|
1 | | -Tiny KVM virtual machine |
| 1 | +TinyKVM userspace emulator library |
2 | 2 | ============== |
3 | 3 |
|
4 | | -This repository is hosting a tiny KVM virtual machine. |
5 | | -It implements a subset of the Linux system ABI. |
| 4 | +TinyKVM is a simple, slim and highly specialized userspace emulator library with _native performance_. It is highly embeddable and with only 10k LOC, has an unbelievably tiny attack surface. |
6 | 5 |
|
7 | | -``` |
8 | | -0x1600 - GDT |
9 | | -0x1700 - TSS |
10 | | -0x1800 - IDT |
11 | | -0x2000 - Interrupt assembly |
12 | | -0x3000 - 4k IST stack |
13 | | -0x4000 - VSYSCALL page |
14 | | -0x5000 - Page tables |
15 | | -0x100000 - Stack |
16 | | -0x200000 - Binary, heap |
17 | | -``` |
| 6 | +TinyKVM uses KVM, which is the most robust, battle-hardened virtualization API that exists right now. It is only 60k LOC in the kernel, and it is the foundation of the modern public cloud. TinyKVM does not exercise the full KVM API, as it does not use any virtualized devices. |
18 | 7 |
|
19 | | -Static -O2 musl - Hello World |
20 | | -============== |
21 | | - |
22 | | -The time it takes to create the master VM: |
23 | | -``` |
24 | | -Construct: 349313ns (349 micros) |
25 | | -``` |
26 | | - |
27 | | -Run-time to initialize the master VM: |
28 | | -``` |
29 | | -Runtime: 2926952ns (2926 micros) |
30 | | -``` |
31 | 8 |
|
32 | | -Time to call the `test` function in the master VM: |
33 | | -``` |
34 | | -vmcall(test): 6947ns (6 micros) |
35 | | -``` |
| 9 | +## Userspace Emulation |
36 | 10 |
|
37 | | -Time to destroy the master VM: |
38 | | -``` |
39 | | -Destruct: 308352ns (308 micros) |
40 | | -``` |
41 | | - |
42 | | -VM fast-forking |
43 | | -============== |
| 11 | +Userspace emulation means running userspace programs. You can take a regular Linux program that you just built in your terminal and run it in TinyKVM. It will have the same exact run-time, the same exact CPU features and so on. |
44 | 12 |
|
45 | | -Time to create a copy-on-write fork of the master VM: |
46 | | -``` |
47 | | -VM fork: 220743ns (220 micros) |
48 | | -``` |
| 13 | +The rule-of-thumb is thus: If you can run it locally on your machine, you can run it in TinyKVM, at the same speed. |
49 | 14 |
|
50 | | -Time to call the `test` function in the forked VM: |
51 | | -``` |
52 | | -Subsequent vmcalls: 1983ns (1 micro) |
53 | | -``` |
| 15 | +But there are some differences: |
54 | 16 |
|
55 | | -Time to create, call into and destroy the fork: |
56 | | -``` |
57 | | -VM fork totals: 306539ns (306 micros) |
58 | | -``` |
59 | | - |
60 | | -These benchmarks are based on 300 tinyKVM guest VMs with no warmup. |
61 | | - |
62 | | - |
63 | | -VM fork resetting |
64 | | -============== |
| 17 | +- TinyKVM has an execution timeout feature, allowing automatic stopping of stuck programs |
| 18 | +- TinyKVM has memory limits |
| 19 | +- TinyKVM can fork an initialized program into hundreds of pre-initialized VMs |
| 20 | +- TinyKVM can load programs while preferring hugepages, leading to performance gains |
65 | 21 |
|
66 | | -By reusing each fork, and just resetting them between usage, keeping some of the most costly things to re-initialize, we can save a bunch of time, and in the end we will initialize faster than competitors WASM implementations. |
67 | 22 |
|
68 | | -Time to do a function call into a forked VM: |
69 | | -``` |
70 | | -Fast vmcall: 5546ns (5 micros) |
71 | | -``` |
| 23 | +## Home-field Advantage |
72 | 24 |
|
73 | | -Time needed to reset a fork to initial forked state: |
74 | | -``` |
75 | | -Fast reset: 3581ns (3 micros) |
76 | | -``` |
| 25 | +A very understated feature of running directly on the CPU using hardware virtualization is that you don't need fancy toolchains to build programs. This is a most surprising and welcome feature as building and working with other architectures is often a struggle. |
77 | 26 |
|
78 | | -For a total reset+call time of 9 microseconds, which is much less than the official 60 microseconds for a Lucet WASM request. We don't have any destruction cost for this mode of operation. However, the context switching itself seems to be lower on Lucet. |
| 27 | +Secondly, as CPUs evolve, so does TinyKVM. It never has to be updated, yet it will continue to run at native speeds on your CPU. |
79 | 28 |
|
80 | | -Also, we can start processing after only 5 microseconds, and immediately deliver the result to the client. The reset cost can be deferred until after delivery. This lowers the time to first byte, which is an important number in HTTP caches. |
0 commit comments