Skip to content

v0.16.0

Choose a tag to compare

View all tags
@clemlesne clemlesne released this 26 Feb 20:23
· 176 commits to main since this release
v0.16.0
a495df9

Highlights

L1 memory snapshots — VMs now restore from a full memory snapshot in ~100ms, skipping the 10–15s interpreter startup. First request boots cold and saves state in the background; all subsequent requests restore instantly. Sits between the warm pool (1–2ms) and disk snapshots (~400ms) in the cache hierarchy.

EROFS rootfs — Read-only compressed filesystem replaces ext4. Faster reads, smaller images, inline small files. Snapshots use overlayfs (EROFS base + ext4 overlay) with drives identified by virtio serial number, fixing ARM device enumeration ordering.

CRNG reseeding — VMs restored from memory snapshots now reseed the kernel RNG before every command, preventing cloned VMs from producing identical random output.

Performance

  • REPL warm-up moved to background — Warm pool VMs now block until the interpreter is fully loaded. First-call latency previously deferred to the caller is eliminated.
  • O(n²) stderr processing fixed — Buffer was copied on every newline extraction; now drained in-place.
  • L1 restore poll interval 50ms → 5ms — Reduces idle wait per restore.
  • Page cache prefetch — vmstate files pre-warmed before concurrent restores via F_RDADVISE / posix_fadvise.
  • Cgroup memory overhead 200 → 64 MB — Reflects actual microvm/virt overhead (measured 35–50MB), frees 136MB per concurrent VM.

Security

  • All security tests run in both hwaccel and TCG — Properties verified regardless of QEMU backend.
  • Modern TCG CPU models — ARM64: neoverse-n2 (PAC, BTI, SVE, MTE). x86_64: SapphireRapids-v2 (full Spectre/MDS flags).
  • Nested virt masked on x86_64host,-svm,-vmx (CVE-2024-50115).
  • cpuidle gating — haltpoll on KVM only; disabled on HVF/TCG (was ~65% idle CPU per vCPU).
  • ISA floppy disabled on pc machine type.
  • Cache dirs moved from /tmp to OS-specific user cache paths.

Logging & Diagnostics

  • --debug flag — Streams boot logs to stderr and enables DEBUG level.
  • Centralized loggingNullHandler, _ClickHandler, EXEC_SANDBOX_LOG_LEVEL env var.
  • In-memory boot log ring buffer replaces file-based console log.
  • on_boot_log streaming callback for programmatic boot log access.
  • Execution timing instrumentation[timing] log lines across the REPL critical path.

Bug Fixes

  • Scheduler shutdown deadlock — warm pool now drains before awaiting background L1 saves.
  • spawn_ms now reports actual elapsed time (was hardcoded to 0 on cache hit).
  • Bun 1.3.5 → 1.3.10 — fixes top-level await in REPL.
  • CancelledError no longer escapes when macOS QEMU exits cleanly during boot.
  • allowed_domains forwarded through L1 restore path.
  • grant_qemu_vm_file_access() for snapshot and vmstate file permissions.

Other

  • GNU sed, gawk, grep, findutils, diffutils, patch, less, make, tree added to VM images.
  • Boot timeouts increased (30→45s, 3→4 retries) for CI nested virtualization.
  • transparent_hugepage=never on cmdline; EROFS large folios work regardless.
  • EROFS parallel decompression at SCHED_FIFO priority.

Full diff: v0.15.1...v0.16.0 — 77 files changed, +7,733 / −2,211

Assets 26
Loading