Secure and fast microVMs for serverless computing.

Overview

Firecracker Logo Title

Our mission is to enable secure, multi-tenant, minimal-overhead execution of container and function workloads.

Read more about the Firecracker Charter here.

What is Firecracker?

Firecracker is an open source virtualization technology that is purpose-built for creating and managing secure, multi-tenant container and function-based services that provide serverless operational models. Firecracker runs workloads in lightweight virtual machines, called microVMs, which combine the security and isolation properties provided by hardware virtualization technology with the speed and flexibility of containers.

Overview

The main component of Firecracker is a virtual machine monitor (VMM) that uses the Linux Kernel Virtual Machine (KVM) to create and run microVMs. Firecracker has a minimalist design. It excludes unnecessary devices and guest-facing functionality to reduce the memory footprint and attack surface area of each microVM. This improves security, decreases the startup time, and increases hardware utilization. Firecracker has also been integrated in container runtimes, for example Kata Containers and Weaveworks Ignite.

Firecracker was developed at Amazon Web Services to accelerate the speed and efficiency of services like AWS Lambda and AWS Fargate. Firecracker is open sourced under Apache version 2.0.

To read more about Firecracker, check out firecracker-microvm.io.

Getting Started

To get started with Firecracker, download the latest release binaries or build it from source.

You can build Firecracker on any Unix/Linux system that has Docker running (we use a development container) and bash installed, as follows:

git clone https://github.com/firecracker-microvm/firecracker
cd firecracker
tools/devtool build
toolchain="$(uname -m)-unknown-linux-musl"

The Firecracker binary will be placed at build/cargo_target/${toolchain}/debug/firecracker. For more information on building, testing, and running Firecracker, go to the quickstart guide.

The overall security of Firecracker microVMs, including the ability to meet the criteria for safe multi-tenant computing, depends on a well configured Linux host operating system. A configuration that we believe meets this bar is included in the production host setup document.

Contributing

Firecracker is already running production workloads within AWS, but it's still Day 1 on the journey guided by our mission. There's a lot more to build and we welcome all contributions.

To contribute to Firecracker, check out the development setup section in the getting started guide and then the Firecracker contribution guidelines.

Releases

New Firecracker versions are released via the GitHub repository releases page, typically every two or three months. A history of changes is recorded in our changelog.

The Firecracker release policy is detailed here.

Design

Firecracker's overall architecture is described in the design document.

Features & Capabilities

Firecracker consists of a single micro Virtual Machine Manager process that exposes an API endpoint to the host once started. The API is specified in OpenAPI format. Read more about it in the API docs.

The API endpoint can be used to:

  • Configure the microvm by:
    • Setting the number of vCPUs (the default is 1).
    • Setting the memory size (the default is 128 MiB).
    • [x86_64 only] Choosing a CPU template (currently, C3 and T2 are available).
  • Add one or more network interfaces to the microVM.
  • Add one or more read-write or read-only disks to the microVM, each represented by a file-backed block device.
  • Trigger a block device re-scan while the guest is running. This enables the guest OS to pick up size changes to the block device's backing file.
  • Change the backing file for a block device, before or after the guest boots.
  • Configure rate limiters for virtio devices which can limit the bandwidth, operations per second, or both.
  • Configure the logging and metric system.
  • [BETA] Configure the data tree of the guest-facing metadata service. The service is only available to the guest if this resource is configured.
  • Add a vsock socket to the microVM.
  • Start the microVM using a given kernel image, root file system, and boot arguments.
  • [x86_64 only] Stop the microVM.

Built-in Capabilities:

  • Demand fault paging and CPU oversubscription enabled by default.
  • Advanced seccomp filters for enhanced security.
  • Jailer process for starting Firecracker in production scenarios; applies a cgroup/namespace isolation barrier and then drops privileges.

Supported platforms

We continuously test Firecracker on machines with the following CPUs micro-architectures: Intel Skylake, Intel Cascade Lake, AMD Zen2 and ARM64 Neoverse N1.

Firecracker is generally available on Intel x86_64, AMD x86_64 and ARM64 CPUs (starting from release v0.24) that offer hardware virtualization support, and that are released starting with 2015. All production use cases should follow these production host setup instructions.

Firecracker may work on other x86 and Arm 64-bit CPUs with support for hardware virtualization, but any such platform is currently not supported and not fit for production. If you want to run Firecracker on such platforms, please open a feature request.

Firecracker currently only supports little-endian platforms, which includes x86_64 and many aarch64 CPUs. Other systems and architectures may not provide a little-endian mode, and Firecracker may not work correctly on such systems.

Known issues and Limitations

  • The SendCtrlAltDel API request is not supported for aarch64 enabled microVMs.
  • Configuring CPU templates is only supported for Intel enabled microVMs.
  • The ability of snapshotting a microVM on aarch64 is only supported for GICv3 powered microVMs.

Performance

Firecracker's performance characteristics are listed as part of the specification documentation. All specifications are a part of our commitment to supporting container and function workloads in serverless operational models, and are therefore enforced via continuous integration testing.

Policy for Security Disclosures

The security of Firecracker is our top priority. If you suspect you have uncovered a vulnerability, contact us privately, as outlined in our security policy document; we will immediately prioritize your disclosure.

FAQ & Contact

Frequently asked questions are collected in our FAQ doc.

You can get in touch with the Firecracker community in the following ways:

When communicating within the Firecracker community, please mind our code of conduct.

Comments
  • InstanceStart Causes Firecracker to Crash

    InstanceStart Causes Firecracker to Crash

    Platform

    • Hardware: t1.small.x86 Bare metal server from Packet with 1 x Intel Atom C2550 @ 2.4Ghz processor, 8GB RAM, 80 GB SSD
    • OS: Ubuntu 16.04.5 LTS
    • Kernel: 4.4.0-134-generic

    Issue Runing InstanceStart action causes Firecracker process to crash with logging error.

    Error Message 018-11-28T06:51:31.336002913 [:ERROR:vmm/src/lib.rs:1157] Failed to log metrics on abort. Failed to log metrics. Logger was not initialized.:?

