feature - QEMU tiny kernel capability proof

[dannymeijer]

Area

• Compiler (frontend/backend/codegen)
• Tooling (CLI/formatter/test runner)
• Runtime / Core crates (stdlib/core/derive)
• Documentation

Problem statement

The 0.9 roadmap needs a concrete vertical proof that the 0.8 freestanding foundations work under real low-level pressure. A freestanding artifact that merely builds is not enough; the project needs a tiny Incan-authored kernel proof that boots under an emulator and exercises the target, linker, panic, allocator, unsafe, layout, and MMIO surfaces together.

The goal is not a production operating system. The goal is a credible capability proof that can inform 1.0 stabilization decisions.

Proposed solution

Build a tiny QEMU-bootable kernel proof using Incan-authored init logic and the 0.8 freestanding foundations.

The proof should include:

• minimal architecture support layer;
• linker and boot configuration;
• QEMU runner and smoke harness;
• serial output from Incan-authored init code;
• panic halt/report path;
• allocator hookup if the selected proof uses allocation;
• MMIO/volatile/raw pointer use through the accepted unsafe surface;
• at least one interrupt, timer, or simple task proof.

Alternatives considered

• Stop at a no-std build artifact. Rejected because boot/link/runtime assumptions only show up under an actual low-level execution target.
• Try to build a real OS. Rejected because the roadmap target is capability evidence, not production kernel scope.
• Use handwritten Rust for the interesting kernel parts. Rejected for the proof: support shims may exist, but the init logic and low-level capability exercise should be Incan-authored.

Scope / acceptance criteria

• In scope:
  • QEMU runner and smoke-test harness.
  • Minimal boot/link configuration for one chosen architecture/profile.
  • Incan-authored kernel init logic.
  • Serial output proof.
  • Panic halt/report proof.
  • One concrete low-level capability proof such as MMIO, timer, interrupt, or simple task scheduling.
  • Documentation explaining what is proven and what remains experimental.
• Out of scope:
  • Production OS kernel design.
  • Replacing Linux or building a full userspace.
  • Broad architecture matrix.
  • Driver model, filesystem, networking, process model, or memory-protection completeness.
  • Stabilizing every unsafe/layout/runtime surface before 1.0.
• Done when:
  • The repo can build the tiny kernel proof from Incan source and boot it under QEMU.
  • The smoke harness observes expected serial output or equivalent machine-checkable success.
  • The proof exercises panic/allocator/runtime/unsafe/layout hooks enough to validate the 0.8 foundations.
  • The docs clearly distinguish proven capability from production OS scope.