[gpderetta]

What about multiprocessing? I assume that MirageOS can take advantage of multiple cores (or do you need separate instances per core?). In this case is the system still shared memory?

Also I would say there are reasons for isolation beyond memory safety.

[hannesm]

MirageOS is - similar to the latest OCaml release - only using a single CPU core. You can run multiple unikernels, one on each core. If doing that, you can use Xen vchan (shared memory), or TCP for marshalling.

> Also I would say there are reasons for isolation beyond memory safety.

Would you mind to elaborate which reasons you are thinking of?

[gpderetta]

> MirageOS is - similar to the latest OCaml release - only using a single CPU core.

Thanks. Is that going to change now that OCaml is finally getting proper multicore support?

>> Also I would say there are reasons for isolation beyond memory safety. >Would you mind to elaborate which reasons you are thinking of?

Memory safety in a sense protects the integrity of the 'runtime', but only partially help to protect business level integrity. A task might still tricked (by mistake or malice) to access objects it is not supposed to. I'm sure that OCaml has enough abstractions to help prevent that, but full isolation of tasks is a blunt and effective tool.

[0xbkt]

> only using a single CPU core

How does it go when you deploy a unikernel on EC2 (or on any IaaS where the hypervisor is managed unlike bare-metal) with multiple cores? Is there a way to start a unikernel per core on a single instance, or are you bound to use single core instance types only?