hermit
dettrace
hermit | dettrace | |
---|---|---|
8 | 2 | |
1,148 | 32 | |
4.1% | - | |
7.6 | 2.6 | |
24 days ago | over 3 years ago | |
Rust | C++ | |
GNU General Public License v3.0 or later | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
hermit
-
Hermit is a hermetic and reproducible sandbox for running programs
That's been my experience as well. It lacks support for certain clone(2) flags like CLONE_VFORK[1], which limits the set of non-trivial programs it can run, and since running non-trivial programs is most of the point, I haven't revisited it since it was first announced.
[1] https://github.com/facebookexperimental/hermit/blob/bd3153b4...
-
So you think you want to write a deterministic hypervisor?
A Meta developer responded to an issue of mine on Hermit, and said:
"Just to let you know we're not actively working on Hermit in the team..."
https://github.com/facebookexperimental/hermit/issues/34#iss...
-
Is Something Bugging You?
I really like antithesis' approach: it's non-intrusive as all the changes are on a VM so one can run deterministic simulation without changing their code. It's also technically challenging, as making a VM suitable for deterministic simulation is not an easy feat.
On a side, I was wondering how this approach compares to Meta's Hermit(https://github.com/facebookexperimental/hermit), which is a deterministic Linux instead of a VM.
-
Deterministic Linux for Controlled Testing and Software Bug-Finding
> AMA!
Eager to try it but encountering the build error here - https://github.com/facebookexperimental/hermit/issues/11
Do you have a reference build log / environment you can share? Last known good commit sha and/or output from "rustup show"?
-
Deterministic Linux for Controlled Testing and Software Bug-finding
Here is the GitHub repository: https://github.com/facebookexperimental/hermit
dettrace
-
Deterministic Linux for Controlled Testing and Software Bug-Finding
Note that this is a follow-on project from the earlier Dettrace system, which was applied mainly to reproducible builds (as in the academic paper, https://dl.acm.org/doi/10.1145/3373376.3378519, and presented to the Debian Reproducible Builds summit):
- https://github.com/dettrace/dettrace
And one cool part of it is this Rust program instrumentation layer:
- https://github.com/facebookexperimental/reverie
It's good for building OS-emulator style projects or tracing tools.
-
Shadow Simlulator – run real applications over a simulated Internet topology
We've started looking into eBPF a bit - IIUC eBPF by itself doesn't give us the ability to service or arbitrarily manipulate the traced process's syscalls.
We have recently learned of an interesting technique that dettrace [1] uses of combining seccomp with an eBPF filter and ptrace. Instead of generating a ptrace-stop for every syscall (as we do now, using PTRACE_SYSEMU), they use a seccomp policy with an eBPF filter, s.t. a ptrace-stop is only generated for syscalls that violate the policy, allowing them to emulate the result of those syscalls. syscalls that don't violate the policy are allowed to execute natively, saving a lot of overhead.
[1]: https://github.com/dettrace/dettrace
This works great for them since they want to emulate a relatively small subset of syscalls. In our case we want to emulate most syscalls, so it's not as clear-cut of a win. We have found though that if we use an LD_PRELOAD'd shim in the target process to intercept syscalls and then service them via IPC, that's substantially faster than catching them with ptrace. That runs back into the problems with LD_PRELOAD in general of there being various ways of missing syscalls. but, we may be able to use that technique along with ptrace+seccomp+ebpf to intercept any syscalls that we'd otherwise miss. The seccomp technique would allow us to exempt the syscalls that our shim itself is making to do the IPC.
What are some alternatives?
sapling - A Scalable, User-Friendly Source Control System.
mininet - Emulator for rapid prototyping of Software Defined Networks
stabilizer - Stabilizer: Rigorous Performance Evaluation
shadow - Shadow is a discrete-event network simulator that directly executes real application code, enabling you to simulate distributed systems with thousands of network-connected processes in realistic and scalable private network experiments using your laptop, desktop, or server running Linux.
reverie - An ergonomic and safe syscall interception framework for Linux.
core - Common Open Research Emulator
shadow-plugin-tor - A Shadow plug-in that runs the Tor anonymity software
imunes - Integrated Multiprotocol Network Emulator/Simulator
testground - 🧪 A platform for testing, benchmarking, and simulating distributed and p2p systems at scale.
werf - A solution for implementing efficient and consistent software delivery to Kubernetes facilitating best practices.