[HN Gopher] An Architectural Overview of QNX - inside the indust...
___________________________________________________________________
An Architectural Overview of QNX - inside the industry's only true
microkernel [pdf]
Author : lproven
Score : 137 points
Date : 2023-07-04 10:26 UTC (12 hours ago)
(HTM) web link (cseweb.ucsd.edu)
(TXT) w3m dump (cseweb.ucsd.edu)
| johndoe0815 wrote:
| ...no longer the only true microkernel in industry (the paper was
| written in 1992, back then QNX was certainly leading in this
| respect). Nowadays, open source as well as commercial L4-based
| microkernels are widely used, e.g. seL4 (UNSW), Fiasco (TU
| Dresden) and PikeOS (SYSGO).
| Animats wrote:
| L4 is more of a hypervisor. You have to run another OS, usually
| Linux, on top of it. So the overall system complexity has been
| increased, rather than reduced. QNX offers a POSIX-type API, so
| you can run applications on it directly,
| jacobgorm wrote:
| That is not correct. I've written and run my own custom apps
| on top of L4.
| Animats wrote:
| How do you access files and the network? A library that
| talks to those services via shared memory?
| lproven wrote:
| I'd argue QNX was more widespread than any of those.
|
| It's been a significant embedded OS since the late 1980s, with
| many millions of deployed systems.
|
| It is also used in roles with a customer-facing UI and indeed
| GUI. It's in several car media players, for instance, including
| from Toshiba I believe.
|
| And of course it was the basis of Blackberry 10.
|
| https://crackberry.com/blackberry-10
|
| It was in the Playbook, the cancelled Folio, and a lot of
| smartphones, such as the Passport I used to own. (A lovely
| device, sadly crippled as messaging app vendors removed
| support. I could use Android apps on it, but they didn't
| integrate into the Blackberry Hub.)
|
| It was also _very nearly_ the next-gen Amiga, which I suspect
| is why it has a GUI and multimedia support.
|
| https://www.trollaxor.com/2005/06/how-qnx-failed-amiga.html
|
| I suspect that between routers, switches, engine control units,
| traffic signals, smartphones, car entertainment units, and
| doubtless many other things we don't hear about, it's in more
| devices in production than all of seL4, Fiasco, etc. put
| together.
|
| Minix 3 is arguably also a true microkernel, and it's present
| in industry, embedded in millions of Intel Xeon and Core iX
| CPUs' management units, but it never reached a state of much
| completeness. No SMP support, for instance, and a lot of
| missing functionality.
|
| And it now seems to be dead:
|
| https://www.osnews.com/story/136174/minix-is-dead/
| jacquesm wrote:
| > which I suspect is why it has a GUI and multimedia support
|
| No, this was because Quantum Software thought that they were
| going to compete with Windows on its own turf somewhere
| around 1991.
| lproven wrote:
| Interesting! I don't remember ever hearing about that at
| the time. I'm not saying that I don't believe you, but I'd
| be very interested if you had any links or references for
| that.
| Animats wrote:
| The QNX Photon GUI: [1]
|
| For the three years (2002-2005) I worked on a DARPA Grand
| Challenge vehicle, my main desktop machine ran QNX. I
| could build and run the real time software on it,
| connected to either a simulator or cabled to the actual
| vehicle up on jacks.
|
| QNX gave up on the desktop a few years ago.
|
| [1] https://www.qnx.com/developers/docs/6.5.0SP1.update/c
| om.qnx....
| nudgeee wrote:
| The Secure Element in the iPhone, iPad, Mac, Apple Watch, etc
| runs L4: https://support.apple.com/en-
| au/guide/security/sec59b0b31ff/...
|
| It's gotta be creeping up on QNX numbers slowly!
| [deleted]
| GranPC wrote:
| > the cancelled Folio
|
| What's the Folio?
| lproven wrote:
| Oh, sorry, I thought I deleted that phrase. I meant to.
|
| https://en.wikipedia.org/wiki/Palm_Foleo
|
| Mistake on my part: I thought it was a cancelled Blackberry
| device, but it wasn't -- it was a cancelled Palm device.
|
| Before the rise of netbooks, it was a netbook-sized
| terminal to a smartphone that let you use a laptop-style UI
| to your email and so on, by being tethered to a smartphone.
