---
title: Technology behind robur
author: someone
abstract: some abstract
---

We develop digital infrastructure with a small footprint.  This is in stark
contrast with other approaches that try to patch general purpose operating
systems by adding more layers of indirection.

Each piece of digital infrastructure (or service) is (a) written in a high-level
memory-safe programming language and (b) specialised to only contain the
required functionality at compilation time.  This (a) reduces the attack vectors
and (b) drastically reduces the attack surface.

The resulting service is executed as a virtual machine on any modern hypervisor.
Its size is usually two orders of magnitude smaller (ranging from kilobytes to
16 megabytes) than a UNIX, it boots within milliseconds.

As programming language we use [OCaml](https://ocaml.org), a multi-paradigm
programming language, which unifies functional, imperative, and object-oriented
programming.  OCaml has an expressive static type system, and type inference.  A
developer can specify complex invariants in the type system, which are
checked at compile time, and violations are caught early.

We discuss more reasons why we use OCaml [further down](#WhyOCaml).

## MirageOS

[MirageOS](https://mirage.io) started as a research project at the University
of Cambridge in 2009.

## Why OCaml

OCaml code can be very fast (our TLS implementation reaches up to
85% of the throughput of OpenSSL), and compiles either to native code on various
architectures or to bytecode.  It can even compile to JavaScript.  OCaml is
memory managed, individual developers don't have to manually allocate and
release memory (which is a common source of security issues in other operating
systems).

In 2016, Facebook developed [reason](https://reasonml.github.io/), a dialect of
OCaml which syntax is closer to JavaScript, and easier to comprehend for
beginners.  Reason and OCaml code can be easily combined in a single
application, since the same compiler is used.