Microkernels and modularity: do microkernels ever make sense?

September 26, 2012

Here's a question that I've been mulling over for a while, stated here as a thesis and argument.

The meta-goal of microkernels is to make it easier to write OSes and to make them more reliable by isolating OS components from each other; this increased isolation and modularity is achieved by limiting their ability to talk to each other and affect each other. In a conventional kernel, you have global variables, shared global data structures, and potential semi-random function calls as the flow of control zig-zags back and forth through various levels and modules. A microkernel replaces all of this with something more regimented, where the separate OS components can only interact with each other through the well defined IPC mechanisms provided by the microkernel.

But this is mostly an illusion. What we've really done is replace an obvious API (all of those function calls across modules) with a far less obvious and much more indirect API in the form of all of the messages passed between separated components over the microkernel IPC. Microkernels don't fundamentally reduce the complexity of what an OS must do or the interconnections between OS components; they just obscure it by wrapping it up in a layer or two more of abstraction and indirection. In fact this may well make the complexity worse precisely because it makes what's actually happening less obvious and harder to follow.

(One can draw an analogy to the whole modern web service approach of tunneling all APIs over HTTP requests, and observe that this has not exactly improved the APIs. If anything, it has complicated everyone's life.)

Or in summary: what matters is the interaction surface between your OS components, not how that interaction is achieved. At the superficial level, microkernels trade preventing accidents and blocking certain sorts of interaction that're considered dangerous (ie, global variables and 'APIs' that have not been explicitly planned out) for obscuring what the actual interactions are and what they're happening with. If having to work through a microkernel is so awkward that you figure out a better structure for your OS components so they don't talk to each other as much, well, you could have done that even without the microkernel. The microkernel just gave you a useful push. As a tool for creating (increased) modularity, microkernels are very blunt instrument with potentially bad consequences.

Comments on this page:

From at 2012-09-26 07:10:55:

One common argument pro microkernel is that they are more robust, because individual drivers can crash without taking the whole system down. What's your take on this?

Written on 26 September 2012.
« The jaundiced C programmer's view of object orientation
Microkernels and device drivers »

Page tools: View Source, View Normal, Add Comment.
Login: Password:
Atom Syndication: Recent Comments.

Last modified: Wed Sep 26 02:02:19 2012
This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.