by jasonwhite on 11/22/22, 6:39 PM
TL;DR: This is a Rust project that forces deterministic execution of arbitrary programs and acts like a reproducible container. That is, it
hermetically isolates the program from sources of non-determinism such as time, thread interleavings, random number generation, etc. Guaranteed determinism is a powerful tool and it serves as a basis for a number of applications, including concurrency stress testing, record/replay, reproducible builds, automatic diagnosis of concurrency bugs, and more.
I've been on the team working on this project over the past ~2 years. AMA!
Here is the GitHub repository: https://github.com/facebookexperimental/hermit
by alex_suzuki on 11/22/22, 7:22 PM
Is it just me or are we experiencing an uptick in high-quality, sophisticated software projects being open-sourced by FAANG companies?
by rrnewton on 11/22/22, 6:12 PM
This has been the culmination of several years of work intercepting and sanitizing the Linux system call API. It's now open source.
by theamk on 11/22/22, 11:16 PM
missing from blog post: overhead of the system. The full paper provides answer:
> IO-intensive software builds have an average overhead of 3.49x, while a compute-bound bioinformatics workflow is under 2%.
by srosenberg on 11/22/22, 8:54 PM
Great work and thanks for making it OSS! I was familiar with the prior (academic) work and its limitations, specifically TCP/IP. Could you elaborate on how you solved that problem?
by wyldfire on 11/23/22, 4:49 AM
Some many years ago there was a commercial product called Jinx debugger [1]. I think I only ever got to kick the tires and find out I couldn't get the hypervisor to run on my machine.
Good to see Meta making more practical Open Source tools like this (and BOLT).
[1] https://en.wikipedia.org/wiki/Jinx_Debugger
by daniel-levin on 11/22/22, 8:16 PM
Neat! This is the direction I’d hoped to see gvisor go in. What’s the reasoning for building from scratch and not piggybacking off gvisor?
by eatonphil on 11/23/22, 12:02 AM
I don't know for sure if they use sysemu in ptrace to do this (just that they use ptrace) but here's an awesome blog post that shows how you could build an emulator with just ptrace's sysemu:
https://nullprogram.com/blog/2018/06/23/.
by mrich on 11/23/22, 7:20 AM
Performance is much better than UndoDB I suppose? Are there any sources of nondeterminism UndoDB handles but hermit does not?
by teknopaul on 11/22/22, 8:19 PM
Can you explain how making flakey tests, not flakey, helps find bugs. I would have thought these differences are essentially free fuzzing and desirable?
by topazas on 11/22/22, 7:39 PM
maybe symbolic execution also can be included here?