vrr/ruvector
2
0
Fork 0
mirror of https://github.com/ruvnet/RuVector.git synced 2026-05-25 23:24:03 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
ruvector/crates/rvm/benches
History
Exact
Reuven 639625efcc feat(rvm): security audit remediation, TEE cryptographic verification, performance hardening 
Complete security audit remediation across all 14 RVM hypervisor crates:

Security (87 findings fixed — 11 critical, 23 high, 30 medium, 23 low):
- HAL: SPSR_EL2 sanitization before ERET, per-partition VMID with TLB flush,
  2MB mapping alignment enforcement, UART TX timeout
- Proof: Real P3 verification replacing stubs (Hash/Witness/ZK tiers),
  SecurityGate self-verifies P3 (no caller-trusted boolean)
- Witness: SHA-256 chain hashing (ADR-142), strict signing default,
  NullSigner test-gated, XOR-fold hash truncation
- IPC: Kernel-enforced sender identity, channel authorization
- Cap: GRANT_ONCE consumption, delegation depth overflow protection,
  owner verification, derivation tree slot leak rollback
- Types: PartitionId validation (reject 0/hypervisor, >4096)
- WASM: Target/length validation on send(), module size limit, quota dedup
- Scheduler: Binary heap run queue, epoch wrapping_add, SMP cpu_count enforcement
- All integer overflow paths use wrapping_add/saturating_add/checked_add

TEE implementation (ADR-142, all 4 phases):
- Phase 1: SHA-256 replaces FNV-1a in witness chain, attestation, measured boot
- Phase 2: WitnessSigner trait with SignatureError enum, HmacSha256WitnessSigner,
  Ed25519WitnessSigner (verify_strict), DualHmacSigner, constant_time.rs
- Phase 3: SoftwareTeeProvider/Verifier, TeeWitnessSigner<P,V> pipeline
- Phase 4: SignedSecurityGate, WitnessLog::signed_append, CryptoSignerAdapter,
  ProofEngine::verify_p3_signed, KeyBundle derivation infrastructure
- subtle crate integration for ConstantTimeEq

Performance (26 optimizations):
- O(1) lookups: IPC channel, partition, coherence node, nonce replay
- Binary max-heap scheduler queue (O(log n) enqueue/dequeue)
- Coherence adjacency matrix + cached per-node weights
- BuddyAllocator trailing_zeros bitmap scan + precomputed bit_offset LUT
- Cache-line aligned SwitchContext (hot fields first) and PerCpuScheduler
- DerivationTree O(1) parent_index, combined region overlap+free scan
- #[inline] on 11+ hot-path functions, FNV-1a 8x loop unroll
- CapSlot packing (generation sentinel), RunQueueEntry sentinel, MessageQueue bitmask

Documentation:
- ADR-142: TEE-Backed Cryptographic Verification (with 6 reviewer amendments)
- ADR-135 addendum: P3 no longer deferred
- ADR-132 addendum: DC-3 deferral resolved
- ADR-134 addendum: SHA-256 + HMAC signatures

752 tests, 0 failures across 11 library crates + integration suite.

Co-Authored-By: claude-flow <ruv@ruv.net>
2026-04-04 18:01:48 -04:00
..
benches feat(rvm): security audit remediation, TEE cryptographic verification, performance hardening 2026-04-04 18:01:48 -04:00
src feat(rvm): RVM — Coherence-Native Microhypervisor for the Agentic Age 2026-04-04 12:10:19 -04:00
Cargo.toml feat(rvm): RVM — Coherence-Native Microhypervisor for the Agentic Age 2026-04-04 12:10:19 -04:00
README.md feat(rvm): RVM — Coherence-Native Microhypervisor for the Agentic Age 2026-04-04 12:10:19 -04:00

README.md

rvm-benches

Criterion benchmarks for performance-critical RVM subsystems.

This crate contains micro-benchmarks for the hot paths identified in the RVM design constraints. It is not published and exists solely for cargo bench performance validation.

Benchmarks

Benchmark File What it Measures
coherence benches/coherence.rs EmaFilter::update throughput (fixed-point EMA computation)
witness benches/witness.rs WitnessLog::append throughput (256-slot ring buffer)

A placeholder benchmark (rvm_bench.rs) is also present for future expansion.

Running

cargo bench -p rvm-benches

Workspace Dependencies

  • rvm-types
  • rvm-cap
  • rvm-witness
  • rvm-sched
  • rvm-coherence
  • criterion