    Steps to reproduce

    • Download the firecracker executable from Firecracker release page
    • Start firecracker process using ./firecracker --api-sock /tmp/firecracker.sock command. No messages seen here.
    • On a second console download kernel and rootfs to same directory as firecracker binary from links : kernel and rootfs
    • Set guest kernel using command curl --unix-socket /tmp/firecracker.sock -i \ -X PUT 'http://localhost/boot-source' \ -H 'Accept: application/json' \ -H 'Content-Type: application/json' \ -d '{ "kernel_image_path": "./hello-vmlinux.bin", "boot_args": "console=ttyS0 reboot=k panic=1 pci=off" }'
    • set the guest rootfs using commandcurl --unix-socket /tmp/firecracker.sock -i \ -X PUT 'http://localhost/drives/rootfs' \ -H 'Accept: application/json' \ -H 'Content-Type: application/json' \ -d '{ "drive_id": "rootfs", "path_on_host": "./hello-rootfs.ext4", "is_root_device": true, "is_read_only": false }'
    • Start VM using command curl --unix-socket /tmp/firecracker.sock -i \ -X PUT 'http://localhost/actions' \ -H 'Accept: application/json' \ -H 'Content-Type: application/json' \ -d '{ "action_type": "InstanceStart" }'

    Summary

    • Logger is not initialised causing the process to crash when relevant logging is initiated code
    • InstanceStart action fails leading to above case (?)
    Quality: Improvement Support: Failure 
    opened by ganeshmannamal 48
  • vsock: error reading from backing stream

    vsock: error reading from backing stream

    While developing the vhost-user-vsock application for cloud-hypervisor, I had an issue that happens also with the vsock device emulation: https://github.com/cloud-hypervisor/cloud-hypervisor/issues/1001

    As @sboeuf suggested, I tried with Firecracker and I had a very similar issue:

    2020-04-06T11:52:33.632842533 [anonymous-instance:ERROR:src/devices/src/virtio/vsock/csm/connection.rs:242] vsock: error reading from backing stream: lp=5201, pp=1031, err=Os { code: 11, kind: WouldBlock, message: "Resource temporarily unavailable" }
    

    After the error, the throughput goes to 0 and the peers are able to communicate only restarting the connection, but the error happens every time I tried to run iperf-vsock (guest connecting to the host)

    How to reproduce

    I used iperf-vsock to stress the vsock connection.

    Kernel: hello-vmlinux.bin (Linux (none) 4.14.55-84.37.amzn2.x86_64 #1 SMP Wed Jul 25 18:47:15 UTC 2018 x86_64 Linux) Firecracker: firecracker-v0.21.1-x86_64

    VM config

    {
      "boot-source": {
        "kernel_image_path": "./hello-vmlinux.bin",
        "boot_args": "console=ttyS0 reboot=k panic=1 pci=off"
      },
      "drives": [
        {
          "drive_id": "rootfs",
          "path_on_host": "rootfs.ext4",
          "is_root_device": true,
          "is_read_only": false
        }
      ],
      "machine-config": {
        "vcpu_count": 2,
        "mem_size_mib": 1024,
        "ht_enabled": false
      },
      "vsock": {
          "vsock_id": "1",
          "guest_cid": 4,
          "uds_path": "/tmp/vm4.vsock"
      }
    }
    

    guest

    ~# mkdir /tmp     # iperf3 uses mkstemp(3)
    ~# iperf3 --vsock -c 2
    Connecting to host 2, port 5201
    [  5] local 4 port 1033 connected to 2 port 5201
    [ ID] Interval           Transfer     Bitrate
    [  5]   0.00-1.00   sec  91.0 MBytes   763 Mbits/sec                  
    2020-04-06T11:55:51.001682775 [anonymous-instance:ERROR:src/devices/src/virtio/vsock/csm/connection.rs:242] vsock: error reading from backing stream: lp=5201, pp=1033, err=Os { code: 11, kind: WouldBlock, message: "Resource temporarily unavailable" }
    [  5]   1.00-2.00   sec   422 MBytes  3.54 Gbits/sec                  
    [  5]   2.00-3.00   sec  0.00 Bytes  0.00 bits/sec                  
    [  5]   3.00-4.00   sec  0.00 Bytes  0.00 bits/sec                  
    [  5]   4.00-5.00   sec  0.00 Bytes  0.00 bits/sec                  
    [  5]   5.00-6.00   sec  0.00 Bytes  0.00 bits/sec                  
    [  5]   6.00-7.00   sec  0.00 Bytes  0.00 bits/sec                  
    [  5]   7.00-8.00   sec  0.00 Bytes  0.00 bits/sec                  
    [  5]   8.00-9.00   sec  0.00 Bytes  0.00 bits/sec                  
    [  5]   9.00-10.00  sec  0.00 Bytes  0.00 bits/sec                  
    - - - - - - - - - - - - - - - - - - - - - - - - -
    [ ID] Interval           Transfer     Bitrate
    [  5]   0.00-10.00  sec   513 MBytes   431 Mbits/sec                  sender
    [  5]   0.00-10.01  sec   513 MBytes   430 Mbits/sec                  receiver
    
    iperf Done.
    

    host

    > ./iperf3 --vsock -s -B /tmp/vm4.vsock
    -----------------------------------------------------------
    Server listening on 5201
    -----------------------------------------------------------
    Accepted connection from 40:8c44:a220:e9bb:30b4:aa01::, port 43521
    [  5] local 6d34:2e76:736f:636b:5f35:3230:3100:0 port 12148 connected to :: port 0
    [ ID] Interval           Transfer     Bitrate
    [  5]   0.00-1.00   sec   431 MBytes  3.61 Gbits/sec                  
    [  5]   1.00-2.00   sec  0.00 Bytes  0.00 bits/sec                  
    [  5]   2.00-3.00   sec  0.00 Bytes  0.00 bits/sec                  
    [  5]   3.00-4.00   sec  0.00 Bytes  0.00 bits/sec                  
    [  5]   4.00-5.00   sec  0.00 Bytes  0.00 bits/sec                  
    [  5]   5.00-6.00   sec  0.00 Bytes  0.00 bits/sec                  
    [  5]   6.00-7.00   sec  0.00 Bytes  0.00 bits/sec                  
    [  5]   7.00-8.00   sec  0.00 Bytes  0.00 bits/sec                  
    [  5]   8.00-9.00   sec  0.00 Bytes  0.00 bits/sec                  
    [  5]   9.00-10.00  sec  0.00 Bytes  0.00 bits/sec                  
    - - - - - - - - - - - - - - - - - - - - - - - - -
    [ ID] Interval           Transfer     Bitrate
    [  5]   0.00-10.00  sec   431 MBytes   361 Mbits/sec                  receiver
    
    Quality: Bug Feature: Emulation Priority: High 
    opened by stefano-garzarella 47
  • Update Rust toolchain to 1.43.1

    Update Rust toolchain to 1.43.1

    Reason for This PR

    The latest cargo-audit used in the Docker images requires Rust >=1.40. The current image still uses Rust 1.39.

