ARM64 + RISC-V · #![no_std] · Zero-Allocations Runtime

Find the bug
before the chip
exists.

Run real ARM64 and RISC-V guest operating systems within secure, high-assurance microkernels or bare-metal host environments. Built in pure Rust.

0.00ns

Clock Jitter

Zero_Alloc

Heap Memory

2M+

RV64 insns · 0 divergences

Apply to Partner Program View Architecture

protoxe_core::pipeline

// Inizializzazione Bus Cross-Architecture

let mut bus = CrossBus::<RISCV64, ARM64>::new();

let trace = Engine::bind(&mut bus);

[OK] Hardwired constraint layer mapped at 0x4000

> Executing verification vector... _

// High Assurance Design

Traditional Emulation Wasn't Built for High-Assurance Systems

Legacy virtualizers and monolithic dynamic translation layers introduce risks that modern critical software cannot accept.

Host Dependency

QEMU and legacy VMMs rely on standard libc, POSIX threads, and complex host OS dynamic allocations, blocking deployment inside bare-metal or microkernels.

The Determinism Gap

Dynamic JIT translation introduces runtime performance jitter. protoXE enforces absolute execution predictability through cycle-accurate structures.

✓

Memory Safety

By eliminating runtime heap allocations entirely and utilizing Rust's compile-time guarantees, the simulator is mathematically protected from guest-driven exploits.

// RISC-V RV64IM — N-Version Oracle

Two independent clean-room implementations — engine and sovereign reference executor, zero shared code — cross-validated on 2,000,000 RV64IM instructions. Every GPR compared after every instruction. Edge cases seeded: overflow, division, MIN/MAX boundary values.

── RISC-V RV64IM differential oracle ──

✅ clean: engine matched the spec-direct reference on all 2,000,000 instructions

coverage: LUI/AUIPC/JAL/JALR · branches · OP-IMM(+W) · OP(+W) · M extension (MULH*/DIV/REM)

// Zero Runtime Overhead

Composed Static Architecture

System topology is locked at compile-time. Thanks to our zero-cost trait system and $O(\log n)$ static bus routing, hardware modules like core architectures and peripherals interlock safely without dynamic pointer dispatch.

• Hot-swap CPU topologies via native Rust Generics
• Isolated MMU memory maps determined statically

src/main.rs

// Static topology locked at compile time
static mut SYSTEM_BUS: SystemBus = SystemBus::new();

fn main() {
    let mut board = Board::new(&mut SYSTEM_BUS);
    
    // Plug modules with deterministic memory map
    board.plug(CpuArm64::new(0x4000_0000)); 
    board.plug(Ram::new(0x4000_0000, 0x8000_0000)); 
    board.plug(DwUart::new(0xFEB5_0000)); 
    
    protoxe_core::boot(&mut board).expect("Boot err");
}

Built for Mission-Critical Engineering

Silicon Prototyping

Validate firmware, drivers, and custom RTOS abstractions on a digital twin months before tape-out.

High-Assurance Fuzzing

Instantiate massive matrix parallel validation nodes in sub-milliseconds without VM overhead or memory safety leakage.

Defense & Aerospace

Certify verification tooling smoothly under stringent guidelines (ISO 26262 / DO-178C) thanks to pure predictability.

// Design Partner Program

Accelerate Your Silicon Verification Loop

We are selecting a limited cohort of hardware startups and high-assurance engineering teams. Enter your work email and we'll send you our collaboration brief with contact details and next steps.

We'll send you our brief once. No newsletters, no spam. By submitting you agree to our privacy policy.

Find the bug before the chip exists.