EriX Virtual Space Service (vspaced)

vspaced is the user-space virtual address-space policy service. It governs mapping layout policy and address-space construction above kernel primitives.

EriX is a clean-room, capability-based microkernel operating system written entirely in Rust.

Technical requirements are tracked in the EriX requirements, conventions, and project documentation.

See:

• docs for design documents, specifications, and development plans.
• Related architecture repositories for kernel, services, libraries, drivers, and integration tooling.

Purpose of This Repository

This repository implements the EriX vspace service daemon. Its purpose in EriX is to provide the vspace service role through explicit IPC and startup authority.

Functionally, it implements the daemon runtime, state model, IPC handling, and validation tests. The repository keeps the implementation, interface contracts, tests, and documentation for that behavior in one reviewable ownership boundary.

The maintained responsibilities are:

• implement the vspace service runtime and state model
• validate startup authority before accepting IPC requests
• handle bounded service operations through the assigned endpoint set
• keep service behavior, tests, and authority invariants documented

Clean-Room Policy

EriX follows a strict clean-room philosophy:

• No external source code may be copied.
• No external Rust crates are allowed.
• No code generation tools that embed third-party code.
• All code must be authored within the project.

Violations will result in rejection of the contribution.

License

All EriX repositories are licensed under the ISC License.

Development Model

EriX development is modular, deterministic, reproducible, authority-explicit, security-first, and self-hosting oriented.

This repository follows the project roadmap and the validation rules documented in its own roadmap.

Implementation Status

Runtime baseline:

• no_std executable service binary (x86_64-unknown-none) with SysV entry ABI
• startup envelope parsing/validation via lib-bootstrap
• role/intake contract validation via lib-capabi
• startup ready-state validates actual local slot type/rights with caller-local QUERY_LOCAL_CAP on bare metal and QUERY_CAP in host/test scaffolding
• the host/test QUERY_CAP fallback is cfg-scoped so runtime/release builds remain warning-free
• runtime IPC server loop (RECV + REPLY) for map/unmap requests
• primary control slot is the dedicated vspace endpoint SLOT_KERNEL_VSPACE_ENDPOINT (2240)
• deterministic mapping table validation and response behavior
• the emitted runtime image now keeps any declared .bss.stack_reserve reservation so the startup stack remains inside explicit in-image stack space instead of colliding with live service state

Authority cleanup status:

• runtime map/unmap now pass the delegated local vspace_cap_slot directly to the kernel vspace endpoint
• the trailing phase0 map/unmap reserved0 field must be zero in v1 and does not influence target selection
• linker garbage collection must not discard the declared stack reserve; vspaced now keeps .bss.stack_reserve* explicitly in the runtime image.

Governance Principles

vspaced governance is scoped to virtual address-space service behavior.

The scoped governance rules are:

• It uses only assigned address-space authority for explicit callers.
• It validates map, unmap, and protection requests before changing process address spaces.
• It keeps address-space policy in user space while preserving kernel isolation guarantees.
• It does not receive storage, driver, or service-discovery authority.

Authority Boundaries

• vspaced operates only through startup-assigned service capabilities.
• New authority must be represented in bootstrap/capability validation and integration tests before use.

Contact

Development occurs in EriX organization and discussions happen in issues and design documents.

No decisions are considered valid without documented rationale.

Maintainers can be reached via email: admin@erikinkinen.fi.