2017-09-15 20:19:19 +00:00
|
|
|
---
|
|
|
|
title: Technology behind robur
|
|
|
|
author: someone
|
|
|
|
abstract: some abstract
|
|
|
|
---
|
|
|
|
|
2017-09-16 15:46:56 +00:00
|
|
|
We develop digital infrastructure with a small footprint. This is in stark
|
|
|
|
contrast with other approaches that try to patch general purpose operating
|
|
|
|
systems by adding more layers of indirection.
|
|
|
|
|
|
|
|
Each piece of digital infrastructure (or service) is (a) written in a high-level
|
|
|
|
memory-safe programming language and (b) specialised to only contain the
|
|
|
|
required functionality at compilation time. This (a) reduces the attack vectors
|
|
|
|
and (b) drastically reduces the attack surface.
|
|
|
|
|
|
|
|
The resulting service is executed as a virtual machine on any modern hypervisor.
|
|
|
|
Its size is usually two orders of magnitude smaller (ranging from kilobytes to
|
|
|
|
16 megabytes) than a UNIX, it boots within milliseconds.
|
|
|
|
|
|
|
|
As programming language we use [OCaml](https://ocaml.org), a multi-paradigm
|
|
|
|
programming language, which unifies functional, imperative, and object-oriented
|
|
|
|
programming. OCaml has an expressive static type system, and type inference. A
|
|
|
|
developer can specify complex invariants in the type system, which are
|
|
|
|
checked at compile time, and violations are caught early.
|
|
|
|
|
|
|
|
We discuss more reasons why we use OCaml [further down](#WhyOCaml).
|
|
|
|
|
|
|
|
## MirageOS
|
|
|
|
|
|
|
|
[MirageOS](https://mirage.io) started as a research project at the University
|
|
|
|
of Cambridge in 2009.
|
|
|
|
|
|
|
|
## Why OCaml
|
|
|
|
|
|
|
|
OCaml code can be very fast (our TLS implementation reaches up to
|
|
|
|
85% of the throughput of OpenSSL), and compiles either to native code on various
|
|
|
|
architectures or to bytecode. It can even compile to JavaScript. OCaml is
|
|
|
|
memory managed, individual developers don't have to manually allocate and
|
|
|
|
release memory (which is a common source of security issues in other operating
|
|
|
|
systems).
|
|
|
|
|
|
|
|
In 2016, Facebook developed [reason](https://reasonml.github.io/), a dialect of
|
|
|
|
OCaml which syntax is closer to JavaScript, and easier to comprehend for
|
|
|
|
beginners. Reason and OCaml code can be easily combined in a single
|
|
|
|
application, since the same compiler is used.
|