| GranPC wrote:
| Ah I see, thanks! Thought there was another canceled QNX
| BlackBerry I didn't know about :)
| lhoff wrote:
| Blackberry 10 was so nice. I bought a Z10 at launch, UX-wise
| the best phone I ever had. Used it for I think 3 years and
| would go back instantly with a modern device and better app
| support. It had gesture control years before Android and iOS
| introduced them (it was copied from MeeGo though) and the
| unified inbox is still miles a way from everything else.
| lproven wrote:
| Agreed.
|
| It was the inbox that sold me on it. I had to occasionally
| manually kill background apps; I could feel the phone
| getting hot in my pocket sometimes, as something burned CPU
| and battery. It was a bit version-1-point-zero.
|
| But, a good UI, most Android apps worked... but slowly,
| over time, Whatsapp dropped support, FB Messenger dropped
| support, and while the Android clients worked, they no
| longer integrated with the unified inbox, making it all a
| bit pointless.
|
| For those who never saw it:
|
| BB10 was QNX with a Qt-based GUI on top. It had a global
| inbox, part of the home screen, and _all_ messages appeared
| in it. Work emails, personal emails, all chat systems, app
| notifications -- all in one place, sortable and searchable.
| It sounds like a lot to deal with but it wasn 't; it was
| much easier than handling notifications and messages on iOS
| or Android, where they are spread over a dozen different
| apps.
|
| Android "native" apps are actually Java apps in a
| customised Java runtime, a modified JVM. This has been
| completely replaced several times over the lifetime of
| Android.
|
| BB10 had its own Android-compatible JVM, so Android apps
| ran on BB10, at peer level with native apps. The big snag
| was that there were no Google apps, and Android apps assume
| those are present. So, if an app displays a map, it assumes
| Google Maps and blindly calls it, and if that app is not
| there, the exception is unhandled and you get a blank area
| on screen where the map should be.
|
| Sadly sideloading the Google Apps did not fix this. They
| worked but they were not where expected, or sandboxed, or
| something. Some, e.g. Google Translate, worked badly
| because it assumes an onscreen keyboard but the
| Blackberries didn't have one because they have permanent
| hardware keyboards.
| lloeki wrote:
| > if an app displays a map, it assumes Google Maps and
| blindly calls it
|
| I seem to recall that one was fixed down the road and
| displayed the native map.
|
| > Blackberries didn't have one because they have
| permanent hardware keyboards
|
| Not the Z10, which was fully touch. This gave a good
| experience for these Android apps, especially if you
| sideloaded the Amazon app store and picked from that.
| lproven wrote:
| Ah, fair enough. I only had the one device, and never saw
| a touchscreen-only model.
| matart wrote:
| I was recently talking about the Z10 being the best phone I
| have owned. It lacked app support otherwise I would have
| used it longer. Unified inbox is what I miss most about it.
| lloeki wrote:
| Got a Z10 at launch, I did not expect it to be _that_ good,
| but it was! Especially with the latest updates which added
| a ton of new features and improvements.
|
| The software keyboard was incredibly reactive and tactile;
| I bet QNX played its part on that.
|
| Had to stop using it because of stupid (Android) bank apps
| deciding to check for root and refused to run.
| rbanffy wrote:
| > since the late 1980s
|
| > doubtless many other things we don't hear about
|
| It's entirely possible many of those embedded devices running
| QNX haven't rebooted since the late 80's.
| jacquesm wrote:
| You can take that to the bank. I wouldn't be surprised if
| there are machines that people have completely forgotten
| about that still happily churn away and if they ever do
| fail suddenly we'll notice. Let's hope it's not a power dam
| or some other critical bit of infra.
| lproven wrote:
| :-)
|
| I would not be altogether surprised. This was one of the
| promises of microkernels in general and Minix 3 in
| particular...
|
| https://lwn.net/Articles/217873/
| Findecanor wrote:
| Wasn't ENEA's OSE also a microkernel real-time operating system
| available in 1992, though?
|
| Or was it not yet considered a microkernel by then?
| tibbydudeza wrote:
| QNX 4.5
|
| We ran our POS systems on it (server-thin dumb client) - the
| server was a 64MB 486 and the POS terminals ran a simple client
| program that emulated an NCR1255 POS terminal.
