Hardware Abstraction Layer
Core HAL trait, CPU, MMU, interrupts, firmware, KASLR, and ELF relocation.
Documentation
Core HAL Trait
The Hardware Abstraction Layer (helix-hal) is the kernel's interface to bare metal. It contains 136 source files totaling approximately 51,300 lines of Rust code, spanning three CPU architectures.
The root HAL trait aggregates four sub-traits into a single interface that the rest of the kernel programs against:
hal/src/lib.rs
1101rust
pub trait HardwareAbstractionLayer: Send + Sync + 'static {
2
type Cpu: CpuAbstraction;
3
type Mmu: MmuAbstraction;
4
type InterruptController: InterruptController;
5
type Firmware: FirmwareInterface;
6
fn cpu(&self) -> &Self::Cpu;
fn mmu(&self) -> &Self::Mmu;
fn interrupt_controller(&self) -> &Self::InterruptController;
fn firmware(&self) -> &Self::Firmware;
11
fn arch_name(&self) -> &'static str;
fn early_init(&mut self) -> HalResult<()>;
fn init(&mut self) -> HalResult<()>;
fn halt(&self) -> !;
fn reboot(&self) -> !;
fn shutdown(&self) -> !;
18
}
19
3 refs
pub type HalResult<T> = Result<T, HalError>;
Index
The concrete implementation is selected at compile time via #[cfg(target_arch)] — there is zero runtime dispatch for architecture selection. The kernel binary contains code for exactly one architecture.
Trait Hierarchy
HAL Trait Hierarchy5N · 4E
100%
100%
☝ Drag to pan·🤏 Pinch to zoom·Tap a node
Ctrl+FSearch
PPath
SStats
FFullscreen
EExport
Shift+DragMove node
↑↓Navigate
+/−Zoom
CPU Abstraction
The CpuHal trait provides low-level CPU control:
hal/src/cpu.rs
19rust
pub trait CpuAbstraction: Send + Sync {
2
type Context: CpuContext;
3
fn enable_interrupts(&self);
fn disable_interrupts(&self);
fn interrupts_enabled(&self) -> bool;
fn halt_until_interrupt(&self);
8
fn current_cpu_id(&self) -> u32;
fn cpu_count(&self) -> u32;
fn read_register(&self, reg: &str) -> u64;
unsafe fn write_register(&self, reg: &str, value: u64);
13
unsafe fn context_switch(&self, old: &mut Self::Context, new: &Self::Context);
15
}
Index
CPU Context
Saved register state for context switches:
hal/src/cpu.rs
14rust
pub trait CpuContext: Clone + Default + Send {
fn instruction_pointer(&self) -> u64;
fn stack_pointer(&self) -> u64;
fn set_instruction_pointer(&mut self, ip: u64);
fn set_stack_pointer(&mut self, sp: u64);
6
}
Index
SMP Startup
Bringing up secondary CPUs (Application Processors) follows a platform-specific protocol:
| Architecture | Protocol | Mechanism |
|---|---|---|
| x86_64 | INIT-SIPI-SIPI | APIC IPI to wake AP, trampoline at known address |
| AArch64 | PSCI | ARM Power State Coordination Interface calls |
| RISC-V | SBI HSM | Hart State Management SBI extension |
The startup sequence:
- BSP discovers CPU topology from ACPI/DeviceTree
- BSP allocates per-CPU stacks and data areas
- BSP sends startup IPI to each AP
- APs execute trampoline code: set up GDT/IDT, enable paging
- APs jump to
ap_entry()and register with the scheduler - BSP waits for all APs to report ready
MMU and Page Table
The MmuHal trait abstracts memory management:
hal/src/mmu.rs
211rust
pub trait MmuAbstraction: Send + Sync {
2
type PageTable: PageTable;
3
type Asid: Copy + Eq;
4
fn create_page_table(&self) -> HalResult<Self::PageTable>;
fn kernel_page_table(&self) -> &Self::PageTable;
fn active_asid(&self) -> Self::Asid;
fn allocate_asid(&self) -> HalResult<Self::Asid>;
unsafe fn switch_page_table(&self, table: &Self::PageTable, asid: Self::Asid);
fn flush_tlb_page(&self, vaddr: VirtAddr);
fn flush_tlb_all(&self);
12
}
13
5 refs
pub trait PageTable {
fn map(&mut self, vaddr: VirtAddr, paddr: PhysAddr,
16
flags: PageFlags, page_size: PageSize) -> HalResult<()>;
fn unmap(&mut self, vaddr: VirtAddr) -> HalResult<PhysAddr>;
fn translate(&self, vaddr: VirtAddr) -> Option<PhysAddr>;
fn update_flags(&mut self, vaddr: VirtAddr, flags: PageFlags) -> HalResult<()>;
20
}
Index
Page Table Formats
