{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,25]],"date-time":"2026-02-25T07:24:28Z","timestamp":1772004268598,"version":"3.50.1"},"reference-count":60,"publisher":"Association for Computing Machinery (ACM)","issue":"ICFP","content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["Proc. ACM Program. Lang."],"published-print":{"date-parts":[[2025,8,5]]},"abstract":"<jats:p>Docker is a developer tool used by millions of developers to build, share and run software stacks. The Docker Desktop clients for Mac and Windows have long used a novel combination of virtualisation and OCaml unikernels to seamlessly run Linux containers on these non-Linux hosts. We reflect on a decade of shipping this functional OCaml code into production across hundreds of millions of developer desktops, and discuss the lessons learnt from our experiences in integrating OCaml deeply into the container architecture that now drives much of the global cloud. We conclude by observing just how good a fit for systems programming that the unikernel approach has been, particularly when combined with the OCaml module and type system.<\/jats:p>","DOI":"10.1145\/3747525","type":"journal-article","created":{"date-parts":[[2025,8,5]],"date-time":"2025-08-05T16:56:02Z","timestamp":1754412962000},"page":"597-615","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":11,"title":["Functional Networking for Millions of Docker Desktops (Experience Report)"],"prefix":"10.1145","volume":"9","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-8954-2428","authenticated-orcid":false,"given":"Anil","family":"Madhavapeddy","sequence":"first","affiliation":[{"name":"University of Cambridge, Cambridge, United Kingdom"}]},{"ORCID":"https:\/\/orcid.org\/0009-0006-5555-9671","authenticated-orcid":false,"given":"David J.","family":"Scott","sequence":"additional","affiliation":[{"name":"Docker, Inc., Cambridge, United Kingdom"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0778-8828","authenticated-orcid":false,"given":"Patrick","family":"Ferris","sequence":"additional","affiliation":[{"name":"University of Cambridge, Cambridge, United Kingdom"}]},{"ORCID":"https:\/\/orcid.org\/0009-0009-5702-3143","authenticated-orcid":false,"given":"Ryan T.","family":"Gibb","sequence":"additional","affiliation":[{"name":"University of Cambridge, Cambridge, United Kingdom"}]},{"ORCID":"https:\/\/orcid.org\/0009-0001-6893-4630","authenticated-orcid":false,"given":"Thomas","family":"Gazagnaire","sequence":"additional","affiliation":[{"name":"Tarides, Paris, France"}]}],"member":"320","published-online":{"date-parts":[[2025,8,5]]},"reference":[{"key":"e_1_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1145\/2951913.2976746"},{"key":"e_1_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-18381-2_8"},{"key":"e_1_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1145\/3465402"},{"key":"e_1_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1145\/945445.945462"},{"key":"e_1_2_1_5_1","unstructured":"Vincent Batts. 2016. Open Containers Initiative Image Specification. https:\/\/github.com\/opencontainers\/image-spec"},{"key":"e_1_2_1_6_1","volume-title":"9th USENIX Symposium on Operating Systems Design and Implementation (OSDI 10)","author":"Ben-Yehuda Muli","year":"2010","unstructured":"Muli Ben-Yehuda, Michael D Day, Zvi Dubitzky, Michael Factor, Nadav Har\u2019El, Abel Gordon, Anthony Liguori, Orit Wasserman, and Ben-Ami Yassour. 2010. The turtles project: Design and implementation of nested virtualization. In 9th USENIX Symposium on Operating Systems Design and Implementation (OSDI 10). USENIX Association."