    Blocked by #1913

    Fixes #1904

    Description of Changes

    The Dockerfiles have been changed to use Rust 1.43.1, the latest stable Rust version.

    • [x] This functionality can be added in rust-vmm.

    License Acceptance

    By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

    PR Checklist

    [Reviewer TODO: Verify that these criteria are met. Request changes if not]

    • [x] All commits in this PR are signed (git commit -s).
    • [x] The reason for this PR is clearly provided (issue no. or explanation).
    • [x] The description of changes is clear and encompassing.
    • [x] Any required documentation changes (code and docs) are included in this PR.
    • [x] Any newly added unsafe code is properly documented.
    • [x] Any API changes are reflected in firecracker/swagger.yaml.
    • [x] Any user-facing changes are mentioned in CHANGELOG.md.
    Status: Author Status: Reviewer 
    opened by timvisee 42
  • loader: add support for initrd

    loader: add support for initrd

    Reason for This PR

    The 2020 Roadmap welcomes contributions that adds initrd support. A previous PR was opened to add it (#670), but cannot be reused as is, because it also added support for loading a compressed kernel.

    Hence #670 was reworked and rebased to only include initrd support. Fixes #208 .

    Description of Changes

    • Add initrd_path property to the boot-source API.
    • Pass ramdisk_image (memory offset) and ramdisk_size to the guest bootparams table.
    • Implement the load_initrd loader function, to load the initrd file content into the guest memory ~~at a (for the moment) fixed address~~ at then end of the available low memory (for x86_64).

    License Acceptance

    By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

    PR Checklist

    [Author TODO: Meet these criteria. Where there are two options, keep one.]
    [Reviewer TODO: Verify that these criteria are met. Request changes if not]

    • [x] All commits in this PR are signed (git commit -s).
    • [x] Either this PR is linked to an issue, or, the reason for this PR is clearly provided.
    • [x] The description of changes is clear and encompassing.
    • [x] Either no docs need to be updated as part of this PR, or, the required doc changes are included in this PR. Docs in scope are all *.md files located either in the repository root, or in the docs/ directory.
    • [x] Either no code has been touched, or, code-level documentation for touched code is included in this PR.
    • [x] Either no API changes are included in this PR, or, the API changes are reflected in firecracker/swagger.yaml.
    • [x] Either the changes in this PR have no user impact, or, the changes in this PR have user impact and have been added to the CHANGELOG.md file.
    Codebase: Usability Roadmap: New Request Status: Reviewer 
    opened by marcov 41
  • Partial fix for restore snapshot GET /vm/config bug

    Partial fix for restore snapshot GET /vm/config bug

    Fixed the issue where GET /vm/config would return the default config for a VM restored from a snapshot. The config now updates after restoring from a snapshot.

    Reason for This PR

    This PR exists to fix the bug described in issue #2783.

    Description of Changes

    Changed restoring a snapshot to include updating the VmResources so that the correct config would be returned for the GET /vm/config endpoint. The only parts of the config that are still using default values after restoring a snapshot are the following: boot-source (which is reasonable since there is no boot-source in the case of a restore), machine-config.smt and machine-config.cpu_template.

    License Acceptance

    By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

    PR Checklist

    [Author TODO: Meet these criteria.] [Reviewer TODO: Verify that these criteria are met. Request changes if not]

    • [x] All commits in this PR are signed (git commit -s).
    • [x] The issue which led to this PR has a clear conclusion.
    • [x] This PR follows the solution outlined in the related issue.
    • [x] The description of changes is clear and encompassing.
    • [x] Any required documentation changes (code and docs) are included in this PR.
    • [x] Any newly added unsafe code is properly documented.
    • [x] Any API changes follow the Runbook for Firecracker API changes.
    • [x] Any user-facing changes are mentioned in CHANGELOG.md.
    • [x] All added/changed functionality is tested.
    opened by summerlinryan 35
  • [Devices] virtio vsock

    [Devices] virtio vsock

    We want to have vsock support to enable container integration, but we don't want to use vhost since that would be another attack surface to directly exposes the host kernel. Instead, we'll write another back-end for vsock. See #194.

    Currenty, virtio vsock exists in the codebase as an experimental development-only rust feature, with the vhost implementation.

    Feature: IO Virtualization Roadmap: Tracked 
    opened by raduweiss 30
  • firecracker coredump

    firecracker coredump

    Describe the bug

    [Author TODO: A clear and concise description of what the bug is.]

    root@ubuntu:~/myfirecracker/firecracker# firecracker --api-sock /tmp/firecracker.socket Bad system call (core dumped)

    To Reproduce

    1、 start firecrakcer: firecracker --api-sock /tmp/firecracker.socket 2、 send curl request curl --unix-socket /tmp/firecracker.socket -i
    -X PUT 'http://localhost/boot-source'
    -H 'Accept: application/json'
    -H 'Content-Type: application/json'
    -d "{ "kernel_image_path": "${kernel_path}", "boot_args": "keep_bootcon console=ttyS0 reboot=k panic=1 pci=off" }" curl: (52) Empty reply from server curl: (7) Couldn't connect to server curl: (7) Couldn't connect to server

    Environment

    uname -a Linux ubuntu 5.0.0-23-generic #24~18.04.1-Ubuntu SMP Mon Jul 29 16:10:24 UTC 2019 aarch64 aarch64 aarch64 GNU/Linux

    the firecrakcer is builded as following: root@ubuntu:~/myfirecracker# git clone https://github.com/firecracker-microvm/firecracker.git Cloning into 'firecracker'... remote: Enumerating objects: 82, done. remote: Counting objects: 100% (82/82), done. remote: Compressing objects: 100% (69/69), done. remote: Total 25405 (delta 31), reused 25 (delta 12), pack-reused 25323 Receiving objects: 100% (25405/25405), 17.58 MiB | 5.38 MiB/s, done. Resolving deltas: 100% (15370/15370), done. root@ubuntu:~/myfirecracker# cd firecracker root@ubuntu:~/myfirecracker/firecracker# tools/devtool build

    Quality: Bug 
    opened by magnate3 29
  • bzImage / initrd support (v2)

    bzImage / initrd support (v2)

    This is a rebase of https://github.com/firecracker-microvm/firecracker/pull/428 - after various repo shuffles I'm not able to update that PR with the new version.

    It adds support for loading bzImage kernels and initrds as an alternative to ELF64 kernels. It's slower than the vmlinux format because the kernel must decompress itself, but useful for trying kernels that I didn't build myself.

    For now, it loads the initrd at a fixed address; it would be better to have a way of finding a free area of memory after the kernel has loaded.