|
| It just sent keystrokes or print a line on a receipt printer or
| display a message.
|
| The server was a C program with a giant state machine of up to 64
| POS terminals and it hardly broke out in a sweat and used shared
| memory to talk to other programs that did the card payments and
| data storage.
|
| Good times.
| messe wrote:
| (1992)
| davidw wrote:
| I remember the demo floppy, which had a GUI, networking and some
| other stuff. It was pretty cool for the time
|
| http://toastytech.com/guis/qnxdemo.html
| wslh wrote:
| Inspired by it, with my friend Dave we created a floppy disk
| including Linux an Squeak (Smalltalk) as the GUI:
| https://news.ycombinator.com/item?id=11942537
| deviantbit wrote:
| It is still pretty cool.
|
| https://www.qnx.com/products/evaluation/
| itvision wrote:
| I'm really sad QNX has never been adopted for the desktop and it
| died with Blackberry for mobile.
|
| Such a cool fast kernel / operating system.
| krisoft wrote:
| Fast? Not in the benchmarks I have seen.
|
| In my understanding it promises correctness of scheduling not
| speed.
| jacquesm wrote:
| Latency >> throughput.
| rbanffy wrote:
| It's not fast if you want to do batch processing, but if you
| want fast and predictable responses, it's quite good.
| Chabsff wrote:
| When you get down to real-time OSs, jitter often becomes the
| only metric that actually matters, and raw throughput becomes
| a means to that end.
| euniceee3 wrote:
| QNX is a big chunk of Blackberry's revenue. It has found a
| footing in the automotive industry.
| jacquesm wrote:
| It had a footing in the automotive industry _long_ before
| Blackberry even existed. Also: process control, medical,
| avionics, transportation. Anything where latency matters more
| than throughput.
| heja2009 wrote:
| best OS I ever had the pleasure to work with
| jacquesm wrote:
| Hands down, with IRIX a close second.
| DeathArrow wrote:
| What happened to QNX after Blackberry acquired it? Is it still
| used?
| nubinetwork wrote:
| I believe some cars still use it for their in-car
| entertainment.
| PinguTS wrote:
| Yes, in millions of millions of cars. It power most of the HMI
| systems in cars, except some newer ones, which are based on
| Android Auto and very view exceptions based on Windows
| Embedded/Auto.
| TacticalCoder wrote:
| This. My car (Porsche Panamera from 2013) runs QNX for its
| nav+soundsytem. I can stream from bluetooth or use a jack
| plug but I don't bother: the car's got its own storage for
| music and, notably, the system takes both _.mp3_ and _.wav_
| files, but not _.flac_ files. So at home I play _.flac_ files
| but for the car I convert my music to 320 kbps _.mp3_ (I
| think I can put about 5000 320 kbps _.mp3_ in the car). In
| 2013 Porsche was still putting HDD and not SSD in their cars:
| some people do the upgrade themselves to a SSD but in my case
| that would void my extended manufacturer warranty (which I
| plan to extend up until 15 years / 200 000 km).
|
| Since then, for newer models, the manufacturer has moved the
| nav+infotainment to Apple's iOS CarPlay. I don't know if QNX
| is still used for other stuff (like reporting the oil level /
| warning messages etc.).
| Kelteseth wrote:
| You can see many QNX related changes in Qt that is often used
| in cars:
|
| - https://code.qt.io/cgit/qt/qtbase.git/log/?qt=grep&q=QNX
|
| - https://code.qt.io/cgit/qt/qtdeclarative.git/log/?qt=grep&q
| =...
| wolrah wrote:
| > It power most of the HMI systems in cars, except some newer
| ones, which are based on Android Auto and very view
| exceptions based on Windows Embedded/Auto.
|
| My Ford has had both. As a 2015 model it shipped with
| MyFordTouch which ran on whatever Microsoft was calling the
| automotive branch of Windows CE at the time (AutoPC?) with a
| UI built in Adobe Flash.
|
| 2016 and newer models got a QNX-based platform with a HTML5
| UI under the name SYNC 3, and the newer SYNC 4 variants are
| derived from that.