},{"key":"e_1_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1023\/A:1014403914699"},{"key":"e_1_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/2723872.2723882"},{"key":"e_1_2_1_9_1","unstructured":"Brendan Burns Joe Beda Kelsey Hightower and Lachlan Evenson. 2022. Kubernetes: up and running. OReilly Media."},{"key":"e_1_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-27308-2_47"},{"key":"e_1_2_1_11_1","unstructured":"DataDog. 2015. Surprising Facts about Real Docker Adoption. https:\/\/www.datadoghq.com\/docker-adoption\/"},{"key":"e_1_2_1_12_1","unstructured":"Docker. 2024. Docker Stack Overflow Survey: Thank You. https:\/\/www.docker.com\/blog\/docker-stack-overflow-survey-thank-you-2024"},{"key":"e_1_2_1_13_1","volume-title":"Multicore OCaml. In the 4th ACM OCaml Users and Developers Workshop.","author":"Dolan Stephen","year":"2014","unstructured":"Stephen Dolan, Leo White, and Anil Madhavapeddy. 2014. Multicore OCaml. In the 4th ACM OCaml Users and Developers Workshop."},{"key":"e_1_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/1411204.1411255"},{"key":"e_1_2_1_15_1","volume-title":"ACM SIGPLAN Workshop on ML.","author":"Garrigue Jacques","year":"2010","unstructured":"Jacques Garrigue and Alain Frisch. 2010. First-class modules and composable signatures in Objective Caml 3.12. In ACM SIGPLAN Workshop on ML."},{"key":"e_1_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/3704859"},{"key":"e_1_2_1_17_1","unstructured":"Bob Glickstein and K. Hodgson. 1998. GNU Stow\u2014Managing the Installation of Software Packages. https:\/\/www.gnu.org\/software\/stow\/"},{"key":"e_1_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1145\/360303.360333"},{"key":"e_1_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/1364782.1364786"},{"key":"e_1_2_1_20_1","unstructured":"Solomon Hykes. 2013. The future of Linux containers. https:\/\/www.youtube.com\/watch?v=wW9CAH9nSLs"},{"key":"e_1_2_1_21_1","unstructured":"Docker Inc and the MirageOS team. 2025. OCaml QCow. https:\/\/github.com\/mirage\/ocaml-qcow\/tree\/main\/lib"},{"key":"e_1_2_1_22_1","doi-asserted-by":"crossref","first-page":"191","DOI":"10.58346\/JISIS.2024.I3.011","article-title":"Understanding the Effectiveness of SBOM Generation Tools for Manually Installed Packages in Docker Containers","volume":"14","author":"Kawaguchi Nobutaka","year":"2024","unstructured":"Nobutaka Kawaguchi, Charles Hart, and Hiroki Uchiyama. 2024. Understanding the Effectiveness of SBOM Generation Tools for Manually Installed Packages in Docker Containers. Journal of Internet Services and Information Security, 14, 3 (2024), 191\u2013212.","journal-title":"Journal of Internet Services and Information Security"},{"key":"e_1_2_1_23_1","volume-title":"OCaml Workshop. 36","author":"Leonard Thomas","year":"2023","unstructured":"Thomas Leonard, Patrick Ferris, Christiano Haesbaert, Lucas Pluvinage, Vesa Karvonen, Sudha Parimala, K Sivaramakrishnan, Vincent Balat, and Anil Madhavapeddy. 2023. Eio 1.0-effects-based IO for OCaml 5. In OCaml Workshop. 36."},{"key":"e_1_2_1_24_1","unstructured":"Xavier Leroy Damien Doligez Alain Frisch Jacques Garrigue Didier R\u00e9my KC Sivaramakrishnan and J\u00e9r\u00f4me Vouillon. 2023. The OCaml system release 5.1: Documentation and user\u2019s manual. Ph. D. Dissertation. Inria."},{"key":"e_1_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/3674642"},{"key":"e_1_2_1_26_1","unstructured":"Anil Madhavapeddy. 2016. Improving Docker with Unikernels: Introducing HyperKit VPNKit and DataKit. https:\/\/www.docker.com\/blog\/docker-unikernels-open-source\/"},{"key":"e_1_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1145\/1272998.1273009"},{"key":"e_1_2_1_28_1","volume-title":"Jitsu: Just-In-Time Summoning of Unikernels. In 12th USENIX Symposium on Networked Systems Design and Implementation (NSDI 15)","author":"Madhavapeddy Anil","year":"2015","unstructured":"Anil Madhavapeddy, Thomas Leonard, Magnus Skjegstad, Thomas Gazagnaire, David Sheets, Dave Scott, Richard Mortier, Amir Chaudhry, Balraj Singh, Jon Ludlam, Jon Crowcroft, and Ian Leslie. 