Hi JOS'ers,
You should be able to get some design ideas from this paper.
We'll also be releasing the code soon, as soon as we upgrade
to the current Kaffe base. Also note the second paper.
Do mail us if you have comments or want clarifications.
Processes in KaffeOS: Isolation, Resource Management, and Sharing in Java
Godmar Back, Wilson C. Hsieh, Jay Lepreau
University of Utah, Dept. of Computer Science
Technical Report UUCS-00-010
http://www.cs.utah.edu/flux/papers/kaffeos-tr00010-base.html
Abstract
Single-language runtime systems, in the form of Java virtual machines,
are widely deployed platforms for executing untrusted mobile code.
These runtimes provide some of the features that operating systems
provide: inter-application memory protection and basic system
services. They do not, however, provide the ability to isolate
applications from each other, or limit their resource consumption.
This paper describes KaffeOS, a system that provides these features
for a Java runtime. The KaffeOS architecture takes many lessons
from operating system design, such as the use of a user/kernel boundary.
The KaffeOS architecture supports the OS abstraction of a
process in a Java virtual machine. Each process executes as if it
were run in its own virtual machine, including separate garbage
collection of its own heap. The difficulty in designing KaffeOS lay
in balancing the goals of isolation and resource management against
the goal of allowing direct sharing. Overall, KaffeOS is up to 11%
slower than the JVM on which it is based, which is an acceptable
penalty for the safety that it provides. KaffeOS is substantially
slower than commercial JVMs, but exhibits much better performance
scaling in the presence of uncooperative code.
-------------------------------------------------------------------
This prior, short paper contains a key insight into Java OS design.
Drawing the Red Line in Java
Godmar Back, Wilson C. Hsieh
In Seventh IEEE Workshop on Hot Topics in Operating Systems
March 1999
http://www.cs.utah.edu/flux/papers/redline-hotos7-base.html
Abstract
Software-based protection has become a viable alternative to
hardware-based protection in systems based on languages such as
Java, but the absence of hardware mechanisms for protection has
been coupled with an absence of a user/kernel boundary. We show
why such a "red line" must be present in order for a Java virtual
machine to be as effective and as reliable as an operating system.
We discuss how the red line can be implemented using software
mechanisms, and explain the ones we use in the Java system that
we are building.
_______________________________________________
Kernel maillist - [EMAIL PROTECTED]
http://jos.org/mailman/listinfo/kernel