| Architecture | Format | Levels | Page Sizes | Address Bits |
|---|---|---|---|---|
| x86_64 | 4-level | PML4 → PDPT → PD → PT | 4 KB, 2 MB, 1 GB | 48-bit virtual |
| AArch64 | 4-level (4KB granule) | L0 → L1 → L2 → L3 | 4 KB, 2 MB, 1 GB | 48-bit virtual |
| RISC-V | Sv39 / Sv48 / Sv57 | 3/4/5-level | 4 KB, 2 MB, 1 GB | 39/48/57-bit |
x86_64 Page Table Entry
x86_64 Page Table Entry — Bit Layout13N · 12E
100%
100%
☝ Drag to pan·🤏 Pinch to zoom·Tap a node
Ctrl+FSearch
PPath
SStats
FFullscreen
EExport
Shift+DragMove node
↑↓Navigate
+/−Zoom
TLB Management
TLB (Translation Lookaside Buffer) flushes are critical for correctness when page tables change:
| Operation | x86_64 | AArch64 | RISC-V |
|---|---|---|---|
| Single page flush | invlpg | TLBI VAE1 | sfence.vma addr |
| Full TLB flush | Reload CR3 | TLBI VMALLE1 | sfence.vma |
| Remote TLB flush | IPI + invlpg | TLBI VAE1IS (Inner Shareable) | IPI + sfence.vma |
Interrupt Controller
The InterruptHal trait abstracts the platform's interrupt controller:
hal/src/interrupt.rs
1191rust
7 refs
pub type InterruptVector = u8;
2
pub trait InterruptController: Send + Sync {
fn init(&mut self) -> HalResult<()>;
fn enable(&mut self);
fn disable(&mut self);
fn enable_interrupt(&mut self, vector: InterruptVector) -> HalResult<()>;
fn disable_interrupt(&mut self, vector: InterruptVector) -> HalResult<()>;
fn set_priority(&mut self, vector: InterruptVector, priority: u8) -> HalResult<()>;
fn acknowledge(&mut self, vector: InterruptVector);
fn send_ipi(&mut self, target: IpiTarget, vector: InterruptVector) -> HalResult<()>;
fn pending_interrupt(&self) -> Option<InterruptVector>;
13
}
14
2 refs
pub enum IpiTarget {
16
Current, Cpu(usize), AllOthers, All,
17
}
Index
Platform Implementations
| Architecture | Controller | Vectors | Features |
|---|---|---|---|
| x86_64 | Legacy PIC (8259) | 16 IRQs | Cascaded, edge-triggered |
| x86_64 | Local APIC + I/O APIC | 256 vectors | MSI, per-CPU, priority |
| AArch64 | GICv2 | 1020 IRQs | Distributor + CPU interface |
| AArch64 | GICv3 | 1020+ IRQs | ITS, LPI, affinity routing |
| RISC-V | CLINT | Timer + software | Per-hart timer/IPI |
| RISC-V | PLIC | External IRQs | Priority, threshold, claim/complete |
x86_64 IDT Setup
The Interrupt Descriptor Table maps each vector (0-255) to a handler:
x86_64 IDT Vector Map5N · 4E
100%
100%
☝ Drag to pan·🤏 Pinch to zoom·Tap a node
Ctrl+FSearch
PPath
SStats
FFullscreen
EExport
Shift+DragMove node
↑↓Navigate
+/−Zoom
Each IDT entry specifies:
- Handler address (64-bit)
- Code segment selector
- IST (Interrupt Stack Table) index for stack switching
- DPL (Descriptor Privilege Level)
- Gate type (Interrupt gate — clears IF; Trap gate — preserves IF)
Timer Abstraction
The TimerHal trait provides platform-independent timing:
hal/src/timer.rs
15rust
pub trait TimerHal {
2
/// Read the current counter value.
fn read_counter(&self) -> u64;
4
5
/// Return the timer frequency in Hz.
2 refs
fn frequency(&self) -> u64;
7
8
/// Set a one-shot deadline interrupt.
fn set_deadline(&mut self, ticks: u64);
10
11
/// Convert ticks to nanoseconds.
fn ticks_to_ns(&self, ticks: u64) -> u64;
13
14
/// Convert nanoseconds to ticks.
fn ns_to_ticks(&self, ns: u64) -> u64;
16
}
Index
Timer Sources by Architecture
| Architecture | Timer | Resolution | Features |
|---|---|---|---|
| x86_64 | TSC (Time Stamp Counter) | ~1 ns | Per-core, invariant on modern CPUs |
| x86_64 | HPET | 100 ns | System-wide, multiple comparators |
| x86_64 | APIC Timer | Variable | Per-core, one-shot or periodic |
| x86_64 | PIT (8254) | ~838 ns | Legacy, single channel |
| AArch64 | Generic Timer | ~40 ns | System counter + per-core virtual timer |
| RISC-V | SBI Timer | Variable | SBI set_timer extension |
The HAL selects the best available timer at boot time. TSC is preferred on x86_64 if the invariant_tsc CPUID flag is present.