2015. Jitsu: Just-In-Time Summoning of Unikernels. In 12th USENIX Symposium on Networked Systems Design and Implementation (NSDI 15). USENIX Association, Oakland, CA. 559\u2013573. isbn:978-1-931971-218 https:\/\/www.usenix.org\/conference\/nsdi15\/technical-sessions\/presentation\/madhavapeddy"},{"key":"e_1_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1017\/9781009129220"},{"key":"e_1_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1145\/2451116.2451167"},{"key":"e_1_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/2557963.2566628"},{"key":"e_1_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1145\/1411304.1411311"},{"key":"e_1_2_1_33_1","volume-title":"2018 IEEE 19th International Conference on High Performance Switching and Routing (HPSR). 1\u20138.","author":"Miano Sebastiano","year":"2018","unstructured":"Sebastiano Miano, Matteo Bertrone, Fulvio Risso, Massimo Tumolo, and Mauricio V\u00e1squez Bernal. 2018. Creating complex network services with ebpf: Experience and lessons learned. In 2018 IEEE 19th International Conference on High Performance Switching and Routing (HPSR). 1\u20138."},{"key":"e_1_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/3236774"},{"key":"e_1_2_1_35_1","unstructured":"Sam Newman. 2021. Building microservices. OReilly Media."},{"key":"e_1_2_1_36_1","volume-title":"Stack Overflow Developer Survey","author":"Overflow Stack","year":"2024","unstructured":"Stack Overflow. 2024. Stack Overflow Developer Survey 2024. https:\/\/survey.stackoverflow.co\/2024\/technology"},{"key":"e_1_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.5555\/2371484.2371486"},{"key":"e_1_2_1_38_1","volume-title":"Proceedings of the summer 1990 UKUUG Conference. 1\u20139.","author":"Pike Rob","year":"1990","unstructured":"Rob Pike, Dave Presotto, Ken Thompson, and Howard Trickey. 1990. Plan 9 from bell labs. In Proceedings of the summer 1990 UKUUG Conference. 1\u20139."},{"key":"e_1_2_1_39_1","unstructured":"Kelly Price Tom May and Chris Moustakis. 1996. Slirp the PPP\/SLIP-on-terminal emulator. https:\/\/slirp.sourceforge.net"},{"key":"e_1_2_1_40_1","unstructured":"The Linuxkit Project. 2025. LinuxKit a toolkit for building custom minimal immutable Linux distributions. https:\/\/github.com\/linuxkit\/linuxkit"},{"key":"e_1_2_1_41_1","unstructured":"The XenServer Project. 2025. XenAPI. https:\/\/github.com\/xapi-project\/"},{"key":"e_1_2_1_42_1","doi-asserted-by":"publisher","unstructured":"Gabriel Radanne Thomas Gazagnaire Anil Madhavapeddy Jeremy Yallop Richard Mortier Hannes Mehnert Mindy Preston and Dave Scott. 2019. Programming Unikernels in the Large via Functor Driven Development. https:\/\/doi.org\/10.48550\/arXiv.1905.02529 10.48550\/arXiv.1905.02529","DOI":"10.48550\/arXiv.1905.02529"},{"key":"e_1_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.48550\/arXiv.2312.15035"},{"key":"e_1_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1145\/1400097.1400108"},{"key":"e_1_2_1_45_1","doi-asserted-by":"crossref","unstructured":"Kazuki Sakamoto Tomohiko Furumoto Kazuki Sakamoto and Tomohiko Furumoto. 2012. Grand central dispatch. Pro Multithreading and Memory Management for iOS and OS X 139\u2013145.","DOI":"10.1007\/978-1-4302-4117-1_6"},{"key":"e_1_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1145\/1863543.1863557"},{"key":"e_1_2_1_47_1","volume-title":"the 1st ACM OCaml Users and Developers Workshop. ACM.","author":"Scott Dave","year":"2012","unstructured":"Dave Scott, Richard Sharp, and Anil Madhavapeddy. 