    Feature: Guest OS 
    opened by tim-deegan-aws 29
  • Update to latest Tokio/Hyper

    Update to latest Tokio/Hyper

    • Updates Firecracker to the latest Tokio revision. This removes dependencies on deprecated libraries and introduces a global Tokio event loop, removing the need to juggle Tokio handles.
    • As part of using the latest Tokio revision, I updated Firecracker to Hyper 0.12. While this allows Firecracker to use the new Tokio library, it does remove the typed headers. They are in development at hyperium/headers.
    • Tokio now imposes a Sync constraint on spawned futures, as the future could potentially run on a threadpool. Since std::sync::mpsc::Sender is not Sync, I introduced Crossbeam, whose senders are Sync. I was not aware of SyncSender at the time. On bounded channels, Crossbeam greatly outperforms. This change can be reverted if necessary.

    Still to do:

    • Run integration tests on a Linux machine. This builds, but I didn’t have a Linux machine handy. Sorry about that; I’ll address that soon.
    • Decide whether to keep Crossbeam.

    Signed-off-by: David Barsky [email protected]

    Feature: API 
    opened by davidbarsky 28
  • Proposal: Use Docker CE as jailer

    Proposal: Use Docker CE as jailer

    There are a few Jailers already around that support creation of Linux/BSD Jails the two biggest are Docker CE (containerD, moby) and SystemdNS

    I would love to see that we get this Project to choose one of this Options as additional jailer

    It will enable firecracker to be spawned in all this environments so it can be deployed in a local Kubernetes Cluster (containerd & moby) or CoreOs installation (SystemdNS)

    Feature: Jailing Roadmap: New Request 
    opened by frank-dspeed 26
  • Add --cgroups parameter to jailer

    Add --cgroups parameter to jailer

    Reason for This PR

    Increase cgroups integration flexibility for the Jailer. Fixes #1937 Fixes #1617

    Description of Changes

    New --cgroups argument have been added to the Jailer. This argument takes care of setting the passed cgroups generically and check that the expected value is correctly written.

    The Cgroup type have been modified in order to represent each of the cgroups passed by --cgroups command line argument.

    • [ ] This functionality can be added in rust-vmm.

    License Acceptance

    By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

    PR Checklist

    [Author TODO: Meet these criteria.] [Reviewer TODO: Verify that these criteria are met. Request changes if not]

    • [ ] All commits in this PR are signed (git commit -s).
    • [ ] The reason for this PR is clearly provided (issue no. or explanation).
    • [ ] The description of changes is clear and encompassing.
    • [ ] Any required documentation changes (code and docs) are included in this PR.
    • [ ] Any newly added unsafe code is properly documented.
    • [ ] Any API changes are reflected in firecracker/swagger.yaml.
    • [ ] Any user-facing changes are mentioned in CHANGELOG.md.
    Status: Author 
    opened by christian7007 25
  • [Feature Request] Support changing the vsock CID on snapshot restore

    [Feature Request] Support changing the vsock CID on snapshot restore

    Feature Request

    I'm aware of the vsock device limitations described in snapshot-support.md.

    However there's no mentioning of how to support multiple clones of a snapshot with a configured vsock on the same host (they'll all share the same CID). For network interfaces, Network Connectivity for Clones describes pretty nicely how multiple clones can be run on the same host by using network namespaces. But to my knowledge, there's no network namespace support available for vsock sockets (I only found "vsock: support network namespace" which doesn't seem to have been finished yet).

    I tried to configure a different vsock CID/path before restoring a snapshot, but in that case restoring fails with:

    2022-12-30T20:46:38.507150111 [anonymous-instance:fc_api:ERROR:src/api_server/src/parsed_request.rs:190] Received Error. Status code: 400 Bad Request. Message: Loading a microVM snapshot not allowed after configuring boot-specific resources.
    

    Describe the desired solution

    The vsock man page mentions the following about "live migrations":

       Sockets are affected by live migration of virtual machines.
       Connected SOCK_STREAM sockets become disconnected when the
       virtual machine migrates to a new host.  Applications must
       reconnect when this happens.
    
       The local CID may change across live migration if the old CID is
       not available on the new host.  Bound sockets are automatically
       updated to the new CID.
    

    I wonder if it wouldn't be possible to implement the vsock support in Firecracker such that the CID/socket path can be changed for a snapshot at restore time?

    In addition to allowing multiple clones with configured vsockets, such a change would also make it possible to use the vsock device for obtaining a simple SysGenID (see #2546).

    Please let me know if there's anything obvious that I'm missing?

    Checks

    • [x] Have you searched the Firecracker Issues database for similar requests?
    • [x] Have you read all the existing relevant Firecracker documentation?
    • [x] Have you read and understood Firecracker's core tenets?
    opened by simonis 0
  • Rust toolchain upgrade 1.64 -> 1.66 for Firecracker v1.2

    Rust toolchain upgrade 1.64 -> 1.66 for Firecracker v1.2

    Reason

    Rust toolchain upgrade from 1.64 to 1.66.

    License Acceptance

    By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

    PR Checklist

    • [ ] All commits in this PR are signed (git commit -s).
    • [ ] If a specific issue led to this PR, this PR closes the issue.
    • [ ] The description of changes is clear and encompassing.
    • [ ] Any required documentation changes (code and docs) are included in this PR.
    • [ ] New unsafe code is documented.
    • [ ] API changes follow the Runbook for Firecracker API changes.
    • [ ] User-facing changes are mentioned in CHANGELOG.md.
    • [ ] All added/changed functionality is tested.
    • [ ] New TODOs link to an issue.

    • [ ] This functionality can be added in rust-vmm.
    opened by andreitraistaru 0
  • Rust toolchain upgrade 1.64 -> 1.66 for Firecracker v1.1

    Rust toolchain upgrade 1.64 -> 1.66 for Firecracker v1.1

    Reason

    Rust toolchain upgrade from 1.64 to 1.66.

    License Acceptance

    By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

    PR Checklist

    • [ ] All commits in this PR are signed (git commit -s).
    • [ ] If a specific issue led to this PR, this PR closes the issue.
    • [ ] The description of changes is clear and encompassing.
    • [ ] Any required documentation changes (code and docs) are included in this PR.
    • [ ] New unsafe code is documented.
    • [ ] API changes follow the Runbook for Firecracker API changes.
    • [ ] User-facing changes are mentioned in CHANGELOG.md.
    • [ ] All added/changed functionality is tested.
    • [ ] New TODOs link to an issue.

