Unikernels

I proposed the concept of "unikernels" -- single-purpose appliances that are compile-time specialised into standalone bootable kernels, and sealed against modification when deployed to a cloud platform. In return they offer significant reduction in image sizes, improved efficiency and security, and reduce operational costs. I also co-founded the MirageOS project which is one of the first complete unikernel frameworks, and also integrated them to create the Docker for Desktop apps that are used by hundreds of millions of users daily.

While working on Personal Containers in late 2008, I had a need to run lots of distributed edge nodes holding personal data. The state of computer security is generally a disaster when it comes to leaving software unupgraded for even a few months, so building robust infrastructure that normal people could use was proving quite difficult. Meanwhile, my PhD research in building Functional Internet Services had constructed really viable prototypes of network protocols written in pure OCaml, and I'd previously used OCaml industrially in the Xen Hypervisor hypervisor to write lots of system management code.

1 The Early Days

All of these ideas came crashing together in late 2009 and I decided to have a go at putting together a complete OCaml-based operating system. The adventure began with grabbing the Xen mini-os and the C lwIP stack to provide networking and sqlite for persistent storage, and hacking for a few months until everything booted and was reasonably stable. I then convinced Thomas Gazagnaire (then at Inria) to help me with storage integration with OCaml in Statically-typed value persistence for ML and we had a remarkably good prototype that we presented in Turning Down the LAMP: Software Specialisation for the Cloud.

I wrote up my early thoughts on Multiscale not multicore: efficient heterogeneous cloud computing to describe this emerging idea of heterogenous cloud and edge computing combined into a single programming model. After realising that the prototype worked well, I started steadily removing C bindings (like lwIP) and replacing them with pure OCaml code all the way down to the VM Xen interface (e.g. like mirage-tcpip). These early heady days saw lots of prototypes and experimentation:

I experimented with various models for edge computing for personal data handling, such as Unclouded vision and Using Dust Clouds to Enhance Anonymous Communication. These mechanisms are still surprisingly unrealised in the wild, with some aspects becoming popular (e.g. serverless functions), but not the aggregation networks.
In the office next door, @mrry and friends were doing their PhDs and building distributed execution engines. I helped with building out CIEL: A universal execution engine for distributed data-flow computing and experimenting with what a functional interface would look like in DataCaml: distributed dataflow programming in OCaml. As of 2021, I'm revisiting this approach in the context of algebraic effects in our multicore OCaml project.
I looked into closer integration with hypervisors as well, via investigating Reconfigurable Data Processing for Clouds (TL;DR -- too early, but happened a few years later in commercial clouds) and Programming the Xen cloud using OCaml.

2 Building MirageOS and figuring out unikernels

One of the earliest decisions I made in MirageOS was to self-host as soon as possible. I registered openmirage.org in late 2009, and (joined by @mort and @djs55) we had a Xen-based website running in short order in 2010 (now mirage-www). A big boost to the project was winning a grant from the Verisign Infrastructure Awards, which was the first external validation that this thing might be of interest to other people. As my OCaml Labs group grew in the University, more intrepid hackers joined the group and started making MirageOS work properly.

A year of intense work in 2012 turned the prototype into a fully-fleshed out paper which got soundly rejected by the OSDI review committee as we hadn't identified what the core systems research contribution was (as opposed to the impressive programming work, which they acknowledged in the rejection). I'd just gone to visit Timothy Roscoe's group in ETH where they had been working on the Barrelfish multikernel OS, and the answer came right to me while in the pub with Jon Crowcroft. What MirageOS represented was a revival of the concept of library operating systems, but with the additional twist that it specialised the compilation into single-user mode. Thus, I settled on the term "unikernels" to describe this idea and rewrote the paper and duly published it in Unikernels: library operating systems for the cloud.

Publishing a major research paper in ASPLOS led to further momentum and interest:

