Performance
seL4 stands apart with its unparalleled formal verification, without any compromise in performance. In fact it is fastest operating system kernel available on IPC performance. This page explains this claim and its significance, while also providing detailed seL4 performance metrics. 
The world's fastest kernel
seL4 has been designed for real-world use. From the beginning when verification started, the aim was to achieve the highest assurance level through formal proof, without sacrificing more than 10% in performance compared to the fastest kernels at the time.
seL4 not only beat the performance of those earlier kernels, but it now outperforms any microkernels by a factor of 2 to 10 times on key benchmarks. While independent performance comparisons are scarce, the few available studies corroborate our claims. We provide public performance numbers and a public experimental setup to enable repeatable independent benchmarks.
By providing both proved security and performance, seL4 is designed to support a wide range of real-world use cases.
Why IPC Benchmarks?
Microkernel-based systems tend to divide up software into a greater number of components than monolithic systems. Usually these components run in separate address spaces. This is excellent for improving security, but can incur overhead if done wrong.
Components on top of seL4 communicate with IPC (inter-process communication), notifications, and shared memory, where IPC is most commonly used as the mechanism for protected procedure calls. The IPC benchmarks below measure the overhead of these calls and show that they are on the order of normal function calls in monolithic systems. This is the key benchmark for showing that improved security is possible without sacrificing performance.
Performance numbers
This section displays the latest benchmark numbers for seL4 from the publicly available sel4bench repository. The following times are reported as mean and standard deviation in the format mean (std dev), both rounded to the nearest integer.
- IRQ invoke: Time in cycles to invoke a user-level interrupt handler running in a different address space as the interrupted thread.
- IPC call: Time in cycles for invoking a server in a different address space on the same core.
- IPC reply: Time in cycles for a server replying to a client in a different address space on the same core.
- Notify: Time in cycles to send a signal from a process with priority 1 to a higher priority (255) process in a different address space
Default
| ISA | Mode | Core/SoC/Board | Clock | IPC call | IRQ Invoke | IPC reply | Notify | ||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| Armv7a | 32 | A9/i.MX6/Sabre | 1.0 GHz | 592 | (12) | 316 | (2) | 334 | (2) | 849 | (16) |
| x86_64 | 64 | i7-4770/Haswell | 3.4 GHz | 1610 | (257) | 587 | (16) | 599 | (15) | 1324 | (7) |
| x86_64 | 64 | i7-6700/Skylake* | 3.4 GHz | 1540 | (193) | 387 | (3) | 380 | (2) | 768 | (10) |
| Armv8a | 64 | A57/Tx1/Jetson | 1.9 GHz | 734 | (6) | 407 | (12) | 416 | (2) | 915 | (6) |
| RV64IMAC | 64 | U54-MC/SiFive Freedom U540/Hifive | 1.5 GHz | 1025 | (81) | 860 | (148) | 855 | (134) | 1693 | (120) |
* without meltdown mitigation
MCS
| ISA | Mode | Core/SoC/Board | Clock | IPC call | IRQ Invoke | IPC reply | Notify | ||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| Armv7a | 32 | A9/i.MX6/Sabre | 1.0 GHz | 759 | (13) | 324 | (2) | 363 | (2) | 1132 | (15) |
| x86_64 | 64 | i7-4770/Haswell | 3.4 GHz | 1956 | (419) | 600 | (17) | 601 | (13) | 1571 | (13) |
| x86_64 | 64 | i7-6700/Skylake* | 3.4 GHz | 1895 | (335) | 391 | (4) | 418 | (6) | 1053 | (11) |
| Armv8a | 64 | A57/Tx1/Jetson | 1.9 GHz | 940 | (71) | 415 | (6) | 430 | (1) | 1052 | (18) |
| RV64IMAC | 64 | U54-MC/SiFive Freedom U540/Hifive | 1.5 GHz | 3371 | (130) | 690 | (48) | 738 | (78) | 4254 | (173) |
* without meltdown mitigation
Compilation Details
All benchmarks were built using the trustworthy-systems/sel4 docker image from the seL4 docker file repository
See details on compiler and build commands
Default
| ISA | Mode | Core/SoC/Board | Compiler | Build command |
|---|---|---|---|---|
| Armv7a | 32 | A9/i.MX6/Sabre | arm-linux-gnueabi-gcc GNU 10.2.1 | init-build.sh -DFASTPATH=TRUE -DHARDWARE=TRUE -DFAULT=TRUE -DAARCH32=TRUE -DPLATFORM=sabre |
| x86_64 | 64 | i7-4770/Haswell | gcc GNU 10.2.1 | init-build.sh -DFASTPATH=TRUE -DHARDWARE=TRUE -DFAULT=TRUE -DPLATFORM=x86_64 |
| x86_64 | 64 | i7-6700/Skylake | gcc GNU 10.2.1 | init-build.sh -DKernelSkimWindow=FALSE -DFASTPATH=TRUE -DHARDWARE=TRUE -DFAULT=TRUE -DPLATFORM=x86_64 |
| Armv8a | 64 | A57/Tx1/Jetson | aarch64-linux-gnu-gcc GNU 10.2.1 | init-build.sh -DFASTPATH=TRUE -DHARDWARE=TRUE -DFAULT=TRUE -DAARCH64=TRUE -DPLATFORM=tx1 |
| RV64IMAC | 64 | U54-MC/SiFive Freedom U540/Hifive | riscv64-unknown-elf-gcc GNU 8.3.0 | init-build.sh -DFASTPATH=TRUE -DHARDWARE=FALSE -DFAULT=FALSE -DRISCV64=TRUE -DPLATFORM=hifive |
MCS
| ISA | Mode | Core/SoC/Board | Compiler | Build command |
|---|---|---|---|---|
| Armv7a | 32 | A9/i.MX6/Sabre | arm-linux-gnueabi-gcc GNU 10.2.1 | init-build.sh -DFASTPATH=TRUE -DHARDWARE=TRUE -DFAULT=TRUE -DAARCH32=TRUE -DPLATFORM=sabre -DMCS=TRUE |
| x86_64 | 64 | i7-4770/Haswell | gcc GNU 10.2.1 | init-build.sh -DFASTPATH=TRUE -DHARDWARE=TRUE -DFAULT=TRUE -DPLATFORM=x86_64 -DMCS=TRUE |
| x86_64 | 64 | i7-6700/Skylake | gcc GNU 10.2.1 | init-build.sh -DKernelSkimWindow=FALSE -DMCS=TRUE -DFASTPATH=TRUE -DHARDWARE=TRUE -DFAULT=TRUE -DPLATFORM=x86_64 |
| Armv8a | 64 | A57/Tx1/Jetson | aarch64-linux-gnu-gcc GNU 10.2.1 | init-build.sh -DFASTPATH=TRUE -DHARDWARE=TRUE -DFAULT=TRUE -DAARCH64=TRUE -DPLATFORM=tx1 -DMCS=TRUE |
| RV64IMAC | 64 | U54-MC/SiFive Freedom U540/Hifive | riscv64-unknown-elf-gcc GNU 8.3.0 | init-build.sh -DFASTPATH=TRUE -DHARDWARE=FALSE -DFAULT=FALSE -DRISCV64=TRUE -DPLATFORM=hifive -DMCS=TRUE |
Source Code
This page was generated on 2025-04-29 for sel4bench-manifest 34aa6045.