Firmware Interface
The HAL provides access to firmware services discovered during boot:
ACPI (x86_64 / AArch64)
hal/src/firmware/acpi.rs
15rust
pub struct AcpiInterface {
pub fn rsdp(&self) -> Option<&Rsdp>;
pub fn find_table<T: AcpiTable>(&self, signature: &[u8; 4]) -> Option<&T>;
pub fn madt(&self) -> Option<&Madt>; // APIC topology
pub fn hpet(&self) -> Option<&Hpet>; // HPET table
pub fn fadt(&self) -> Option<&Fadt>; // Fixed ACPI Description
7
}
Index
Device Tree (RISC-V / AArch64)
hal/src/firmware/device_tree.rs
15rust
pub struct DeviceTree {
pub fn root(&self) -> DtNode;
pub fn find_node(&self, path: &str) -> Option<DtNode>;
pub fn find_compatible(&self, compatible: &str) -> Vec<DtNode>;
pub fn memory_regions(&self) -> Vec<MemoryRegion>;
pub fn cpu_nodes(&self) -> Vec<DtNode>;
7
}
Index
SBI (RISC-V)
hal/src/firmware/sbi.rs
15rust
pub struct SbiInterface {
pub fn console_putchar(c: u8);
pub fn set_timer(deadline: u64);
pub fn hart_start(hartid: usize, start_addr: usize, opaque: usize);
pub fn hart_stop();
pub fn hart_get_status(hartid: usize) -> HartStatus;
7
}
Index
KASLR
Kernel Address Space Layout Randomization randomizes the kernel's load address on every boot, making exploits harder.
Implementation (847 lines)
KASLR — Address Randomization Flow7N · 6E
100%
100%
☝ Drag to pan·🤏 Pinch to zoom·Tap a node
Ctrl+FSearch
PPath
SStats
FFullscreen
EExport
Shift+DragMove node
↑↓Navigate
+/−Zoom
Entropy Sources
| Source | Architecture | Quality | Fallback |
|---|---|---|---|
RDRAND | x86_64 | High | Yes (hardware RNG) |
RDSEED | x86_64 | High | Yes (true RNG) |
| Timer jitter | All | Medium | Primary fallback |
| Boot timestamp | All | Low | Last resort |
ELF Relocation
The relocation engine (in helix-relocation, 12 files, ~2,000 lines) processes ELF relocations at boot time for PIE (Position-Independent Executable) kernels.
Supported Relocations
| Type | Architecture | Description |
|---|---|---|
R_X86_64_RELATIVE | x86_64 | Base + Addend |
R_X86_64_64 | x86_64 | Symbol + Addend |
R_X86_64_GLOB_DAT | x86_64 | Symbol address → GOT |
R_AARCH64_RELATIVE | AArch64 | Base + Addend |
R_AARCH64_ABS64 | AArch64 | Symbol + Addend |
R_RISCV_64 | RISC-V | Symbol + Addend |
R_RISCV_RELATIVE | RISC-V | Base + Addend |
Relocation Process
subsystems/relocation/src/engine.rs
14rust
pub struct RelocationEngine {
pub fn new(base: usize, load_offset: isize) -> Self;
pub fn process_rela(&mut self, rela: &[Rela64]) -> Result<usize>;
pub fn process_dynamic(&mut self, dynamic: &[Dyn64]) -> Result<()>;
pub fn validate(&self) -> Result<()>;
6
}
Index
The engine processes all .rela.dyn entries, applying the load offset to each. Validation ensures no relocations point outside the kernel image.
Architecture Backends
Each architecture provides a complete HAL implementation. Here's the file structure:
x86_64 Backend
x86_64 Backend — Source Tree13N · 12E
100%
100%
☝ Drag to pan·🤏 Pinch to zoom·Tap a node
Ctrl+FSearch
PPath
SStats
FFullscreen
EExport
Shift+DragMove node
↑↓Navigate
+/−Zoom
AArch64 Backend
AArch64 Backend — Source Tree10N · 9E
100%
100%
☝ Drag to pan·🤏 Pinch to zoom·Tap a node
Ctrl+FSearch
PPath
SStats
FFullscreen
EExport
Shift+DragMove node
↑↓Navigate
+/−Zoom
RISC-V Backend
RISC-V Backend — Source Tree10N · 9E
100%
100%
☝ Drag to pan·🤏 Pinch to zoom·Tap a node
Ctrl+FSearch
PPath
SStats
FFullscreen
EExport
Shift+DragMove node
↑↓Navigate
+/−Zoom
Architecture Comparison
| Feature | x86_64 | AArch64 | RISC-V |
|---|---|---|---|
| Source files | ~60 | ~35 | ~30 |
| Estimated lines | ~25,000 | ~14,000 | ~12,000 |
| Page table levels | 4 (PML4) | 4 (4KB) | 3-5 (Sv39-57) |
| Interrupt controller | APIC | GICv3 | PLIC |
| Timer | TSC/HPET/APIC | Generic Timer | SBI Timer |
| SMP startup | INIT-SIPI | PSCI | SBI HSM |
| Serial output | COM1 (0x3F8) | PL011 UART | SBI console |
| KASLR entropy | RDRAND/RDSEED | Timer jitter | Timer jitter |