# hyperlight-dev/hyperlight

**Attribution required: if you use, quote, or summarise this content, you must credit and link back to [awesome-repositories.com](https://awesome-repositories.com/repository/hyperlight-dev-hyperlight).**

4,462 stars · 187 forks · Rust · Apache-2.0

## Links

- GitHub: https://github.com/hyperlight-dev/hyperlight
- Homepage: https://hyperlight.org
- awesome-repositories: https://awesome-repositories.com/repository/hyperlight-dev-hyperlight.md

## Topics

`hyper-v` `hypervisor` `kvm` `mshv` `rust` `vmm`

## Description

Hyperlight is an embedded virtual machine manager designed to execute guest binaries within hardware-isolated code sandboxes. It utilizes a KVM micro-VM manager to run untrusted third-party code, enforcing strict memory boundaries to prevent unauthorized host access.

The project features a guest-host function bridge that facilitates bidirectional communication and a state snapshot tool for saving and restoring the memory state of a sandbox to reduce startup latency.

The system includes a toolchain for guest binary cross-compilation and mechanisms for managing resource constraints, such as fixed heap and stack memory allocation. It provides primitives for invoking specific functions within the guest and registering host functions for controlled resource access.

## Tags

### Security & Cryptography

- [MicroVM Sandboxes](https://awesome-repositories.com/f/security-cryptography/application-and-system-security/sandbox-and-isolation/isolated-execution-sandboxes/microvm-sandboxes.md) — Implements a KVM-based micro-VM manager to execute untrusted code within hardware-isolated sandboxes. ([source](https://hyperlight.org/guides/getting-started/))
- [Hardware-Isolated Environments](https://awesome-repositories.com/f/security-cryptography/application-and-system-security/sandbox-and-isolation/isolated-execution-sandboxes/hardware-isolated-environments.md) — Uses micro-VMs to create a security layer that enforces hardware-level memory boundaries.
- [Application Sandboxing](https://awesome-repositories.com/f/security-cryptography/application-sandboxing.md) — Embeds hardware-isolated sandboxes into applications to enforce memory boundaries and prevent unauthorized host access.
- [Isolated Code Execution](https://awesome-repositories.com/f/security-cryptography/isolated-code-execution.md) — Provides a secure system for running arbitrary third-party code in isolated environments to prevent unauthorized host access. ([source](https://cdn.jsdelivr.net/gh/hyperlight-dev/hyperlight@main/README.md))

### Software Engineering & Architecture

- [Hardware-Level Isolation](https://awesome-repositories.com/f/software-engineering-architecture/execution-control/namespace-isolation/namespace-provisioners/container-isolation/hardware-level-isolation.md) — Uses KVM-based hardware acceleration to enforce strict memory boundaries and isolate untrusted guest code.
- [Entry Point Resolution](https://awesome-repositories.com/f/software-engineering-architecture/functional-design-patterns/function-naming-patterns/entry-point-resolution.md) — Triggers specific logic inside the sandbox by resolving function names to entry points within the guest binary.
- [Sandbox Resource Caps](https://awesome-repositories.com/f/software-engineering-architecture/resource-usage-caps/sandbox-resource-caps.md) — Allows defining fixed heap and stack memory limits at VM creation to prevent resource exhaustion. ([source](https://hyperlight.org/guides/getting-started/))
- [VM Session State Restoration](https://awesome-repositories.com/f/software-engineering-architecture/plugin-version-management/machine-state-restoration/vm-session-state-restoration.md) — Includes a tool to save and restore the full runtime memory state of a virtual machine.

### Data & Databases

- [State Snapshots](https://awesome-repositories.com/f/data-databases/key-value-persistence-stores/snapshot-persistence/state-snapshots.md) — Saves and restores the entire memory state of a sandbox to eliminate cold-start latency.

### Development Tools & Productivity

- [Resource-Constrained Runtimes](https://awesome-repositories.com/f/development-tools-productivity/scripting-runtimes/resource-constrained-runtimes.md) — Implements a resource-constrained runtime by limiting heap and stack memory for isolated guest environments.
- [Native Binary Toolchains](https://awesome-repositories.com/f/development-tools-productivity/build-tooling/build-orchestration-logic/build-orchestration-configuration/build-automation-systems/build-systems/binary-compilation-toolchains/native-binary-toolchains.md) — Includes a toolchain that compiles source code into specialized binaries tailored for micro-VM execution.

### Networking & Communication

- [Host-Guest Communication Bridges](https://awesome-repositories.com/f/networking-communication/host-guest-communication-bridges.md) — Implements a communication interface that bridges function calls between a host application and a running guest VM.

### Operating Systems & Systems Programming

- [Guest Function Dispatch](https://awesome-repositories.com/f/operating-systems-systems-programming/keyboard-input-modes/host-to-guest-translation/host-to-guest-rpcs/guest-function-dispatch.md) — Provides the ability to trigger specific named functions inside a running sandbox to execute code and receive output. ([source](https://cdn.jsdelivr.net/gh/hyperlight-dev/hyperlight@main/README.md))
- [QEMU KVM](https://awesome-repositories.com/f/operating-systems-systems-programming/virtualization-emulation/virtualization-platforms/virtualization-technologies/virtual-machines/qemu-kvm.md) — Manages lightweight virtual machines using KVM to execute guest binaries with controlled host resource access.
- [Guest-Component Shared Memory](https://awesome-repositories.com/f/operating-systems-systems-programming/guest-host-filesystem-sharing/guest-component-shared-memory.md) — Implements a shared-memory bridge that maps specific functions to shared memory addresses for efficient host-guest communication.

### Programming Languages & Runtimes

- [Embedded Virtual Machines](https://awesome-repositories.com/f/programming-languages-runtimes/embedded-virtual-machines.md) — Designed as a lightweight virtual machine manager that can be embedded into host applications for secure execution.
- [Host Function Exposure](https://awesome-repositories.com/f/programming-languages-runtimes/host-function-exposure.md) — Allows registering host-side functions so that guest code can securely access external data and resources. ([source](https://cdn.jsdelivr.net/gh/hyperlight-dev/hyperlight@main/README.md))
- [Binary Cross-Compilation](https://awesome-repositories.com/f/programming-languages-runtimes/cross-platform-library-compilations/binary-cross-compilation.md) — Provides tools to cross-compile source code into binaries compatible with the micro-VM target. ([source](https://hyperlight.org/guides/getting-started/))

### System Administration & Monitoring

- [Execution Resource Constraints](https://awesome-repositories.com/f/system-administration-monitoring/resource-constraints/algorithmic-resource-limiters/execution-resource-constraints.md) — Enforces fixed heap and stack memory limits at instantiation to prevent guest code from exhausting system resources.