Dave Scott and I published a note in the Communications of the ACM dubbed Unikernels: Rise of the Virtual Library Operating System which was pretty widely read at the time.
Thomas Gazagnaire moved to Cambridge and started building the storage stack that we'd wanted for years. It was initially called Irminsule: a branch-consistent distributed library database (later shortened to irmin) and kicked off our interest in moving beyond CRDTs to Mergeable persistent data structures. Irmin picked up a life of its own and was later used by Arthur Breitman as the storage stack in the Tezos proof-of-stack blockchain in 2017.
Magnus Skjegstad also returned to the group and we began hacking on real-time edge infrastructure using unikernels, such as Kadupul: Livin' on the Edge with Virtual Currencies and Time-Locked Puzzles. Although this work got put on ice in 2015, I'm revisiting it in 2022 in the context of Interspatial OS.
Thomas Leonard, David Sheets and Balraj Singh joined our burgeoning group and we all prototyped the idea of real-time booting of edge unikernels in Jitsu: Just-In-Time Summoning of Unikernels. This represented the first time we'd booted VMs on ARM, as it was very much a niche architecture for virtualisation back then.
Meanwhile, in the beach in Mirleft in Morrocco, David Kaloper-Meršinjak and Hannes Mehnert built an entire TLS stack in OCaml which we published in Not-Quite-So-Broken TLS. This was a real turning point in the project as it represented an external open source contribution (with both of them joining the University subsequently) and also grew our belief that it wasn't a completely dumb idea to rebuild every Internet protocol in a functional language.

MirageOS also gave us ideas for other top systems research, such as the filesystem verification idas in SibylFS: formal specification and oracle-based testing for POSIX and real-world file systems (which I still intend to use for a proper POSIX compatibility layer on top of Irmin at some point), and FLICK: Developing and Running Application-Specific Network Services (to build domain-specific data processing platforms, something that I'm now working on in 2021 in Trusted Carbon Credits).

3 To Unikernel Systems and Docker

By this point, MirageOS was also a thriving open source community with regular IRC meetings and the beginning of hack retreats. There were several organisations using it, and the overall OCaml community started using some of our protocol implementations independently of the unikernel ideas. For example, the cohttp was something I rapidly hacked together for the ASPLOS deadline, but the Unix/Lwt/Async backends are now used in quite a few major systems (including within Jane Street, no less).

We had to deal with all this growth, as a university isn't the easiest place to have a very large group. In 2015, Balraj Singh (who had made huge contributions to the Mirage TCP/IP stack) Thomas Gazagnaire and myself founded Unikernel Systems along with Jeremy Yallop, Thomas Leonard, Magnus Skjegstad, Mindy Preston, Justin Cormack, David Sheets, Amir Chaudhry, and Dave Scott. After a fun few months pitching to west coast VCs in California (including fun chats with the likes of Jerry Yang), Peter Fenton from Benchmark convinced us to meet Solomon Hykes over at Docker. This conversation changed the course of our careers, as he shared his vision for the future of containerisation and how unikernels could fit in there.

A short set of negotiations later, and Unikernel Systems was acquired by Docker in 2016. We spent a very fun couple of years commercialising the technology and incorporating it into Docker for Desktop. Our work ended up shipping as Docker for Desktop which remains one of the most popular developer tools in the world, and I describe its architecture in this talk.

4 Unikernels in 2021 and beyond

Our startup aside, the core development of MirageOS continued to be nicely distributed in several spinouts:

KC Sivaramakrishnan and Gemma Gordon founded OCLC in 2016 as a commercial spinout from the university group to drive OCaml tooling and core compiler development.
Hannes Mehnert setup the <robur.io> cooperative in late 2017 with a large set of Mirage projects.
Thomas Gazagnaire founded Tarides in 2018 after leaving Docker, where they maintain MirageOS and drive development of the Irmin storage stack in particular.

The wider industry also saw a number of interesting spinouts, as many other communities also latched on to the ideas of unikernels and began their own language-specific and domain-specific versions. I joined the advisory boards of IncludeOS (now sadly defunct) and Zededa (now thankfully going from strength to strength in edge computing) to help guide strategy and adoption outside of just MirageOS. Dr Pierre Oliver maintains a great list of unikernel papers where you can see the diversity and interest in unikernels. One of the most exciting implementations of a C-based unikernel can be found in Unikraft.

As for my interest in unikernels moving forward? My heart always remains in finding the intersection of safety and performance, which means I mostly pay attention to language-based approaches. MirageOS continues to thrive (particularly with the effect system being integrated into OCaml in 2022, which will really change the way we develop OCaml code for embedded systems). Since 2020, I've been investigating the application of DIFC to embedded infrastructure, for example via Snape: The Dark Art of Handling Heterogeneous Enclaves.

The unikernel approach has also found new applications in ultra-low-power computing and edge AI deployment, where the security and efficiency benefits align well with the constraints of energy-harvesting and intermittent operation scenarios explored in our Interspatial OS work.

In 2025, we were also honoured to receive a most influential paper award from ASPLOS for the original paper, validating the long-term impact of the unikernel approach on systems research.

Activity

My (very) fast zero-allocation webserver using OxCamlFeb 2026

Building httpz, a high-performance HTTP/1.1 parser with zero heap allocation using OxCaml's unboxed types, local allocations, and mutable local variables.