2012. Programming the Xen cloud using OCaml. In the 1st ACM OCaml Users and Developers Workshop. ACM."},{"key":"e_1_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.5120\/8738-2991"},{"key":"e_1_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.1145\/3408995"},{"key":"e_1_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1145\/3453483.3454039"},{"key":"e_1_2_1_51_1","volume-title":"2021 XLVII Latin American Computing Conference (CLEI). 1\u201310","author":"Spies Benedikt","year":"2021","unstructured":"Benedikt Spies and Markus Mock. 2021. An evaluation of webassembly in non-web environments. In 2021 XLVII Latin American Computing Conference (CLEI). 1\u201310."},{"key":"e_1_2_1_52_1","unstructured":"James Turnbull. 2014. The Docker Book: Containerization is the new virtualization. James Turnbull. https:\/\/dockerbook.com\/"},{"key":"e_1_2_1_53_1","unstructured":"Alexander Viro. 2001. Per-process namespaces for Linux. https:\/\/lore.kernel.org\/all\/Pine.GSO.4.21.0102242253460.24312-100000@weyl.math.psu.edu\/"},{"key":"e_1_2_1_54_1","unstructured":"Samuel Vivien Didier R\u00e9my Thomas R\u00e9fis and Gabriel Scherer. 2024. On the design and implementation of Modular Explicits. Sept. https:\/\/cambium.inria.fr\/~remy\/ocamod\/implicits.html Presented at the OCaml 2024 workshop available electronically"},{"key":"e_1_2_1_55_1","volume-title":"Proceedings of the 2008 ACM SIGPLAN workshop on ML. 3\u201312","author":"Vouillon J\u00e9r\u00f4me","year":"2008","unstructured":"J\u00e9r\u00f4me Vouillon. 2008. Lwt: a cooperative thread library. In Proceedings of the 2008 ACM SIGPLAN workshop on ML. 3\u201312."},{"key":"e_1_2_1_56_1","volume-title":"Podman in Action: Secure, rootless containers for Kubernetes, microservices, and more","author":"Walsh Daniel","unstructured":"Daniel Walsh. 2023. Podman in Action: Secure, rootless containers for Kubernetes, microservices, and more. Simon and Schuster."},{"key":"e_1_2_1_57_1","doi-asserted-by":"publisher","DOI":"10.5555\/1344209.1344210"},{"key":"e_1_2_1_58_1","doi-asserted-by":"crossref","unstructured":"Leo White Fr\u00e9d\u00e9ric Bour and Jeremy Yallop. 2015. Modular implicits. arXiv preprint arXiv:1512.01895.","DOI":"10.4204\/EPTCS.198.2"},{"key":"e_1_2_1_59_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.scico.2017.04.002"},{"key":"e_1_2_1_60_1","volume-title":"11th USENIX Workshop on Hot Topics in Cloud Computing (HotCloud 19)","author":"Young Ethan G.","unstructured":"Ethan G. Young, Pengfei Zhu, Tyler Caraza-Harter, Andrea C. Arpaci-Dusseau, and Remzi H. Arpaci-Dusseau. 2019. The True Cost of Containing: A gVisor Case Study. In 11th USENIX Workshop on Hot Topics in Cloud Computing (HotCloud 19). USENIX Association, Renton, WA. https:\/\/www.usenix.org\/conference\/hotcloud19\/presentation\/young"}],"container-title":["Proceedings of the ACM on Programming Languages"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3747525","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,5]],"date-time":"2025-08-05T16:57:31Z","timestamp":1754413051000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3747525"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,8,5]]},"references-count":60,"journal-issue":{"issue":"ICFP","published-print":{"date-parts":[[2025,8,5]]}},"alternative-id":["10.1145\/3747525"],"URL":"https:\/\/doi.org\/10.1145\/3747525","relation":{},"ISSN":["2475-1421"],"issn-type":[{"value":"2475-1421","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,8,5]]},"assertion":[{"value":"2025-02-27","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2025-06-27","order":2,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2025-08-05","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}