Introducing HermitCore-rs, a Unikernel written in Rust

I had my master thesis presentation today and it’s finally time to speak about what I’ve been doing for the past 6 months. The thesis name in all its glory is Evaluation of Rust for Operating System Development and Porting Key Components of the HermitCore Unikernel. But what actually is the HermitCore Unikernel to begin with?

The HermitCore Unikernel

HermitCore is a novel operating system kernel developed at the Institute for Automation of Complex Power Systems (ACS) since 2015. It is tailored for low system noise and predictable runtime behavior to facilitate High-Performance Computing applications scaled across thousands of nodes. At that scale, noise on a single processor can delay the execution of other processors and have a huge negative impact on the overall performance.

To achieve the goals, HermitCore is designed as a single-address-space library operating system. You simply build the kernel together with the single application that you want to run and everything you don’t need is left out - the classic Unikernel principle. System calls become simple function calls as no context switches are needed.

Apart from that, HermitCore can also operate as a Multi-Kernel on dedicated CPU cores side by side to Linux. This enables scenarios where the performance-critical part of an application runs inside HermitCore while Linux provides a fully-weight kernel for pre- and post-processing.

The Rust programming language

Rust is a programming language invented by Graydon Hoare and sponsored by Mozilla Research since 2009. As a compiled systems language with deterministic memory management, it competes directly with C and C++, but puts a special emphasis on safety and concurrency. Examples for such features include bounds-checked indexing, variables being private and immutable by default, guaranteed validity of memory references, and ensuring that only one mutable reference to a variable exists at the same time. These rules are checked at compile time, so they don’t incur runtime costs and it is impossible to violate them accidentally. By employing these techniques, Rust tries to eliminate the most common programming mistakes such as buffer overflows, accessing invalid pointers, and data races in multithreaded code. These rank among the top software security issues.

My work

My task was to evaluate the suitability of the Rust language and toolchain for writing an operating system. I analyzed the existing C code of HermitCore component by component, rewrote it in Rust, and integrated it into the library operating system. Whenever Rust offered a safer or more elegant way of implementing a feature, it was preferred over a direct translation of the C code. However, a focus also lay on maintaining compatibility to existing HermitCore applications, in particular its system call interface.

Within the 6 months of thesis work, it was possible to port the entire HermitCore operating system in Unikernel mode to Rust and document the implementation. A new Memory Manager was written, which leverages a generic Free List structure and uniformly supports all page sizes of the x86-64 architecture. The Memory Manager was stress-tested to ensure stability in all memory allocation cases. Furthermore, my new hardware initialization code removes redundant checks and improves several algorithms, like booting application processors or handling multiple APIC modes. Implementing interrupt and exception handlers in Rust reduces their overhead and also the amount of required assembly code. Finally, my task scheduler written in Rust fixes concurrency bugs of the original, features a cleaner design and requires less code for the same functionality.

All in all, Rust has proven to be a viable language for operating system development and the resulting code is shorter, faster in some benchmarks, and easier to maintain. The Rust codebase is also expected to be less prone to bugs due to Rust’s design advantages.

The thesis

Enough said, here are the links to my thesis PDF and the code written during the past 6 months:

I would like to thank Professor Antonello Monti and my supervisor Stefan Lankes for the opportunity to learn Rust within my thesis and port an entire unikernel in that timeframe.
Looking forward to my next Rust project :)