    • [ ] This functionality can be added in rust-vmm.
    opened by andreitraistaru 3
  • Rename `vm-memory` to `vm-memory-ext`

    Rename `vm-memory` to `vm-memory-ext`

    Changes

    Rename vm-memory to vm-memory-ext and remove renaming of vm-memory to vm-memory-upstream.

    Reason

    Renaming dependencies negatively affects readability, one will typically assume when seeing use some_crate in the code base it refers to the external crate some_crate which could be looked up at crates.io/crates/some_crate.

    By removing this alias and renaming the local crate, readability is improved.

    This was previously a part of https://github.com/firecracker-microvm/firecracker/pull/3079.

    License Acceptance

    By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

    PR Checklist

    • [ ] All commits in this PR are signed (git commit -s).
    • [ ] If a specific issue led to this PR, this PR closes the issue.
    • [ ] The description of changes is clear and encompassing.
    • [ ] Any required documentation changes (code and docs) are included in this PR.
    • [ ] New unsafe code is documented.
    • [ ] API changes follow the Runbook for Firecracker API changes.
    • [ ] User-facing changes are mentioned in CHANGELOG.md.
    • [ ] All added/changed functionality is tested.
    • [ ] New TODOs link to an issue.

    • [ ] This functionality can be added in rust-vmm.
    Codebase: Refactoring 
    opened by JonathanWoollett-Light 3
  • Have kernel pick tap device name for us in unittests

    Have kernel pick tap device name for us in unittests

    Changes

    Specify the tap name in unittests via %d to make the kernel pick a name for us that is ensured to not be in used by a separate process already.

    Reason

    spurious failures with "device busy" because of name clashes with tap devices.

    License Acceptance

    By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

    PR Checklist

    • [x] All commits in this PR are signed (git commit -s).
    • [x] If a specific issue led to this PR, this PR closes the issue.
    • [x] The description of changes is clear and encompassing.
    • [x] Any required documentation changes (code and docs) are included in this PR.
    • [x] New unsafe code is documented.
    • [x] API changes follow the Runbook for Firecracker API changes.
    • [x] User-facing changes are mentioned in CHANGELOG.md.
    • [x] All added/changed functionality is tested.
    • [x] New TODOs link to an issue.

    • [ ] This functionality can be added in rust-vmm.
    opened by roypat 0
Releases(v1.1.4)
  • v1.1.4(Dec 7, 2022)

  • v1.2.0(Dec 2, 2022)

    Added

    • Added a new CPU template called T2S. This exposes the same CPUID as T2 to the Guest and also overwrites the ARCH_CAPABILITIES MSR to expose a reduced set of capabilities. With regards to hardware vulnerabilities and mitigations, the Guest vCPU will apear to look like a Skylake CPU, making it safe to snapshot uVMs running on a newer host CPU (Cascade Lake) and restore on a host that has a Skylake CPU.
    • Added a new CLI option --metrics-path PATH. It accepts a file parameter where metrics will be sent to.
    • Added baselines for m6i.metal and m6a.metal for all long running performance tests.
    • Releases now include debuginfo files.

    Changed

    • Changed the jailer option --exec-file to fail if the filename does not contain the string firecracker to prevent from running non-firecracker binaries.
    • Upgraded Rust toolchain from 1.52.1 to 1.64.0.
    • Switched to specifying our dependencies using caret requirements instead of comparison requirements.
    • Updated all dependencies to their respective newest versions.

    Fixed

    • Made the T2 template more robust by explicitly disabling additional CPUID flags that should be off but were missed initially or that were not available in the spec when the template was created.
    • Now MAC address is correctly displayed when queried with GET /vm/config if left unspecified in both pre and post snapshot states.
    • Fixed a self-DoS scenario in the virtio-queue code by reporting and terminating execution when the number of available descriptors reported by the driver is higher than the queue size.
    • Fixed the bad handling of kernel cmdline parameters when init arguments were provided in the boot_args field of the JSON body of the PUT /boot-source request.
    • Fixed a bug on ARM64 hosts where the upper 64bits of the V0-V31 FL/SIMD registers were not saved correctly when taking a snapshot, potentially leading to data loss. This change invalidates all ARM64 snapshots taken with versions of Firecracker <= 1.1.3.
    • Improved stability and security when saving CPU MSRs in snapshots.
    Source code(tar.gz)
    Source code(zip)
    firecracker-v1.2.0-aarch64.tgz(3.87 MB)
    firecracker-v1.2.0-aarch64.tgz.sha256.txt(65 bytes)
    firecracker-v1.2.0-x86_64.tgz(3.75 MB)
    firecracker-v1.2.0-x86_64.tgz.sha256.txt(65 bytes)
  • v1.0.2(Nov 30, 2022)

  • v1.1.3(Nov 24, 2022)

  • v1.1.2(Oct 10, 2022)

  • v1.0.1(Oct 10, 2022)

  • v1.1.1(Jul 29, 2022)

    Added

    • Add a new CPU template called T2S. This exposes the same CPUID as T2 to the Guest and also overwrites the ARCH_CAPABILITIES MSR to expose a reduced set of capabilities. With regards to hardware vulnerabilities and mitigations, the Guest vCPU will apear to look like a Skylake CPU, making it safe to snapshot uVMs running on a newer host CPU (Cascade Lake) and restore on a host that has a Skylake CPU.

    Fixed

    • Make the T2 template more robust by explicitly disabling additional CPUID flags that should be off but were missed initially or that were not available in the spec when the template was created.
    Source code(tar.gz)
    Source code(zip)
    firecracker-v1.1.1-aarch64.tgz(1.78 MB)
    firecracker-v1.1.1-aarch64.tgz.sha256.txt(65 bytes)
    firecracker-v1.1.1-x86_64.tgz(1.80 MB)
    firecracker-v1.1.1-x86_64.tgz.sha256.txt(65 bytes)
  • v1.1.0(May 6, 2022)

    Added

    • The API PATCH methods for machine-config can now be used to reset the cpu_template to "None". Until this change there was no way to reset the cpu_template once it was set.
    • Added a rebase-snap tool for rebasing a diff snapshot over a base snapshot.
    • Mmds version is persisted across snapshot-restore. Snapshot compatibility is preserved bidirectionally, to and from a Firecracker version that does not support persisting the Mmds version. In such cases, the default V1 option is used.
    • Added --mmds-size-limit for limiting the mmds data store size instead of piggy-backing on --http-api-max-payload-size. If left unconfigured it defaults to the value of --http-api-max-payload-size, to provide backwards compatibility.
    • Added optional mem_backend body field in PUT requests on /snapshot/load. This new parameter is an object that defines the configuration of the backend responsible for handling memory loading during snapshot restore. The mem_backend parameter contains backend_type and backend_path required fields. backend_type is an enum that can take either File or Uffd as value. Interpretation of backend_path field depends on the value of backend_type. If File, then the user must provide the path to file that contains the guest memory to be loaded. Otherwise, if backend_type is Uffd, then backend_path is the path to a unix domain socket where a custom page fault handler process is listening and expecting a UFFD to be sent by Firecracker. The UFFD is used to handle the guest memory page faults in the separate process.
    • Added logging for the snapshot/restore and async block device IO engine features to indicate they are in development preview.

