allows the kernel to dynamically allocate memory for application requests. :::info [Comparison of Rust and C](https://kornel.ski/rust-c-speed#:~:text=The%20run%2Dtime%20speed%20and,and%20where%20Rust%20is%20faster.) ::: Tock provides a process abstraction using the hardware isolation mechanisms available on many recent chips. :::info [My guess] Providing process abstractions via hardware support that reduce the workload and memory spaces for the software. ::: Processes provide complete isolation of memory and CPU resources between applications and the kernel. >allowing developers to write applications in C or any other language that targets the hardware. To avoid trade-offs between memory efficiency and con- currency, Tock allows kernel components to use portions of process memory, called grants, to maintain state for the pro- cess’s requests to kernel services. This approach allows each process to dynamically donate its available memory in order to perform whatever concurrent requests are necessary at a particular moment. :::info [My thoughts]Donate? Assuming this function is built upon that the programmers will treat the system well. ::: Although the kernel itself uses only static allocation in order to guarantee continuous operation, this feature simultaneously allows for flexible configuration of applications and efficient use of precious memory.