|
| I upgraded my car with parts from a 2016 model a few years
| ago because Sync 3 could do Android Auto and CarPlay where
| MyFordTouch could not.
| krylon wrote:
| I heard that it is used in some medical devices. It's hearsay,
| though, and I cannot name any specific devices.
| phendrenad2 wrote:
| I remember reading about this in a magazine (Circuit Cellar) as a
| kid and wanting a copy. Looked online and, good lord, $1,000+ for
| a license?
| nubinetwork wrote:
| Ah qnx... the heart of the Unisys/Burroughs Icon.
|
| They had a pretty nasty bug back in the day...
| https://www.juliandunn.net/2006/08/21/on-hacking-the-unisys-...
|
| It basically went like: "I am root" "Yes, you are root" :)
| jasoneckert wrote:
| QNX on the ICON was full of bad security form in general,
| including default passwords for root, supervisor, teacher, and
| icon (blank) that were rarely changed in the classroom and
| could be found in the manual at the front of the room:
| https://jasoneckert.github.io/myblog/icon-computer/
| Ensorceled wrote:
| As a co-op student, I worked on a CAD system that was meant to
| run on the ICON to teach CAD/CAM fundamentals. Not sure if it
| ever shipped.
|
| I do remember this "unix" variant being particularly painful to
| work with. One might even say spectacularly painful.
| gavinmckenzie wrote:
| Wow, that's a throwback. I remember when my Ontario high-school
| in '84 or '85 got a whole room full of ICON computers. It was a
| total miserable nightmare for the teaching staff as each
| computer class had at least a couple of students with the
| skills to elevate themselves to root privileges and cause
| constant mischief.
|
| The ICONs were way more fun from the aging Commodore Pets that
| had populated Ontario high-schools, and the big trackballs felt
| futuristic.
| pbourke wrote:
| Yes! By the time I was in high school in Ontario (early 90s)
| we had PCs as I recall, but in grade school there were Pets
| and then later ICONs. At home a lot of kids had C64s, though
| my family's first machine was an IBM XT clone.
|
| I vaguely remember a mysterious "other room" where ICON-
| related things happened - this must have been where the
| LEXICON server was located.
| whartung wrote:
| > It basically went like: "I am root" "Yes, you are root" :)
|
| How prescient! Advanced AI, way back then!
| ngcc_hk wrote:
| Need to mark 1992
| froh wrote:
| (1992)
| Hikikomori wrote:
| One of the more popular core/edge router platforms used to run
| QNX for their control plane, Cisco CSR/ASR. Though they switched
| to Linux some years ago.
| dfawcus wrote:
| Just the Neutrino kernel, not the whole of QNX.
| p_l wrote:
| Depends on the series. IOS XR is QNX based, IOS XE is Linux
| based, "plain" IOS is the classic IOS on bare metal, and NX-OS
| is completely separate development based on Linux that powers
| Nexus switches.
| Cyph0n wrote:
| XR is not QNX-based anymore. They switched over to Wind River
| 64-bit Linux[1] starting from the newer ASR9k linecards and
| the NCS series and onwards. The two XR variants are referred
| to internally as cXR (QNX) and eXR (Linux).
|
| XR itself is mostly the same codebase - it's just the
| platform- and OS-specific code that had to be changed. Also,
| I believe endianness-dependent code had to be ifdef'd.
|
| Source: worked as a dev on the IOS-XR team.
|
| [1] https://www.cisco.com/c/en/us/products/collateral/routers
| /as...
| sterlind wrote:
| now that you've outed yourself as an IOS-XR dev I have to
| ask: why does Cisco have so many darn OSes?
|
| at work I built a system to run Python scripts on various
| network devices, with a HAL abstracting the APIs.
| supporting IOS-XR, IOS-XE _and_ NX-OS was quite a bit of
| work. plus there were so many modes.. netconf-YANG? or show
| run /config syntax? and so many changes between revisions.
| meanwhile, the HALs for Juniper and Arista devices were
| pretty easy.
| Cyph0n wrote:
| The honest answer? I have no idea! But I can share what I
| do know and/or heard when I worked there.
|
| I have zero knowledge about NX-OS. But I can say that the
| XR and XE teams were quite isolated from one another. For
| instance, as an XR dev, I had no visibility into XE
| development.