    Changed

    • The API PATCH method for /machine-config can be now used to change track_dirty_pages on aarch64.
    • MmdsV2 is now Generally Available.
    • MmdsV1 is now deprecated and will be removed in Firecracker v2.0.0. Use MmdsV2 instead.
    • Deprecated mem_file_path body field in PUT on /snapshot/load request.

    Fixed

    • Fixed inconsistency that allowed the start of a microVM from a JSON file without specifying the vcpu_count and mem_size_mib parameters for machine-config although they are mandatory when configuring via the API. Now these fields are mandatory when specifying machine-config in the JSON file and when using the PUT request on /machine-config.
    • Fixed inconsistency that allowed a user to specify the cpu_template parameter and set smt to True in machine-config when starting from a JSON file on aarch64 even though they are not permitted when using PUT or PATCH in the API. Now Firecracker will return an error on aarch64 if smt is set to True or if cpu_template is specified.
    • Fixed inconsistent behaviour of the PUT method for /machine-config that would reset the track_dirty_pages parameter to false if it was not specified in the JSON body of the request, but left the cpu_template parameter intact if it was not present in the request. Now a PUT request for /machine-config will reset all optional parameters (smt, cpu_template, track_dirty_pages) to their default values if they are not specified in the PUT request.
    • Fixed incosistency in the swagger definition with the current state of the /vm/config endpoint.
    Source code(tar.gz)
    Source code(zip)
    firecracker-v1.1.0-aarch64.tgz(1.78 MB)
    firecracker-v1.1.0-aarch64.tgz.sha256.txt(65 bytes)
    firecracker-v1.1.0-x86_64.tgz(1.80 MB)
    firecracker-v1.1.0-x86_64.tgz.sha256.txt(65 bytes)
  • v1.0.0(Jan 31, 2022)

    Added

    • Added jailer option --parent-cgroup <relative_path> to allow the placement of microvm cgroups in custom cgroup nested hierarchies. The default value is <exec-file> which is backwards compatible to the behavior before this change.
    • Added jailer option --cgroup-version <1|2> to support running the jailer on systems that have cgroup-v2. Default value is 1 which means that if --cgroup-version is not specified, the jailer will try to create cgroups on cgroup-v1 hierarchies only.
    • Added --http-api-max-payload-size parameter to configure the maximum payload size for PUT and PATCH requests.
    • Limit MMDS data store size to --http-api-max-payload-size.
    • Cleanup all environment variables in Jailer.
    • Added metrics for accesses to deprecated HTTP and command line API endpoints.
    • Added permanent HTTP endpoint for GET on /version for getting the Firecracker version.
    • Added --metadata parameter to enable MMDS content to be supplied from a file allowing the MMDS to be used when using --no-api to disable the API server.
    • Checksum file for the release assets.
    • Added support for custom headers to MMDS requests. Accepted headers are: X-metadata-token, which accepts a string value that provides a session token for MMDS requests; and X-metadata-token-ttl-seconds, which specifies the lifetime of the session token in seconds.
    • Support and validation for host and guest kernel 5.10.
    • A kernel support policy.
    • Added io_engine to the pre-boot block device configuration. Possible values: Sync (the default option) or Async (only available for kernels newer than 5.10.51). The Async variant introduces a block device engine that uses io_uring for executing requests asynchronously, which is in developer preview (NOT for production use). See docs/api_requests/block-io-engine.md.
    • Added block.io_engine_throttled_events metric for measuring the number of virtio events throttled because of the IO engine.
    • New optional version field to PUT requests towards /mmds/config to configure MMDS version. Accepted values are V1 and V2 and default is V1. MMDS V2 is developer preview only (NOT for production use) and it does not currently work after snapshot load.
    • Mandatory network_interfaces field to PUT requests towards /mmds/config which contains a list of network interface IDs capable of forwarding packets to MMDS.

    Changed

    • Removed the --node jailer parameter.
    • Deprecated vsock_id body field in PUTs on /vsock.
    • Removed the deprecated the --seccomp-level parameter.
    • GET requests to MMDS require a session token to be provided through X-metadata-token header when using V2.
    • Allow PUT requests to MMDS in order to generate a session token to be used for future GET requests when version 2 is used.
    • Remove allow_mmds_requests field from the request body that attaches network interfaces. Specifying interfaces that allow forwarding requests to MMDS is done by adding the network interface's ID to the network_interfaces field of PUT /mmds/config request's body.
    • Renamed /machine-config ht_enabled to smt.
    • smt field is now optional on PUT /machine-config, defaulting to false.
    • Configuring smt: true on aarch64 via the API is forbidden.

    Fixed

    • Fixed incorrect propagation of init parameters in kernel commandline. Related to: #2709.
    • Adapt T2 and C3 CPU templates for kernel 5.10. Firecracker was not previously masking some CPU features of the host or emulated by KVM, introduced in more recent kernels: umip, vmx, avx512_vnni.
    • Fix jailer's cgroup implementation to accept properties that contain multiple dots.
    Source code(tar.gz)
    Source code(zip)
    firecracker-v1.0.0-aarch64.tgz(1.56 MB)
    firecracker-v1.0.0-aarch64.tgz.sha256.txt(65 bytes)
    firecracker-v1.0.0-x86_64.tgz(1.59 MB)
    firecracker-v1.0.0-x86_64.tgz.sha256.txt(65 bytes)
  • v0.25.2(Nov 24, 2021)

  • v0.25.1(Nov 5, 2021)

  • v0.24.6(Aug 24, 2021)

  • v0.25.0(Aug 13, 2021)

    Added

    • Added devtool build --ssh-keys flag to support fetching from private git repositories.
    • Added option to configure block device flush.
    • Added --new-pid-ns flag to the Jailer in order to spawn the Firecracker process in a new PID namespace.
    • Added API metrics for GET, PUT and PATCH requests on /mmds endpoint.
    • Added --describe-snapshot flag to Firecracker to fetch the data format version of a snapshot state file provided as argument.
    • Added --no-seccomp parameter for disabling the default seccomp filters.
    • Added --seccomp-filter parameter for supplying user-provided, custom filters.
    • Added the seccompiler-bin binary that is used to compile JSON seccomp filters into serialized BPF for Firecracker consumption.
    • Snapshotting support for GICv2 enabled guests.
    • Added devtool install to deploy built binaries in /usr/local/bin or a given path.
    • Added code logic to send VIRTIO_VSOCK_EVENT_TRANSPORT_RESET on snapshot creation, when the Vsock device is active. The event will close active connections on the guest.
    • Added GET request on /vm/config that provides full microVM configuration as a JSON HTTP response.
    • Added --resource-limit flag to jailer to limit resources such as: number of file descriptors allowed at a time (with a default value of 2048) and maximum size of files created by the process.

