KernRift

A kernel-first systems language that turns OS invariants into compile-time errors — not boot-time crashes.

$ kernriftc hello.kr
$ kernrift hello.krbo
Hello, World!
[Read the Docs] [The Living Compiler] [View on GitHub]

Generic systems languages don't model kernel reality. KernRift bakes interrupt contexts, lock ordering, MMIO semantics, capability requirements, and host-side effects directly into the type system. It bypasses LLVM entirely — emitting raw native machine code as a universal Fat Binary (.krbo), a linkable ELF object, readable assembly, or a native host executable — with zero runtime overhead and sub-millisecond compile times.

Instantaneous Compilation

KernRift skips LLVM, the C preprocessor, and every optimization IR. Compilation is 8–15x faster than GCC at object-file emission — measured over 30 runs with hyperfine.

Input Lines Tool Mean Time
hello.kr 4 kernriftc --emit=elfobj 0.9 ms
pci_irq_driver.kr 70 kernriftc --emit=elfobj 1.1 ms
hello.c 1 gcc -O0 -c 8.5 ms
uart_driver.c ~20 gcc -O2 -c 14.9 ms

Formal Context Safety

Functions are annotated with execution contexts (boot, thread, irq). The compiler uses formal set-logic (ctx_ok(caller) ⊆ ctx_ok(callee)) to prove mathematical safety across the entire call graph before emitting a single byte.

Physical Code Shaping

KernRift optimizes for physical silicon cache lines. Tag a function with @hotpath, and the backend automatically pads the entry point with NOPs to achieve perfect 16-byte alignment, eradicating I-cache misses in tight ISR loops.

Aggressive DCE

The compiler runs a Breadth-First Search over the Intermediate Representation call graph. Using @export and @ctx(boot) as root nodes, it surgically eliminates all unreachable functions, radically shrinking the final kernel footprint.

Global Lock Graph

Deadlocks are mathematically impossible. kernriftc link performs a Depth-First Search (DFS) on lock acquisition paths across all modules at link-time, rejecting the binary if a lock-order cycle exists anywhere.

Typed MMIO

Define hardware registers with explicit widths and rw / ro access rights. Memory-mapped I/O is volatile-safe by default, eliminating the class of optimizer bugs that silently corrupt C device drivers.

Host Execution Mode

KernRift isn't just for kernels. Ctx::Host programs compile to native host executables with --emit=hostexe, letting you write build scripts, code generators, and install tools in the same language as your drivers. build.rs replaced by build.kr.

Universal Fat Binaries

Compile once, run anywhere. By default, kernriftc bundles both x86-64 and ARM64 machine code into a single, LZ4-compressed .krbo file. If space is critical, use the --arch flag (e.g. --arch arm64) to emit a thin, single-architecture binary.

Cryptographic Supply Chain

Trust no one. KernRift can generate, hash, and sign canonical JSON artifact contracts using Ed25519. Use kernriftc verify in your CI pipeline to mathematically guarantee that a compiled binary matches its source semantics exactly.

Quickstart

Note: Compiling from source requires rustup version 1.28.2 or higher. Do not use apt, brew, or winget to install Rust, as their repositories are often dangerously outdated.

Install 
# Linux
bash <(curl -sSf https://raw.githubusercontent.com/Pantelis23/KernRift/main/scripts/install-linux.sh)

# macOS
bash <(curl -sSf https://raw.githubusercontent.com/Pantelis23/KernRift/main/scripts/install-macos.sh)

# Windows (PowerShell)
cargo install --git https://github.com/Pantelis23/KernRift kernriftc --locked
cargo install --git https://github.com/Pantelis23/KernRift kernrift --locked
uart_driver.kr — Kernel Driver 
// UART driver — only callable from thread/boot context.
@module_caps(Mmio, MmioRaw);

// COM1 UART base address and register layout.
mmio UART = 0xFED00000;
mmio_reg UART.Data = 0x00 : u8 rw;
mmio_reg UART.IER  = 0x01 : u8 rw;
mmio_reg UART.LSR  = 0x05 : u8 ro;

spinlock UartLock;

@ctx(thread, boot) @eff(mmio) @caps(Mmio)
fn uart_write_byte(b: u8) {
    acquire(UartLock);
    mmio_write<u8>(UART + 0x00, b);
    release(UartLock);
}

// ✗ compile error: irq context cannot acquire a lock
// @ctx(irq) fn bad() { acquire(UartLock); }
build.kr — Host Build Script 
// Build orchestration written in KernRift itself.
// Compiled to a native host binary: kernriftc --emit=hostexe build.kr
@module_caps(Env, Process, Stdout)

@ctx(host) @eff(env)     @caps() extern fn getenv(uint64 name) -> uint64;
@ctx(host) @eff(stdout)  @caps() extern fn puts(uint64 s) -> uint32;
@ctx(host) @eff(process) @caps() extern fn system(uint64 cmd) -> uint32;
@ctx(host) @eff(process) @caps() extern fn exit(uint32 code);

@export
@ctx(host) @eff(env, process, stdout)
fn main() {
    uint64 skip = getenv("AOS_SKIP_KR")
    if skip != 0 {
        puts("cargo:warning=AOS_SKIP_KR set: skipping")
        exit(0)
    }
    uint32 rc = system("kernriftc --emit=elfobj --arch x86_64 serial.kr -o serial.o")
    if rc != 0 {
        puts("cargo:error=kernriftc failed for serial.kr")
        exit(1)
    }
    puts("cargo:rustc-link-arg=serial.o")
}
Compile & Run 
# Kernel driver → linkable ELF object (x86-64)
$ kernriftc --emit=elfobj --arch x86_64 uart_driver.kr -o uart_driver.o

# Kernel driver → Universal Fat Binary (x86-64 + ARM64), then run it
$ kernriftc uart_driver.kr -o uart_driver.krbo
$ kernrift uart_driver.krbo

# Host build script → native executable, then run it
$ kernriftc --emit=hostexe --arch x86_64 build.kr -o build
$ ./build
cargo:rustc-link-arg=serial.o

# Type-check only, zero disk output
$ kernriftc check uart_driver.kr