Show HN: Sub-millisecond VM sandboxes using CoW memory forking

I wanted to see how fast an isolated code sandbox could start if I never had to boot a fresh VM. So instead of launching a new microVM per execution, I boot Firecracker once with Python and numpy already loaded, then snapshot the full VM state. Every execution after that creates a new KVM VM backed by a `MAP_PRIVATE` mapping of the snapshot memory, so Linux gives me copy-on-write pages automatically. That means each sandbox starts from an already-running Python process inside a real VM, runs the code, and exits. These are real KVM VMs, not containers: separate guest kernel, separate guest memory, separate page tables. When a VM writes to memory, it gets a private copy of that page. The hard part was not CoW itself. The hard part was resuming the snapshotted VM correctly. Rust, Apache 2.0. Comments URL: https://news.ycombinator.com/item?id=47412569 Points: 9 # Comments: 0

Show HN: Sub-millisecond VM sandboxes using CoW memory forking

Related Articles

Android Remote Compose：讓 Android UI 不用發版也能更新

Learn Something Old Every Day, Part XVIII: How Does FPU Detection Work?

“Learn to Code” Is Dead… Learn to Think Instead

How One File Makes Claude Code Actually Follow Your Instructions

LeetCode Solution: 121. Best Time to Buy and Sell Stock

Related Articles

How-To
Android Remote Compose：讓 Android UI 不用發版也能更新
Medium Programming • 4d ago

How-To
Learn Something Old Every Day, Part XVIII: How Does FPU Detection Work?
Lobsters • 5d ago

How-To
“Learn to Code” Is Dead… Learn to Think Instead
Medium Programming • 5d ago

How-To
How One File Makes Claude Code Actually Follow Your Instructions
Medium Programming • 5d ago

How-To
LeetCode Solution: 121. Best Time to Buy and Sell Stock
Dev.to Tutorial • 5d ago