|
| It kind of makes sense: XE and XR target different device
| segments, which means the feature sets and scale and
| availability requirements were different. But both were
| spun off from IOS, which is why the "base" is common.
|
| I don't have any visibility into what they're doing now,
| but I wouldn't be surprised if they're working to unify
| XE and XR at some level.
| Hikikomori wrote:
| Back in the day? acquisitions probably
|
| Now? Just madness I guess
| [deleted]
| glonq wrote:
| Back when I toiled in trenches as an embedded systems developer,
| I always dreamed of being able to use a "big, proper" OS like QNX
| instead of whatever clumsy, barely-better-than-bare-metal RTOS I
| was using at the time. I remember QNX always having a decent
| presence at the embedded systems conference.
|
| Instead of going unix-ish and using QNX we eventually went
| windows-ish and used Phar Lap ETS, which was quite nice and
| civilized.
| cashsterling wrote:
| QNX is used as an operating system on some programmable logic
| controllers. I think Omron's PLC use QNX.
| KingLancelot wrote:
| [dead]
| eggy wrote:
| QNX was the OS that Navigator, show control software, runs on. I
| ran it for over 6 years, and it was bullet proof and snappy.
| Isn't Minix a microkernel too? What makes Minix an untrue
| microkernel? I ran Minix back in the day - 1990s.
| tyingq wrote:
| Fuchsia's Zircon might count also. Google used to specifically
| call it a microkernel. Though they updated the descriptive
| language to just "kernel" after it drifted further from LK and
| the number of syscalls got pretty high.
| nqwiudhnoaq73 wrote:
| Everyone with an IntelME is running Minix :)
| rbanffy wrote:
| But not as their OS. The little Minix computer is owned and
| controlled by Intel ;-)
| andsoitis wrote:
| > Isn't Minix a microkernel too? What makes Minix an untrue
| microkernel?
|
| According to http://minix3.org and
| https://en.wikipedia.org/wiki/Minix Minix is a microkernel.
|
| https://wiki.osdev.org/Microkernel also lists Mach and AmigaOS
| and Wikipedia lists a few more:
| https://en.wikipedia.org/wiki/Microkernel#Examples
| lproven wrote:
| [OP here]
|
| Minix 3 totally is, but it's also incomplete, and as Dr
| Tanenbaum has retired, it probably always will be.
|
| Mach was valid, but the only successful version, Apple's
| macOS, has a huge in-kernel "Unix server" derived from
| FreeBSD code, so it's not a microkernel any more.
|
| The OSF's OSF/1 is long gone. So is MkLinux.
|
| IPC performance killed Mach, which led to L4, seL4 and many
| others, none of which have ever gone mainstream or been
| widely deployed in production, AFAIK.
|
| AmigaOS does not count, because it has no memory protection:
| all code runs in a single memory space, which makes a
| microkernel-like design simple, as there are no barriers to
| interprocess communication -- but also no use of an MMU chip
| whatsoever and as a result it was and is as unstable as
| classic MacOS or Windows 3.x.
| sillywalk wrote:
| As others have pointed out, the Secure Enclave in Apple
| Silicon runs a variant of L4, so that's 1+billion devices
| in production.
| harry8 wrote:
| I'll bet you a signed dollar it is not being run as a
| multi-server, microkernel based OS. I'd go further and
| say L4 being designed as microkernel is nothing more than
| an amusing piece of trivia in it's use by Apple and that
| the actual OS that does stuff will be as monolithic as
| any other used by apple.
| astrange wrote:
| What a strange thing to say on no evidence.
|
| Actually, iOS/macOS itself isn't a monolithic OS anymore
| as many of the important hardware drivers like wifi have
| moved to userland processes. Of course, it was never
| fully monolithic because it does upcalls for things like
| NFS mounts and disk images.
| eggy wrote:
| I ran Mach on my PowerPC Mac in 1997 or thereabouts. I ran
| Minix as well. QNX was a pleasure while running Navigator.