Benchmarking Ultra-Low-Power μNPUsNov 2025

Josh Millar, Yushan Huang et al. — Proceedings of the 31st Annual International Conference on Mobile Computing and Networking

Functional Networking for Millions of Docker DesktopsAug 2025

Anil Madhavapeddy, David J. Scott et al. — Proceedings of ACM Programming Languages

Steps towards an ecology of the InternetJun 2025

Paper exploring biological ecosystem models as inspiration for Internet architecture evolution towards trillion-node scale at Aarhus 2025.

Energy-Aware Deep Learning on Resource-Constrained HardwareMay 2025

Josh Millar, Hamed Haddadi et al.

Webassembly on exotic architectures (a 2025 roundup)Apr 2025

Survey of WebAssembly implementations on non-traditional targets including native Linux port, kernel-mode runtime, POSIX browser support and FPGA ports.

Unikernels wins the ASPLOS most influential paper awardApr 2025

2013 MirageOS unikernels paper wins ASPLOS influential paper award with reflections on the journey from rejection to recognition.

AboutFeb 2025

Professor Anil Madhavapeddy's research combines computer science and conservation at the University of Cambridge

Arise Bushel, my sixth generation oxidised websiteJan 2025

Learn about my sixth generation oxidised website built with a bleeding-edge OCaml variant.

Trusted Carbon CreditsJan 2021

Rebuilding Operating Systems with Functional PrinciplesFeb 2020

Part 1 of my distinguished lecture series at St Andrews.

The First Billion Real Deployments of UnikernelsFeb 2020

Part 2 of my distinguished lecture series at St Andrews.

Programming the Next Trillion Embedded DevicesFeb 2020

Part 3 of my distinguished lecture series at St Andrews.

Snape: The Dark Art of Handling Heterogeneous EnclavesMar 2019

Zahra Tarkhani, Anil Madhavapeddy et al. — Proceedings of the 2nd International Workshop on Edge Systems, Analytics and Networking

A strongly consistent index for email using git and MirageOSJan 2019

Completed · Part II

Distributed Task Scheduling Framework over IrminJan 2019

Completed · Part II

CausalRPC: a traceable distributed computation frameworkJan 2018

Completed · Part II

Interspatial OSJan 2018

Unikernels: the rise of the library hypervisor in MirageOSOct 2016

At DockerCon, speaking to the audience about the integration of unikernels with library hypervisor in order to deliver Docker for Desktop

Ian Eyberg, Joshua Bernstein, Anil Madhavapeddy at OSCON in AustinJun 2016

In this episode of The New Stack Makers, I speak to Alex Williams abot unikernels and Docker.

FLICK: Developing and Running Application-Specific Network ServicesJun 2016

Abdul Alim, Richard G. Clegg et al. — 2016 USENIX Annual Technical Conference

Unikernel Systems is now part of DockerJan 2016

Announcing the acquisition of Unikernel Systems by Docker to the world.

Unikernel Systems acquired by DockerJan 2016

Docker acquires Unikernel Systems to bring unikernel tech to developers and IT pros.

SibylFS: formal specification and oracle-based testing for POSIX and real-world file systemsOct 2015

Tom Ridge, David Sheets et al. — Proceedings of the 25th ACM Symposium on Operating Systems Principles (SOSP)

Immutable Distributed Infrastructure with UnikernelsSep 2015

Invited talk at NetPL 2015 on immutable infrastructure

Not-Quite-So-Broken TLSAug 2015

David Kaloper-Mersinjak, Hannes Mehnert et al. — 24th USENIX Security Symposium (USENIX Security 15)

Unikernels: Functional Infrastructure with Mirage OSMay 2015

At Esper's OCaml Meetup in California speaking about MirageOS and unikernels to a packed room.

Jitsu: Just-In-Time Summoning of UnikernelsMay 2015

Anil Madhavapeddy, Thomas Leonard et al. — 12th USENIX Symposium on Networked Systems Design and Implementation (NSDI 15)

Kadupul: Livin' on the Edge with Virtual Currencies and Time-Locked PuzzlesMay 2015

Magnus Skjegstad, Anil Madhavapeddy et al. — Proceedings of the 2015 Workshop on Do-it-yourself Networking: an Interdisciplinary Approach

BOB 2015 Keynote: Towards Functional Operating SystemsJan 2015

Opening speaker at BOB 2015 on functional operating systems

Mergeable persistent data structuresJan 2015

Benjamin Farinier, Thomas Gazagnaire et al. — Vingt-sixiemes Journees Francophones des Langages Applicatifs (JFLA 2015)

Just-in-Time Summoning of Unikernels at New directions in OSNov 2014

Talking in London at New Directions in Operating Systems

MirageOS 2.0: branch consistency for Xen Stub DomainsOct 2014

At the Xen Summit explaining how Irmin+MirageOS can build stub domains for Xen hosts

Haskell Symposium 2014 Keynote on functional OS designSep 2014

Me slightly nervously talking to a bunch of Haskellers about OCaml modules.

