qubes-mirage-firewall VS FreeRTOS-Kernel

2) https://github.com/mirage/qubes-mirage-firewall is by far a better firewall for Qubes than OpenBSD ever will be - unikernels are far more secure than a traditional operating system is and you can read all about it on https://mirageos.org/

That's correct. It does mean that the closest to a self-contained program you can run is a unikernel like the mirage-firewall, unfortunately. On the upside, those remain easily portable to essentially anything that can run VMs so long as you adjust the image format.

That sounds similar to a unikernel. There are actual uses for those in seL4 and Qubes OS such as a firewall-qube (in theory unikernel qubes should be able to take far less system resources to run than full Linux+distro qubes).

Here's one that is "production" ready: the Mirage-Firewall microkernel running on Qubes OS.[0]

[0] : https://github.com/mirage/qubes-mirage-firewall

sys-net, sys-firewall and other administrative vms should slowly migrate to unikernels instead of running linux, which should help with ram usage. The mirage.io project seems to build a couple qubes vms, for example https://github.com/mirage/qubes-mirage-firewall is a firewall which they indicate to give 64Mb of ram.

Here is the port - https://github.com/FreeRTOS/FreeRTOS-Kernel/tree/main/portable/ThirdParty/GCC/Posix

Freertos has support for generic cortex m3: https://github.com/FreeRTOS/FreeRTOS-Kernel/tree/main/portable/GCC/ARM_CM3 It could very well work almost out of the box with your mcu.

the only OS written in iso c i found was RTOS and they have open bug reports due to strict aliasing in simple things like their linked list implementation, which they don't bother to fix because somehow that causes even more problems (?!): https://github.com/FreeRTOS/FreeRTOS-Kernel/pull/54

You likely put the requirements of POSIX just to have an excuse. Fyi, FreeRTOS kernel, the only thing you need, is here: https://github.com/FreeRTOS/FreeRTOS-Kernel/

- https://github.com/FreeRTOS/FreeRTOS-Kernel (architecture, C)

FreeRTOS comes with 5 quite simple reference implementations of the heap memory allocator. You can study how it works.

The main branch is single-core. You're looking for the SMP branch.

On non-POSIX systems, malloc & free are implemented differently. EG FreeRTOS has some very simple malloc (and optionally free) implementations, eg heap_2.c (has malloc & free, but doesn't consolidate blocks), or heap_4.c (more complex, tries to prevent fragmentation by consolidating blocks, still less optmized & simpler than the glibc malloc/free used by most Linux systems).