    Changed

    • Changed Docker images repository from DockerHub to Amazon ECR.
    • Fixed off-by-one error in virtio-block descriptor address validation.
    • Changed the PATCH request on /balloon/statistics to schedule the first statistics update immediately after processing the request.
    • Deprecated the --seccomp-level parameter. It will be removed in a future release. Using it logs a runtime warning.
    • Experimental gnu libc builds use empty default seccomp filters, allowing all system calls.

    Fixed

    • Fixed non-compliant check for the RTC device ensuring a fixed 4-sized data buffer.
    • Unnecessary interrupt assertion was removed from the RTC. However, a dummy interrupt is still allocated for snapshot compatibility reasons.
    • Fixed the SIGPIPE signal handler so Firecracker no longer exits. The signal is still recorded in metrics and logs.
    • Fixed ballooning API definitions by renaming all fields which mentioned "MB" to use "MiB" instead.
    • Snapshot related host files (vm-state, memory, block backing files) are now flushed to their backing mediums as part of the CreateSnapshot operation.
    • Fixed the SSBD mitigation not being enabled on aarch64 with the provided prod-host-setup.md.
    • Fixed the balloon statistics not working after a snapshot restore event.
    • The utc_timestamp_ms now reports the timestamp in ms from the UTC UNIX Epoch, as the name suggests. It was previously using a monotonic clock with an undefined starting point.
    Source code(tar.gz)
    Source code(zip)
    firecracker-v0.25.0-aarch64.tgz(1.66 MB)
    firecracker-v0.25.0-x86_64.tgz(1.69 MB)
  • v0.24.5(Jul 23, 2021)

  • v0.23.5(Jul 23, 2021)

  • v0.24.4(May 25, 2021)

  • v0.23.4(May 25, 2021)

    Changed

    • Changed Docker images repository from DockerHub to Amazon ECR.

    Fixed

    • Snapshot related host files (vm-state, memory, block backing files) are now flushed to their backing mediums as part of the CreateSnapshot operation.
    • Fixed race between vcpu initialization and emulation thread which could potentially lead to segmentation faults.
    • Fixed the SSBD mitigation not being enabled on aarch64 with the provided prod-host-setup.md, by force-enabling it.
    Source code(tar.gz)
    Source code(zip)
    firecracker-v0.23.4-aarch64.tgz(1.19 MB)
    firecracker-v0.23.4-x86_64.tgz(1.36 MB)
  • v0.24.3(May 11, 2021)

  • v0.24.2(Feb 19, 2021)

  • v0.23.3(Feb 19, 2021)

  • v0.22.4(Feb 1, 2021)

  • v0.23.2(Jan 15, 2021)

  • v0.24.1(Jan 14, 2021)

  • v0.22.3(Jan 13, 2021)

  • v0.24.0(Dec 23, 2020)

    Added

    • Added optional resume_vm field to /snapshot/load API call.
    • Added support for block rate limiter PATCH.
    • Added devtool test -c|--cpuset-cpus flag for cpus confinement when tests run.
    • Added devtool test -m|--cpuset-mems flag for memory confinement when tests run.
    • Added the virtio traditional memory ballooning device.
    • Added a mechanism to handle vCPU/VMM errors that result in process termination.
    • Added incremental guest memory snapshot support.
    • Added aarch64 snapshot support.

    Changed

    • Change the information provided in DescribeInstance command to provide microVM state information (Not started/Running/Paused) instead of whether it's started or not.
    • Removed the jailer --extra-args parameter. It was a noop, having been replaced by the -- separator for extra arguments.
    • Changed the output of the --version command line parameter to include a list of supported snapshot data format versions for the firecracker binary.
    • Increased the maximum number of virtio devices from 11 to 19.
    • Added a new check that prevents creating v0.23 snapshots when more than 11 devices are attached.
    • If the stdout buffer is full and non-blocking, the serial writes no longer block. Any new bytes will be lost, until the buffer is freed. The device also logs these errors and increments the uart.error_count metric for each lost byte.

    Fixed

    • Fixed inconsistency in YAML file InstanceInfo definition
    Source code(tar.gz)
    Source code(zip)
    firecracker-v0.24.0-aarch64.tgz(1.36 MB)
    firecracker-v0.24.0-x86_64.tgz(1.36 MB)
  • v0.23.0(Oct 27, 2020)

    Added

    • Added full support for AMD CPUs (General Availability). More details here.
    • Added snapshot-restore functionality (Developer preview). More details here.
    • Added metric for throttled block device events.
    • Added metrics for counting rate limiter throttling events.
    • Added metric for counting MAC address updates.
    • Added metrics for counting TAP read and write errors.
    • Added metrics for counting RX and TX partial writes.
    • Added metrics that measure the duration of pausing and resuming the microVM, from the VMM perspective.
    • Added metric for measuring the duration of the last full snapshot created, from the VMM perspective.
    • Added metric for measuring the duration of loading a snapshot, from the VMM perspective.
    • Added metrics that measure the duration of pausing and resuming the microVM, from the API (user) perspective.
    • Added metric for measuring the duration of the last full snapshot created, from the API (user) perspective.
    • Added metric for measuring the duration of loading a snapshot, from the API (user) perspective.
    • Added track_dirty_pages field to machine-config. If enabled, Firecracker can create incremental guest memory snapshots by saving the dirty guest pages in a sparse file.
    • Added a new API call, PATCH /vm, for changing the microVM state (to Paused or Resumed).
    • Added a new API call, PUT /snapshot/create, for creating a full snapshot.
    • Added a new API call, PUT /snapshot/load, for loading a snapshot.
    • Added new jailer command line argument --cgroup which allow the user to specify the cgroups that are going to be set by the Jailer.

    Fixed

    • Boot time on AMD achieves the desired performance (i.e under 150ms).