Irminsule: a branch-consistent distributed library databaseSep 2014

Thomas Gazagnaire, Amir Chaudhry et al. — the 4th ACM OCaml Users and Developers Workshop

FLOSS Weekly 302: Open MirageJul 2014

Randal Schwartz and Simon Phipps interview Anil Madhavapeddy about MirageOS on the FLOSS Weekly podcast (Episode 302)

SE Radio Episode 204: Anil Madhavapeddy on the Mirage Cloud Operating System and the OCaml LanguageMay 2014

I talk to Robert Blumen about OCaml and MirageOS on the Software Engineering Radio podcast

Consolidating Trust for Client Groups that use TLS to Secure ConnectionsJan 2014

Completed · Part II

MirageOS and XAPI project update at XenSummitNov 2013

Announcing the MirageOS 1.0 release at the Xen Summit 2013

Unikernels: Rise of the Virtual Library Operating SystemNov 2013

Anil Madhavapeddy, Dave Scott — ACM Queue

Trevi: watering down storage hotspots with cool fountain codesNov 2013

George Parisis, Toby Moncaster et al. — Proceedings of the Twelfth ACM Workshop on Hot Topics in Networks

Mirage Developer Preview 1 screencastJul 2013

The MirageOS Developer Preview 1 screencast, showing how to initialise and build Unix and Xen kernels.

Unikernels: library operating systems for the cloudMar 2013

Anil Madhavapeddy, Richard Mortier et al. — Proceedings of the 18th international conference on architectural support for programming languages and operating systems (ASPLOS)

Programming the Xen cloud using OCamlSep 2012

Dave Scott, Richard Sharp et al. — the 1st ACM OCaml Users and Developers Workshop

Cost, Performance & Flexibility in OpenFlow: Pick threeJun 2012

Charalampos Rotsos, Richard Mortier et al. — 2012 IEEE International Conference on Communications (ICC)

The case for reconfigurable I/O channelsMar 2012

Steven Smith, Anil Madhavapeddy et al. — RESoLVE workshop at ASPLOS

OCaml LabsJan 2012

OCaml Meeting 2011 - MirageOSOct 2011

The OCaml Meeting 2011 talk on MirageOS in France, with full notes in

Extending 64-bit MIPS support for LLVMAug 2011

Completed

Control flow analysis for privilege separationAug 2011

Completed

DataCaml: distributed dataflow programming in OCamlJun 2011

DataCaml brings distributed dataflow programming to OCaml using the CIEL engine.

Reconfigurable Data Processing for CloudsMay 2011

Anil Madhavapeddy, Satnam Singh — 2011 IEEE 19th Annual International Symposium on Field-Programmable Custom Computing Machines

Statically-typed value persistence for MLMar 2011

Thomas Gazagnaire, Anil Madhavapeddy — Workshop on Generative Technologies

CIEL: A universal execution engine for distributed data-flow computingMar 2011

Derek G Murray, Malte Schwarzkopf et al. — 8th USENIX Symposium on Networked Systems Design and Implementation (NSDI 11)

Unclouded visionJan 2011

Jon Crowcroft, Anil Madhavapeddy et al. — Proceedings of the 12th International Conference on Distributed Computing and Networking

Mirage: A New Multi-Scale Operating System for Clouds and Crowds (2014)Oct 2010

An early tech talk at LinkedIn on MirageOS

Turning Down the LAMP: Software Specialisation for the CloudJun 2010

The first outing for MirageOS at USENIX HotCloud 2010

Turning Down the LAMP: Software Specialisation for the CloudJun 2010

Anil Madhavapeddy, Richard Mortier et al. — 2nd USENIX Workshop on Hot Topics in Cloud Computing (HotCloud 10)

Multiscale not multicore: efficient heterogeneous cloud computingApr 2010

Anil Madhavapeddy, Richard Mortier et al. — Proceedings of the 2010 ACM-BCS Visions of Computer Science Conference

Using Dust Clouds to Enhance Anonymous CommunicationMar 2010

Richard Mortier, Anil Madhavapeddy et al. — Security Protocols XVIII

Personal ContainersJan 2009

Functional Internet ServicesJan 2003

Xen HypervisorJan 2002