- Rust 98.9%
- Linker Script 1.1%
| .github | ||
| src | ||
| .editorconfig | ||
| .gitignore | ||
| .markdownlint-cli2.yaml | ||
| ARCHITECTURE.md | ||
| Cargo.toml | ||
| CODE_OF_CONDUCT.md | ||
| CONTRIBUTING.md | ||
| LICENSE | ||
| linker.ld | ||
| README.md | ||
| ROADMAP.md | ||
| rustfmt.toml | ||
| SECURITY.md | ||
EriX Memory Service (memd)
memd is the user-space memory policy service. It owns allocation policy
decisions above kernel primitive object semantics.
EriX is a clean-room, capability-based microkernel operating system written entirely in Rust.
Technical requirements are tracked in the EriX requirements, conventions, and project documentation.
See:
- docs for design documents, specifications, and development plans.
- Related architecture repositories for kernel, services, libraries, drivers, and integration tooling.
Purpose of This Repository
This repository implements the EriX mem service daemon. Its purpose in EriX is to provide the mem service role through explicit IPC and startup authority.
Functionally, it implements the daemon runtime, state model, IPC handling, and validation tests. The repository keeps the implementation, interface contracts, tests, and documentation for that behavior in one reviewable ownership boundary.
The maintained responsibilities are:
- implement the mem service runtime and state model
- validate startup authority before accepting IPC requests
- handle bounded service operations through the assigned endpoint set
- keep service behavior, tests, and authority invariants documented
Clean-Room Policy
EriX follows a strict clean-room philosophy:
- No external source code may be copied.
- No external Rust crates are allowed.
- No code generation tools that embed third-party code.
- All code must be authored within the project.
Violations will result in rejection of the contribution.
License
All EriX repositories are licensed under the ISC License.
Development Model
EriX development is modular, deterministic, reproducible, authority-explicit, security-first, and self-hosting oriented.
This repository follows the project roadmap and the validation rules documented in its own roadmap.
Implementation Status
Runtime baseline:
no_stdexecutable service binary (x86_64-unknown-none) with SysV entry ABI- startup envelope parsing/validation via
lib-bootstrap - role/intake contract validation via
lib-capabi - startup ready-state validates actual local slot type/rights with caller-local
QUERY_LOCAL_CAPon bare metal andQUERY_CAPin host/test scaffolding - the host/test
QUERY_CAPfallback is cfg-scoped so runtime/release builds remain warning-free - runtime untyped retype uses only the explicit startup-transferred local untyped slots; it no longer scans the canonical root untyped range
- runtime IPC server loop (
RECV+REPLY) for alloc/free frame requests - primary control slot is the dedicated memory endpoint
SLOT_KERNEL_MEM_ENDPOINT (2224) - deterministic in-service frame accounting and slot allocation
- newly retyped frame caps are allocated after the startup-reserved local transfer slots so runtime output does not overwrite the declared startup bundle
Governance Principles
memd governance is scoped to memory service policy above kernel allocation
mechanisms.
The scoped governance rules are:
- It mediates only the memory authority assigned at startup.
- It keeps allocation and mapping requests bounded by explicit caller authority.
- It preserves kernel policy separation by implementing user-space memory service behavior.
- It rejects malformed or overbroad memory requests fail-closed.
Authority Boundaries
memdoperates only through startup-assigned service capabilities.- New authority must be represented in bootstrap/capability validation and integration tests before use.
Contact
Development occurs in EriX organization and discussions happen in issues and design documents.
No decisions are considered valid without documented rationale.
Maintainers can be reached via email: admin@erikinkinen.fi.