    Changed

    • The logger level field is now case-insensitive.
    • Disabled boot timer device after restoring a snapshot.
    • Enabled boot timer device only when specifically requested, by using the --boot-timer dedicated cmdline parameter.
    • firecracker and jailer --version now gets updated on each devtool build to the output of git describe --dirty, if the git repo is available.
    • MicroVM process is only attached to the cgroups defined by using --cgroups or the ones defined indirectly by using --node.
    Source code(tar.gz)
    Source code(zip)
    firecracker-v0.23.0-aarch64(1.52 MB)
    firecracker-v0.23.0-x86_64(1.94 MB)
    jailer-v0.23.0-aarch64(1.28 MB)
    jailer-v0.23.0-x86_64(1.38 MB)
Owner
firecracker-microvm
firecracker-microvm
Dragonball-sandbox is a collection of Rust crates to help build custom Virtual Machine Monitors and hypervisors

Dragonball-sandbox is a collection of Rust crates to help build custom Virtual Machine Monitors and hypervisors. The crates here are considered to be the downstream of rust-vmm.

OpenAnolis Community 62 Dec 30, 2022
Secure and fast microVMs for serverless computing.

Our mission is to enable secure, multi-tenant, minimal-overhead execution of container and function workloads. Read more about the Firecracker Charter

firecracker-microvm 20.3k Jan 1, 2023
Easy c̵̰͠r̵̛̠ö̴̪s̶̩̒s̵̭̀-t̶̲͝h̶̯̚r̵̺͐e̷̖̽ḁ̴̍d̶̖̔ ȓ̵͙ė̶͎ḟ̴͙e̸̖͛r̶̖͗ë̶̱́ṉ̵̒ĉ̷̥e̷͚̍ s̷̹͌h̷̲̉a̵̭͋r̷̫̊ḭ̵̊n̷̬͂g̵̦̃ f̶̻̊ơ̵̜ṟ̸̈́ R̵̞̋ù̵̺s̷̖̅ţ̸͗!̸̼͋

Rust S̵̓i̸̓n̵̉ I̴n̴f̶e̸r̵n̷a̴l mutability! Howdy, friendly Rust developer! Ever had a value get m̵̯̅ð̶͊v̴̮̾ê̴̼͘d away right under your nose just when

null 294 Dec 23, 2022
A collection of serverless apps that show how Fermyon's Serverless AI

A collection of serverless apps that show how Fermyon's Serverless AI (currently in private beta) works. Reference: https://developer.fermyon.com/spin/serverless-ai-tutorial

Fermyon 15 Oct 20, 2023
Easy to use cryptographic framework for data protection: secure messaging with forward secrecy and secure data storage. Has unified APIs across 14 platforms.

Themis provides strong, usable cryptography for busy people General purpose cryptographic library for storage and messaging for iOS (Swift, Obj-C), An

Cossack Labs 1.6k Dec 30, 2022
ARM TrustZone-M example application in Rust, both secure world side and non-secure world side

ARM TrustZone-M example application in Rust, both secure world side and non-secure world side; projects are modified from generated result of cortex-m-quickstart.

null 44 Dec 4, 2022
User-friendly secure computation engine based on secure multi-party computation

CipherCore If you have any questions, or, more generally, would like to discuss CipherCore, please join the Slack community. See a vastly extended ver

CipherMode Labs 356 Jan 5, 2023
The most efficient, scalable, and fast production-ready serverless REST API backend which provides CRUD operations for a MongoDB collection

Optimal CRUD Mongo Goals of This Project This is meant to be the most efficient, scalable, and fast production-ready serverless REST API backend which

Evaluates2 1 Feb 22, 2022
RISC Zero is a zero-knowledge verifiable general computing platform based on zk-STARKs and the RISC-V microarchitecture.

RISC Zero WARNING: This software is still experimental, we do not recommend it for production use (see Security section). RISC Zero is a zero-knowledg

RISC Zero 653 Jan 3, 2023
ThRust is a software framework for thermodynamic and probabilistic computing.

ThRust ThRust is a Rust crate that provides a framework for thermodynamic and probabilistic computing. This package currently supports the following f

Chase Zimmerman 6 Apr 26, 2023
Precio is a Rust library that implements the Precio protocol for computing private layered histograms and sums.

Overview of Precio Precio is a Rust implementation of the protocol described in eprint.iacr.org/2021/1490. The goal of the protocol is to enable an an

Microsoft 9 Aug 16, 2023
Scientific Computing Library in Rust

SciRust Scientific computing library written in Rust programming language. The objective is to design a generic library which can be used as a backbon

In Digits 242 Dec 16, 2022
GraphScope: A One-Stop Large-Scale Graph Computing System from Alibaba

A One-Stop Large-Scale Graph Computing System from Alibaba GraphScope is a unified distributed graph computing platform that provides a one-stop envir

Alibaba 2.2k Jan 1, 2023
Command line tool for computing gigantic correlation matrices

turbocor This is little program designed to compute (sparse) Pearson correlation matrices as efficiently as possible. The main ideas are thus: Pairwis

Daniel C. Jones 31 Nov 5, 2021
An End-to-End Privacy Computing Protocol on Layer 2

Eigen Network Eigen Network is an end-to-end privacy computation network for a better digital economy based on hybrid privacy computation protocols an

Eigen Lab 24 Oct 13, 2022
Damavand is a quantum circuit simulator. It can run on laptops or High Performance Computing architectures, such CPU distributed architectures or multi GPU distributed architectures.

Damavand is a quantum circuit simulator. It can run on laptops or High Performance Computing architectures, such CPU distributed architectures or multi GPU distributed architectures.

MichelNowak 0 Mar 29, 2022
Damavand is a quantum circuit simulator. It can run on laptops or High Performance Computing architectures, such CPU distributed architectures or multi GPU distributed architectures.

Damavand is a code that simulates quantum circuits. In order to learn more about damavand, refer to the documentation. Development status Core feature

prevision.io 6 Mar 29, 2022
Tool for computing vanity Gnosis Safe addresses

0xdeadbeef Tool used for computing vanity Gnosis Safe addresses. This tool is currently hard-coded to only support the v1.3.0 Safe deployment: GnosisS

Nicholas Rodrigues Lordello 44 Dec 22, 2022
A Computer Science Wordle variant, where all solutions are related to computing

Csdle I decided to expand a previous project I made, Rdle, which was a plain wordle clone. Recently however, I have been getting very into Wordle vari

Daniel Kogan 2 Sep 8, 2022
A CLI test program for HNU Cloud Computing Lab 2, built with Rust.

HTTP Server Tester This is a CLI test program for HNU Cloud Computing Lab 2. Install For most student, you don't neet to rebuild this project. We prov

null 5 Apr 21, 2022