| gjsman-1000 wrote:
| It's not for industry, but I keep mentioning it because it's so
| surprising and little known: The Nintendo Switch uses a home-
| grown microkernel. It's not UNIX-compatible, fits into ~30K lines
| of code IIRC, and everything from the USB to the Graphics drivers
| are sandboxed in userspace. (Too bad NVIDIA's Secure Boot code
| didn't match Nintendo's standards.)
|
| https://en.wikipedia.org/wiki/Nintendo_Switch_system_softwar...
| mepian wrote:
| How do you know the LoC number? Have you worked on it?
| gjsman-1000 wrote:
| It was so small that a solo developer reimplemented the
| entire kernel.
|
| https://www.reddit.com/r/emulation/comments/hygtnx/mesospher.
| ..
|
| https://github.com/Atmosphere-
| NX/Atmosphere/tree/mesosphere-...
| yjftsjthsd-h wrote:
| > Nintendo is exempt from GPLv2 licensing and may (at its
| option) instead license any source code authored for the
| libmesosphere project under the Zero-Clause BSD license.
|
| Er, what? Why would a 3rd-party reimplementation allow
| Nintendo to use their work?
| mmebane wrote:
| Probably because it's based entirely on (non-black-box)
| reverse-engineered Switch binaries, and is therefore very
| possibly a derivative work of Nintendo's copyrighted
| code.
| rbanffy wrote:
| I learned C on it, running from a 360K floppy on a 4.77Mhz PC.
|
| Brings back good memories.
| jacquesm wrote:
| I've worked with QNX for years and wrote a clone, this is an
| amazing little OS that you can build rock solid services on. It's
| a pity that there never was much interest in something along
| these lines but open source.
| pmoriarty wrote:
| I would have loved to see an open-source of something like QNX
| for music production, as it would be very useful for its hard
| realtime guarantees and low latency.
|
| In my experience Linux has been pretty awful at this.
| zokier wrote:
| > In my experience Linux has been pretty awful at this.
|
| isn't the problem these days just crappy random hardware more
| than anything else; Linux itself, especially with rt patches,
| together with jack should have good enough rt perf for audio
| use. I've seen reports of <5ms roundtrip audio latency on
| linux even with usb hardware.
| anthk wrote:
| Now pipewire superseded both jack and pulse.
| zokier wrote:
| That is more of an aspirational goal for pipewires future
| than practical reality today.
| rubicks wrote:
| The preemptrt patchset (now making its way into mainline) has
| excellent support for realtime scheduling. The problem is (as
| it has always been) undocumented NMIs in bog-standard COTS
| board firmwares. See the `hwlatdetect` man page for details.
| rwmj wrote:
| I was going to ask if someone had written a clone. As in _" if
| QNX is so tiny and elegant, surely it must be easy to clone!"_
| - I'm sure it was harder than it seems.
|
| Do you have a link to your version? How compatible was it?
| jacquesm wrote:
| 100% compatible at the call level. Another HN'er has actually
| managed to resurrect it partially. And no, I don't have a
| link and the project is not in a presentable state.
| weinzierl wrote:
| I've seen FreeRTOS being used besides QNX and other proprietary
| RTOSes in automotive applications. Do you know how similar or
| different FreeRTOS and QNX are?
| trollerator23 wrote:
| I think FreeRTOS is monolithic, isn't it?
| Matthias247 wrote:
| Yes it is. It's more or less a scheduler library, that you
| link together with all the other code you have to get a
| microcontroller system image. There are no processes in
| FreeRTOS, just tasks (threads).
| jacquesm wrote:
| Completely different under the hood, not to be compared, but
| both have their uses.
| jnwatson wrote:
| Fuchsia is open source.
| cvwright wrote:
| Wasn't QNX itself open source for a short time?
|
| I seem to remember eagerly grabbing a copy from Github around
| 2010-2011, but unfortunately that was on a work laptop from a
| previous job.
| _delirium wrote:
| They did publish the source to the kernel in 2007, although
| not under an open-source license:
| https://openqnx.com/node/471
| tkhattra wrote:
| Andy Valencia's open source microkernel VSTa [1] from the early
| 90's was inspired by QNX and Plan 9.
|
| [1] https://sources.vsta.org:7100/vsta/index
| lincpa wrote:
| [dead]
| tonetheman wrote:
| [dead]
___________________________________________________________________
(page generated 2023-07-04 23:01 UTC)