[EMAIL PROTECTED] wrote:
>
> From: [EMAIL PROTECTED]
>
> On Mon, 19 Jul 1999, Ryan Heise wrote:
>
> >Cliff Baeseman wrote:
> >
> >> JOS is also based on a single instance JVM design. This is a very poor
> >> design in my opinion.
> >
> >It allows you to share 15 megs of system classes between applications.
> >It allows you to have one thread scheduler across all applications. It
> >allows you to have one garbage collecter and memory manager across all
> >applications. There are a few other optimizations that are possible.
>
> What about possibility of multiuser usage of such an OS (from the security
> point of view?) Or is this JOS project positioned only for client platform?
Although JJOS has a single JVM instance, each Java process runs in its
own namespace. A process cannot obtain a reference to an object or class
of another process unless that interaction is explicitly allowed. I
believe _Quinn is making changes to the JVM to safely protect processes
from one another.
The main problem is that this protection only affects Java code. Native
code can still access memory anywhere unless we implement memory
protection. If we do, JOS may start to look more like a multi-instance
JVM design or a single/multi hybrid. I would prefer that everything be
written in Java except for trusted code that must be native.
Another problem is that a flaw in JDK 1.1 allows validated code to
confuse and crash the host JVM. In a single instance JVM design, that
effectively means crashing the whole operating system. If we can
implement the solution found in JDK 1.2 this is no longer a problem.
So, the only real risk in a single instance JVM design is native code.
And native code is something I'm happy to live without. After all, it is
why I joined this project.
--
Ryan Heise
http://www.progsoc.uts.edu.au/~rheise/
_______________________________________________
Kernel maillist - [EMAIL PROTECTED]
http://jos.org/mailman/listinfo/kernel
